diff options
| author | David T. Sadler <davidtsadler@googlemail.com> | 2021-05-29 22:35:33 +0100 |
|---|---|---|
| committer | David T. Sadler <davidtsadler@googlemail.com> | 2021-05-29 22:35:33 +0100 |
| commit | 079319e283b4fb903254d3fa6bb1a3bd070bd4d5 (patch) | |
| tree | a6a0b7df21ad23dd23f5ee227f4ae83e74f7e237 | |
| parent | d37759c0f2dd5a5ddcc38da0e29be134bceb7baa (diff) | |
Setting up a Self Hosted Git Server
| -rw-r--r-- | gemini/index.gmi | 2 | ||||
| -rw-r--r-- | gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi | 132 | ||||
| -rw-r--r-- | gemini/posts/git/index.gmi | 11 | ||||
| -rw-r--r-- | www/index.html | 2 | ||||
| -rw-r--r-- | www/posts/atom.xml | 36 | ||||
| -rw-r--r-- | www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html | 51 | ||||
| -rw-r--r-- | www/posts/git/atom.xml | 43 | ||||
| -rw-r--r-- | www/posts/git/index.html | 25 | ||||
| -rw-r--r-- | www/sitemap.xml | 4 |
9 files changed, 304 insertions, 2 deletions
diff --git a/gemini/index.gmi b/gemini/index.gmi index 2e71726..722f05f 100644 --- a/gemini/index.gmi +++ b/gemini/index.gmi @@ -4,6 +4,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab ## Latest Posts +=> /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server => /posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/ 2021-05-28 - Pre and Post Validation Hooks with Certbot => /posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/ 2021-05-27 - Wildcard Certificates with Let's Encrypt => /posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/ 2021-02-15 - Accessing Nextcloud With WebDAV on Arch @@ -31,6 +32,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab => /posts/arch/ Arch => /posts/gemini/ Gemini +=> /posts/git/ Git => /posts/jigsaw/ Jigsaw => /posts/laravel/ Laravel => /posts/letsencrypt/ Let's Encrypt diff --git a/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi new file mode 100644 index 0000000..9729b24 --- /dev/null +++ b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi @@ -0,0 +1,132 @@ +# Setting up a Self Hosted Git Server + +> Sat 29th May 2021 By David T. Sadler. + +I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves. + +* Installing git. +* Creating a git user. +* Setting up ssh so that I can log into the sever securely as the git user. +* Creating a test repository on the server. +* Creating a test project on my local machine. +* Pushing the test project to the git sever. + +## Installing Git + +Since its an Ubuntu server installing git is as simple as. + +```shell +$ sudo apt install git-core +``` + +## Creating a User + +The git user will serve two purposes. + +* The repositories will be stored in the user's home directory. +* The user account will contain the public ssh keys of remote users that can access the repositories. + + +```shell +$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git +``` + +* --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option. +* --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh. +* --group Creates a group that is the same name as the user. +* --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed. +* --home /home/git The home directory for the user. + +## Setting up SSH + +On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account. + +The below commands create the required .ssh directory and authorized_keys file with the correct permissions. + +```shell +$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys +``` + +Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. + +```shell +$ sudo vim /home/git/.ssh/authorized_keys +``` + +Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key. + +```shell +$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair +``` + +On my local machine I can test ssh access. + +```shell +$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access. +``` + +The message that comes back indicates that ssh is working and that the git-shell is been used. + +## Creating a Test Repository + +An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out. + +```shell +$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main +``` + +## Creating a Test Project + +Back on my local machine I can create a test project and push it to the remote server. + +```shell +$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main +``` + +I can also test that I can clone the