Title: Private git repo Date: 2016-01-31 Category: Tutorial ## Introduction I've decided to migrate this blog to [Pelican](http://blog.getpelican.com/). I've been playing around with it over the week-end, and it turns out to be way easier to manage than [Jekyll](https://jekyllrb.com/). Themes are way easier to install and configure, so it ends up looking better as well ! Since I'm basically recreating this blog from scratch, I've decided to delete the old git repo that was hosting it, and to create a new one. Setting up your own private git repo is pretty easy to achieve and is already well-documented on the [Git](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) website. However, since every time I want to create a new repo , I end up have to look for that page since I've had time to forget how to do it, I figured I'd write a few lines on the subject. In this tutorial, I'll configure a git repo on a distant server running Debian 8 (Jessie). This repo will be remotely accessible using SSH. Two users will be able to connect to it : me and the www-data user on my webserver. ## SSH Keys If you don't have one already, you'll need a ssh-key to connect to the git repo. On your computer, in a shell, as your usual user : ```bash ssh-keygen -t rsa -b 3072 Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/id_rsa.pub. The key fingerprint is: [Redacted] ``` For security reasons, configuring a passphrase is recommanded. On Mac OS X and most desktop environnements on Linux, you can store this passphrase for the duration of your session using the `ssh-add` command. On the server, we also have to create a ssh-key for the user that is running our webserver (you'll need to have sudo installed on your server) : ```bash sudo -H -u www-data ssh-keygen -t rsa -b 3072 Generating public/private rsa key pair. Enter file in which to save the key (/var/www/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/www/.ssh/id_rsa. Your public key has been saved in /var/www/.ssh/id_rsa.pub. The key fingerprint is: [Redacted] ``` If you decide to configure a passphrase for that ssh-key, you'll have to type it every time you'll want to pull from your repo. ## Server management First thing first, we have to install the git package on the server that will be hosting the git repo : ```bash apt update && apt install git -y ``` Then, we will create a user named git : ```bash useradd -s /usr/bin/git-shell -m -r git ``` This will create a system user (UID < 1000) with a /home/git home directory. If you want to host your git repos somewhere else on your filesystem, you should add a `-d /home/directory/for/git` in the previous command. This user will also use the git-shell shell. This limits remote connection to that user to git commands (like the rssh shell can limit remote connection to a user to scp or rsync commands). We have to configure our system to allow the use of this shell : ```bash echo '/usr/bin/git-shell' >> /etc/shells ``` We now need to create the .ssh/authorized_keys file for the git user with the correct permissions : ```bash sudo -H -u git mkdir /home/git/.ssh && chmod 700 /home/git/.ssh sudo -H -u git touch /home/git/.ssh/authorized_keys && chmod 600 /home/git/.ssh/authorized_keys ``` You can now copy the content of the two $HOME/.ssh/id_rsa.pub files we've created earlier using the `ssh-keygen` command in /home/git/.ssh/authorized_keys. The last thing we have to do is to create our first git repo. In this example, my project will be called 'captainarknet' as it will be hosting this blog : ```bash sudo -H -u git mkdir /home/git/captainarknet.git cd /home/git/captainarknet.git sudo -H -u git git init --bare ``` The last command should give you the following output : ```bash Initialized empty Git repository in /home/git/captainarknet.git/.git/ ``` We're done with the server configuration. Let's now actually push stuff to our repo ! ### Initial push The files for my blog are store in the ~/Documents/projects/captainarknet on my computer. Before doing anything else, we first have to make sure that we currently are in that folder : ```bash cd ~/Documents/projects/captainarknet ``` Let's now push the content of that folder to our repo : ```bash git init git add . git commit -m 'initial commit' git remote add origin git@git.captainark.net:captainarknet.git git push origin master ``` Please note that you'll need to edit **git.captainark.net** to the FQDN or IP of your git server, and **captainarknet.git** to the name of the git project on your server. If everything went well, the last command should give you the following output : ```bash Counting objects: 69, done. Delta compression using up to 4 threads. Compressing objects: 100% (64/64), done. Writing objects: 100% (69/69), 1.01 MiB | 0 bytes/s, done. Total 69 (delta 15), reused 0 (delta 0) To git@git.captainark.net:captainarknet.git * [new branch] master -> master ``` Thats'it, we've now pushed our first commit to our server ! ## First pull Alright, time to pull the files we've just pushed on our webserver. I personally store my web content in /var/www ; if you don't, you'll have to adjust the path accordingly : ```bash cd /var/www sudo -H -u www-data git pull git@git.captainark.net:captainarknet.git ``` ## Conclusion