diff options
Diffstat (limited to 'www/posts/atom.xml')
| -rw-r--r-- | www/posts/atom.xml | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/www/posts/atom.xml b/www/posts/atom.xml index c8a3a38..79f3a7c 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,42 @@ <id>https://davidtsadler.com/posts/atom.xml</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/index.html"/> <link rel="self" type="application/atom+xml" href="https://davidtsadler.com/posts/atom.xml"/> - <updated>2021-05-28T12:00:00Z</updated> + <updated>2021-05-29T12:00:00Z</updated> <entry> + <title type="text">Setting up a Self Hosted Git Server</title> + <id>https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html</id> + <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html"/> + <author><name>David T. Sadler.</name></author> + <published>2021-05-29T12:00:00Z</published> + <updated>2021-05-29T12:00:00Z</updated> + <content type="html"><h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +</entry><entry> <title type="text">Pre and Post Validation Hooks with Certbot</title> <id>https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html"/> |