repository. + +```shell +rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git +``` + +### Links + +=> /posts/git/ Git - Read More Posts. + +I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. + +=> mailto:david@davidtsadler.com Email david@davidtsadler.com + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/gemini/posts/git/index.gmi b/gemini/posts/git/index.gmi new file mode 100644 index 0000000..67bc17d --- /dev/null +++ b/gemini/posts/git/index.gmi @@ -0,0 +1,11 @@ +# The Home of David T. Sadler - All Posts About Git + +=> /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/www/index.html b/www/index.html index a104a2b..a66f580 100644 --- a/www/index.html +++ b/www/index.html @@ -18,7 +18,7 @@ <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/> </head> <body> - <section><h1>The Home of David T. Sadler</h1><p>Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.</p><h2>Latest Posts</h2><a href="/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/">2021-05-28 - Pre and Post Validation Hooks with Certbot</a><a href="/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/">2021-05-27 - Wildcard Certificates with Let's Encrypt</a><a href="/posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/">2021-02-15 - Accessing Nextcloud With WebDAV on Arch</a><a href="/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/">2021-02-08 - How to Host Your Own Gemini Site in the Cloud</a><a href="/posts/php/2021-01-18/installing-php-8-for-windows-10/">2021-01-18 - Installing PHP 8 for Windows 10</a><a href="/posts/laravel/2020-12-21/installing-laravel-homestead-in-arch-linux/">2020-12-21 - Installing Laravel Homestead in Arch Linux</a><a href="/posts/laravel/2020-12-14/sqlstate-hy000-2002-php-network-getaddresses-getaddrinfo-failed/">2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed</a><a href="/posts/arch/2020-09-07/installing-zsh-and-powerlevel10k-on-arch-linux/">2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux</a><a href="/posts/arch/2020-08-31/enabling-audio-in-arch-linux/">2020-08-31 - Enabling Audio in Arch Linux</a><a href="/posts/arch/2020-08-24/pacman-cheat-sheet-for-ubuntu-users/">2020-08-24 - Pacman Cheat Sheet For Ubuntu Users</a><a href="/posts/arch/2020-08-17/installing-st-dmenu-dwm-in-arch-linux/">2020-08-17 - Installing ST, DMENU and DWM in Arch Linux</a><a href="/posts/linux/2020-07-13/sudo-sorry-you-must-have-a-tty-to-run-sudo/">2020-07-13 - Sudo: sorry, you must have a tty to run sudo</a><a href="/posts/arch/2020-06-22/granting-sudo-access-to-a-user-in-arch-linux/">2020-06-22 - Granting Sudo Access to a User in Arch Linux</a><a href="/posts/arch/2020-06-15/adding-a-user-in-arch-linux/">2020-06-15 - Adding a User in Arch Linux</a><a href="/posts/netlify/2020-06-08/publishing-jigsaw-posts-with-netlify-build-hooks/">2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks</a><a href="/posts/jigsaw/2020-06-01/scheduling-posts-in-jigsaw/">2020-06-01 - Scheduling Posts in Jigsaw</a><a href="/posts/arch/2020-05-25/installing-arch-linux-on-a-thinkpad-x220/">2020-05-25 - Installing Arch Linux on a Thinkpad X220</a><a href="/posts/markdown/2020-03-30/creating-an-ebook-with-markdown/">2020-03-30 - Creating an Ebook With Markdown</a><h2>All Posts</h2><a href="/posts/">Post Archive</a><h2>Tags</h2><a href="/posts/arch/">Arch</a><a href="/posts/gemini/">Gemini</a><a href="/posts/jigsaw/">Jigsaw</a><a href="/posts/laravel/">Laravel</a><a href="/posts/letsencrypt/">Let's Encrypt</a><a href="/posts/linux/">Linux</a><a href="/posts/markdown/">Markdown</a><a href="/posts/netlify/">Netlify</a><a href="/posts/nextcloud/">Nextcloud</a><a href="/posts/php/">PHP</a><h2>Where to Find Me</h2><a href="https://github.com/davidtsadler/">GitHub</a><a href="gemini://davidtsadler.com/">Gemini Site</a><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p></section> + <section><h1>The Home of David T. Sadler</h1><p>Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.