Git server

From ArchWiki

This article gives an overview on how to host a Git server. For more information, refer to the Git on the Server chapter of the Pro Git book.

Protocols

Refer to Git on the Server - The Protocols for a detailed description along with pros and cons.

General

Step by Step Guide on Setting Up git Server describes setting up an unsecured server on Arch.

By default, the git user is expired ("Your account has expired; please contact your system administrator"). Use chage to remove the expiration condition, e.g. as follows: 

chage -E -1 git

SSH

You only need to set up an SSH server.

You are able to secure the SSH user account even more allowing only push and pull commands on this user account. This is done by replacing the default login shell by git-shell. Described in Setting Up the Server.

When securing the git server created using the instructions in #General with the instructions of this clause (#SSH), the following additional steps are needed on Arch:

  1. Change the home directory: In order for ssh to be able to read /srv/git/.ssh/authorized_keys, the home directory for git in /etc/passwd needs to be changed from / to /srv/git.
  2. Change the base path when home directory is corrected: In order for git to serve the repositories, the --base-path in git-daemon\@.service need to be changed to /srv/git if the repositories are served from git's home directory.

Smart HTTP

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: There are many web servers with CGI support. (Discuss in Talk:Git server)

The git-http-backend(1) is a CGI program, allowing efficient cloning, pulling and pushing over HTTP(S).

Apache

The setup for this is rather simple as all you need to have installed is the Apache HTTP Server, with mod_cgi, mod_alias, and mod_env enabled) and of course, git.

Once you have your basic setup running, add the following to your Apache configuration file, which is usually located at: 

/etc/httpd/conf/httpd.conf
<Directory "/usr/lib/git-core">
    Require all granted
</Directory>
 
SetEnv GIT_PROJECT_ROOT /srv/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/

This assumes your Git repositories are located at /srv/git and that you want to access them via something like: http(s)://your_address.tld/git/your_repo.git.

Note: Make sure that Apache can read and write to your repositories.

For more detailed documentation, visit the following links:

Git

The Git protocol is not encrypted or authenticated, and only allows read access.

The Git daemon (git-daemon(1)) can be started with git-daemon.socket.

The service uses the --export-all and --base-path parameters to serve all repositories placed in /srv/git/.

Access control

For fine-grained access control, the following solutions are available:

  • Gitolite — An access control layer on top of Git, written in Perl.
https://github.com/sitaramc/gitolite || gitolite
  • Gitosis — Software for hosting Git repositories, written in Python.
https://github.com/tv42/gitosis || gitosis-gitAUR

Note that if you are willing to create user accounts for all of the people that should have access to the repositories and do not need access control at the level of git objects (like branches), you can also use standard file permissions for access control.[1]

Web interfaces

Simple web applications

  • Gitweb — the default web interface that comes with Git
  • cgit — A web interface for git written in plain C.
https://git.zx2c4.com/cgit/ || cgit

Advanced web applications

  • Gitea — Painless self-hosted Git service. Community managed fork of Gogs.
https://gitea.io || gitea
  • GitLab — Project management and code hosting application, written in Ruby.
https://gitlab.com/gitlab-org/gitlab-ce || gitlab
  • Gogs — Self Hosted Git Service, written in Go.
https://gogs.io || gogsAUR