diff options
Diffstat (limited to 'gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi')
| -rw-r--r-- | gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi new file mode 100644 index 0000000..9729b24 --- /dev/null +++ b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi @@ -0,0 +1,132 @@ +# Setting up a Self Hosted Git Server + +> Sat 29th May 2021 By David T. Sadler. + +I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves. + +* Installing git. +* Creating a git user. +* Setting up ssh so that I can log into the sever securely as the git user. +* Creating a test repository on the server. +* Creating a test project on my local machine. +* Pushing the test project to the git sever. + +## Installing Git + +Since its an Ubuntu server installing git is as simple as. + +```shell +$ sudo apt install git-core +``` + +## Creating a User + +The git user will serve two purposes. + +* The repositories will be stored in the user's home directory. +* The user account will contain the public ssh keys of remote users that can access the repositories. + + +```shell +$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git +``` + +* --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option. +* --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh. +* --group Creates a group that is the same name as the user. +* --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed. +* --home /home/git The home directory for the user. + +## Setting up SSH + +On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account. + +The below commands create the required .ssh directory and authorized_keys file with the correct permissions. + +```shell +$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys +``` + +Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. + +```shell +$ sudo vim /home/git/.ssh/authorized_keys +``` + +Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key. + +```shell +$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair +``` + +On my local machine I can test ssh access. + +```shell +$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access. +``` + +The message that comes back indicates that ssh is working and that the git-shell is been used. + +## Creating a Test Repository + +An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out. + +```shell +$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main +``` + +## Creating a Test Project + +Back on my local machine I can create a test project and push it to the remote server. + +```shell +$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main +``` + +I can also test that I can clone the repository. + +```shell +rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git +``` + +### Links + +=> /posts/git/ Git - Read More Posts. + +I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. + +=> mailto:david@davidtsadler.com Email david@davidtsadler.com + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. |