</p><h2>Latest Posts</h2><a href="/posts/git/2021-05-29/setting-up-a-self-host-git-server/">2021-05-29 - Setting up a Self Hosted Git Server</a><a href="/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/">2021-05-28 - Pre and Post Validation Hooks with Certbot</a><a href="/posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/">2021-05-27 - Wildcard Certificates with Let's Encrypt</a><a href="/posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/">2021-02-15 - Accessing Nextcloud With WebDAV on Arch</a><a href="/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/">2021-02-08 - How to Host Your Own Gemini Site in the Cloud</a><a href="/posts/php/2021-01-18/installing-php-8-for-windows-10/">2021-01-18 - Installing PHP 8 for Windows 10</a><a href="/posts/laravel/2020-12-21/installing-laravel-homestead-in-arch-linux/">2020-12-21 - Installing Laravel Homestead in Arch Linux</a><a href="/posts/laravel/2020-12-14/sqlstate-hy000-2002-php-network-getaddresses-getaddrinfo-failed/">2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed</a><a href="/posts/arch/2020-09-07/installing-zsh-and-powerlevel10k-on-arch-linux/">2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux</a><a href="/posts/arch/2020-08-31/enabling-audio-in-arch-linux/">2020-08-31 - Enabling Audio in Arch Linux</a><a href="/posts/arch/2020-08-24/pacman-cheat-sheet-for-ubuntu-users/">2020-08-24 - Pacman Cheat Sheet For Ubuntu Users</a><a href="/posts/arch/2020-08-17/installing-st-dmenu-dwm-in-arch-linux/">2020-08-17 - Installing ST, DMENU and DWM in Arch Linux</a><a href="/posts/linux/2020-07-13/sudo-sorry-you-must-have-a-tty-to-run-sudo/">2020-07-13 - Sudo: sorry, you must have a tty to run sudo</a><a href="/posts/arch/2020-06-22/granting-sudo-access-to-a-user-in-arch-linux/">2020-06-22 - Granting Sudo Access to a User in Arch Linux</a><a href="/posts/arch/2020-06-15/adding-a-user-in-arch-linux/">2020-06-15 - Adding a User in Arch Linux</a><a href="/posts/netlify/2020-06-08/publishing-jigsaw-posts-with-netlify-build-hooks/">2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks</a><a href="/posts/jigsaw/2020-06-01/scheduling-posts-in-jigsaw/">2020-06-01 - Scheduling Posts in Jigsaw</a><a href="/posts/arch/2020-05-25/installing-arch-linux-on-a-thinkpad-x220/">2020-05-25 - Installing Arch Linux on a Thinkpad X220</a><a href="/posts/markdown/2020-03-30/creating-an-ebook-with-markdown/">2020-03-30 - Creating an Ebook With Markdown</a><h2>All Posts</h2><a href="/posts/">Post Archive</a><h2>Tags</h2><a href="/posts/arch/">Arch</a><a href="/posts/gemini/">Gemini</a><a href="/posts/git/">Git</a><a href="/posts/jigsaw/">Jigsaw</a><a href="/posts/laravel/">Laravel</a><a href="/posts/letsencrypt/">Let's Encrypt</a><a href="/posts/linux/">Linux</a><a href="/posts/markdown/">Markdown</a><a href="/posts/netlify/">Netlify</a><a href="/posts/nextcloud/">Nextcloud</a><a href="/posts/php/">PHP</a><h2>Where to Find Me</h2><a href="https://github.com/davidtsadler/">GitHub</a><a href="gemini://davidtsadler.com/">Gemini Site</a><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p></section> <script defer src="/js/highlight.min.js"></script> <script defer src="/js/site.js"></script> </body> diff --git a/www/posts/atom.xml b/www/posts/atom.xml index c8a3a38..79f3a7c 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,42 @@ <id>https://davidtsadler.com/posts/atom.xml</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/index.html"/> <link rel="self" type="application/atom+xml" href="https://davidtsadler.com/posts/atom.xml"/> - <updated>2021-05-28T12:00:00Z</updated> + <updated>2021-05-29T12:00:00Z</updated> <entry> + <title type="text">Setting up a Self Hosted Git Server</title> + <id>https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html</id> + <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html"/> + <author><name>David T. Sadler.</name></author> + <published>2021-05-29T12:00:00Z</published> + <updated>2021-05-29T12:00:00Z</updated> + <content type="html"><h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +</entry><entry> <title type="text">Pre and Post Validation Hooks with Certbot</title> <id>https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html"/> diff --git a/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html b/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html new file mode 100644 index 0000000..81bfebc --- /dev/null +++ b/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html @@ -0,0 +1,51 @@ +<!doctype html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <title>Setting up a Self Hosted Git Server</title> + <link rel="shortcut icon" href="/images/favicon.png"> + <link rel="stylesheet" href="/css/site.css"> + <link