I tried to install Nexus 1.9.2.2 OSS on my Tomcat 7.0.20 with the new Oracle JDK 7. This was not a big success. Ok first of all make sure to use the unpacked version of the nexus war or else it wont be able to find the NEXUS_PLEXUS_WORK environment variable.

Second, you need to patch the unpacked war. Strip out the xstream-1.3 and add the latest snapshot. Also add the latest xmlpull.org API jar to the WEB-INF/lib of the unpacked nexus war.

More info see this JIRA ticket.

DVCS

Distributed version control systems gained a lot of attention over the last few years. There are many hosting providers that offer free DVCS space on the web. But there are situations that you want to run your own private DVCS server and do not want use a publicly and open DVCS like Gitorious, Github or BitBucket. Of-course you can always buy a commercial offering for a private DVCS solution.

The nice thing about a DVCS is that there is not one version, there are multiple ‘versions’ of a source tree. But at some point you do want a central location to store your (releases) sources. In this article I will explain how to setup a Git server on a Windows machine using Apache to server Git request over HTTP.

If you want to know more, Atlassian has an excellent presentation on DVCS, recorded at the Atlassian Summit last June. And Linus Torvalds talk on Git is worth your time: http://www.youtube.com/watch?v=4XpnKHJAok8

msysgit

You will need to install msysgit, I used version msysGit-fullinstall-1.7.6-preview20110708.exe. On my machine I installed msysgit to D:/dev/msysgit

Repositories

Create a directory that contains your Git repositories, for example: D:/dev/repo/git. To get you started, go to the directory and create an empty Git repository.

cd D:/dev/repo/git
git init --bare Test.git

Apache configuration

In this tutorial I use Apache 2.2.19. You need to setup git-http-backend.exe in order to serve Git through Apache. First copy ..\msysgit\mingw\bin\libiconv-2.dll to ..\msysgit\libexec\git-core or else you will get a 500 error from Apache. To test if your setup works run ..\msysgit\libexec\git-core\git-http-backend.exe

Add the following to your Apache conf\httpd.conf:

SetEnv GIT_PROJECT_ROOT D:/dev/repo/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[Apache Git server on Windows^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
                        "D:/dev/msysgit/libexec/git-core/git-http-backend.exe/$1"

I also made the Apache DocumentRoot point to my Git repos:

DocumentRoot "D:/dev/repo/git"

<Directory "D:/dev/repo/git">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

The result:

Using the repo

You can create a local copy of this git repo using the clone command.

git clone http://localhost/Test.git

Warning

Make sure that you setup authentication if you do not want your sources to become publicly available. This can be done using the regular Apache authentication modules.

Links

Many thanks to: http://www.jeremyskinner.co.uk/2010/07/31/hosting-a-git-server-under-apache-on-windows/

Finally a Hudson version that supports Maven 3! Olivier Lamy has put out a version on his site as a Christmas present:

Version 1.389 was release on 24th of december and is still a snapshot version. I tried version 1.389 with Maven 3.0.1 and seems to be working fine. Now I can safely abandon Maven 2

Also make sure to check out the Maven3 support for Hudson @ hudson-ci.org.

This week I learned the hard way that you have to watch out with apache mod_proxy, especially when you are using the option ProxyRequests On and ProxyPass, my Apache server was being abused as a proxy!

What happened?

Last week I noticed that my Apache access.log was growing rapidly, 400MB each day?! Looking at the log file it had only entries with requests for unknow URLs and my server replied with a HTTP 200 response, NOT GOOD! My Apache server was being abused as a proxy for other sites, argh! I did some research and found that my server was totally open for abuse. Mainly due to my lacking knowledge of Apache`s mod_proxy.

How to test if your server can be abused?

To test if your Apache server is abusable, open the command prompt and run telnet:

telnet yoursite.example.com 80

Paste the following to the telnet console and press enter twice, retrieving content from yahoo? Read on!

GET http://www.yahoo.com/ HTTP/1.1
Host: www.yahoo.com

Securing your Apache server

Start with limiting global mod_proxy access. Add the following fragment to your httpd.conf:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

# Disable proxy requests, using ProxyPass in vhost
ProxyRequests Off

# Block all requests
<Proxy *>
  Order deny,allow
  Deny from all
</Proxy>

This denies proxy access for all incoming requests. Your server is not accepting proxy requests anymore. Now we can explicitly open proxy requests for virtual_hosts that need to do proxying. For example, I run another internal server that needs to be exposed to the outside world via my Apache server.

In my httpd-vhosts.conf I created a default vhost that blocks all requests that do not target a vhost that I have defined.

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName default.only
  <Location />
    Order allow,deny
    Deny from all
  </Location>
</VirtualHost>

Now open up proxing of requests for vhosts that require this:

<VirtualHost *:80>

    ServerName my.server.com
		
   <Proxy *>
	Order deny,allow
	Allow from all
   </Proxy>
	
   ProxyPass / http://internal.server:8085/
   ProxyPassReverse / http://internal.server:8085/

</VirtualHost>

For the virtualhost my.server.com the request are being proxied to the internal server. All other requests are now being blocked.

Conclusion

Make sure you really know what you are doing when using mod_proxy. Make sure to avoid ProxyRequest On because you almost never need this in your toplevel configuration. Also read the links below and secure your server properly!

ProxyAbuse: http://wiki.apache.org/httpd/ProxyAbuse
mod_proxy documentation: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

In a previous post I wrote that Tomcat 7 is just around the corner. As of now the final version of Tomcat 7 final can be downloaded. The official Apache Tomcat site has not yet been updated yet.

Tomcat 7 can be found on the Apache space of Mark Thomas: http://people.apache.org/~markt/dev/tomcat-7/v7.0.0/. Mark Thomas, a member of the Apache Tomcat Project Management Committee.

Changelog: http://svn.eu.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml