Private git repo

Posted by Antoine Joubert on Sun 31 January 2016

Introduction

I've decided to migrate this blog to Pelican. I've been playing around with it over the week-end, and it turns out to be way easier to manage than Jekyll. Themes are way easier to install and configure, so it ends up looking better as well !

Since I'm basically recreating this blog from scratch, I've decided to delete the old git repo that was hosting it, and to create a new one.

Setting up your own private git repo is pretty easy to achieve and is already well-documented on the Git website.

However, since every time I want to create a new repo , I end up have to look for that page since I've had time to forget how to do it, I figured I'd write a few lines on the subject.

In this tutorial, I'll configure a git repo on a distant server running Debian 8 (Jessie). This repo will be remotely accessible using SSH. Two users will be able to connect to it : me and the www-data user on my webserver.

SSH keys

If you don't have one already, you'll need a ssh-key to connect to the git repo.

On your computer, in a shell, as your usual user :

ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/id_rsa.pub.
The key fingerprint is:
[Redacted]

For security reasons, configuring a passphrase is recommanded. On Mac OS X and most desktop environnements on Linux, you can store this passphrase for the duration of your session using the ssh-add command.

On the server, we also have to create a ssh-key for the user that is running our webserver (you'll need to have sudo installed on your server) :

sudo -H -u www-data ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key (/var/www/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/www/.ssh/id_rsa.
Your public key has been saved in /var/www/.ssh/id_rsa.pub.
The key fingerprint is:
[Redacted]

If you decide to configure a passphrase for that ssh-key, you'll have to type it every time you'll want to pull from your repo.

Server management

First thing first, we have to install the git package on the server that will be hosting the git repo :

apt update && apt install git -y

Then, we will create a user named git :

useradd -s /usr/bin/git-shell -m -r git

This will create a system user (UID < 1000) with a /home/git home directory. If you want to host your git repos somewhere else on your filesystem, you should add a -d /home/directory/for/git in the previous command.

This user will also use the git-shell shell. This limits remote connection to that user to git commands (like the rssh shell can limit remote connection to a user to scp or rsync commands).

We have to configure our system to allow the use of this shell :

echo '/usr/bin/git-shell' >> /etc/shells

We now need to create the .ssh/authorized_keys file for the git user with the correct permissions :

sudo -H -u git mkdir /home/git/.ssh && chmod 700 /home/git/.ssh
sudo -H -u git touch /home/git/.ssh/authorized_keys && chmod 600 /home/git/.ssh/authorized_keys

You can now copy the content of the two $HOME/.ssh/id_rsa.pub files we've created earlier using the ssh-keygen command in /home/git/.ssh/authorized_keys.

The last thing we have to do is to create our first git repo. In this example, my project will be called 'captainarknet' as it will be hosting this blog :

sudo -H -u git mkdir /home/git/captainarknet.git
cd /home/git/captainarknet.git
sudo -H -u git git init --bare

The last command should give you the following output :

Initialized empty Git repository in /home/git/captainarknet.git/.git/

We're done with the server configuration. Let's now actually push stuff to our repo !

Initial push

The files for my blog are store in the ~/Documents/projects/captainarknet on my computer. Before doing anything else, we first have to make sure that we currently are in that folder :

cd ~/Documents/projects/captainarknet

Let's now push the content of that folder to our repo :

git init
git add .
git commit -m 'initial commit'
git remote add origin git@git.captainark.net:captainarknet.git
git push origin master


Comments !