href="/posts/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts"/> + <link href="/posts/arch/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Arch"/> + <link href="/posts/gemini/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Gemini"/> + <link href="/posts/jigsaw/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Jigsaw"/> + <link href="/posts/laravel/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Laravel"/> + <link href="/posts/linux/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Linux"/> + <link href="/posts/markdown/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Markdown"/> + <link href="/posts/netlify/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Netlify"/> + <link href="/posts/nextcloud/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Nextcloud"/> + <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/> + </head> + <body> + <section><h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> + <script defer src="/js/highlight.min.js"></script> + <script defer src="/js/site.js"></script> + </body> +</html> diff --git a/www/posts/git/atom.xml b/www/posts/git/atom.xml new file mode 100644 index 0000000..69e1abf --- /dev/null +++ b/www/posts/git/atom.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="utf-8"?> +<feed xmlns="http://www.w3.org/2005/Atom"> + <title type="text">The Home of David T. Sadler - All Posts About Git</title> + <id>https://davidtsadler.com/posts/git/atom.xml</id> + <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/git/index.html"/> + <link rel="self" type="application/atom+xml" href="https://davidtsadler.com/posts/git/atom.xml"/> + <updated>2021-05-29T12:00:00Z</updated> + <entry> + <title type="text">Setting up a Self Hosted Git Server</title> + <id>https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html</id> + <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html"/> + <author><name>David T. Sadler.</name></author> + <published>2021-05-29T12:00:00Z</published> + <updated>2021-05-29T12:00:00Z</updated> + <content type="html"><h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +</entry> +</feed>
\ No newline at end of file diff --git a/www/posts/git/index.html b/www/posts/git/index.html new file mode 100644 index 0000000..a327641 --- /dev/null +++ b/www/posts/git/index.html @@ -0,0 +1,25 @@ +<!doctype html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <title>The Home of David T. Sadler - All Posts About Git</title> + <link rel="shortcut icon" href="/images/favicon.png"> + <link rel="stylesheet" href="/css/site.css"> + <link href="/posts/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts"/> + <link href="/posts/arch/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Arch"/> + <link href="/posts/gemini/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Gemini"/> + <link href="/posts/jigsaw/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Jigsaw"/> + <link href="/posts/laravel/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Laravel"/> + <link href="/posts/linux/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Linux"/> + <link href="/posts/markdown/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Markdown"/> + <link href="/posts/netlify/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Netlify"/> + <link href="/posts/nextcloud/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Nextcloud"/> + <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/> + </head> + <body> + <section><h1>The Home of David T. Sadler - All Posts About Git</h1><a href="/posts/git/2021-05-29/setting-up-a-self-host-git-server/">2021-05-29 - Setting up a Self Hosted Git Server</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> + <script defer src="/js/highlight.min.js"></script> + <script defer src="/js/site.js"></script> + </body> +</html> diff --git a/www/sitemap.xml b/www/sitemap.xml index 13e5880..5a714ab 100644 --- a/www/sitemap.xml +++ b/www/sitemap.xml @@ -1,6 +1,10 @@ <?xml version="1.0" encoding="utf-8"?> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"> <url> + <loc>https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html</loc> + <lastmod>2021-05-29T12:00:00Z</lastmod> + <changefreq>never</changefreq> +</url><url> <loc>https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html</loc> <lastmod>2021-05-28T12:00:00Z</lastmod> <changefreq>never</changefreq> |