5.5 KiB
Title: Private git repo Date: 2016-01-31 Category: Tutorial
Introduction
I've decided to migrate this blog to Pelican. I've been playing around with it over the week-end, and it turns out to be way easier to manage than Jekyll. Themes are way easier to install and configure, so it ends up looking better as well !
Since I'm basically recreating this blog from scratch, I've decided to delete the old git repo that was hosting it, and to create a new one.
Setting up your own private git repo is pretty easy to achieve and is already well-documented on the Git website.
However, since every time I want to create a new repo , I end up have to look for that page since I've had time to forget how to do it, I figured I'd write a few lines on the subject.
In this tutorial, I'll configure a git repo on a distant server running Debian 8 (Jessie). This repo will be remotely accessible using SSH. Two users will be able to connect to it : me and the www-data user on my webserver.
SSH Keys
If you don't have one already, you'll need a ssh-key to connect to the git repo.
On your computer, in a shell, as your usual user :
ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/id_rsa.pub.
The key fingerprint is:
[Redacted]
For security reasons, configuring a passphrase is recommanded. On Mac OS X and most desktop environnements on Linux, you can store this passphrase for the duration of your session using the ssh-add command.
On the server, we also have to create a ssh-key for the user that is running our webserver (you'll need to have sudo installed on your server) :
sudo -H -u www-data ssh-keygen -t rsa -b 3072
Generating public/private rsa key pair.
Enter file in which to save the key (/var/www/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/www/.ssh/id_rsa.
Your public key has been saved in /var/www/.ssh/id_rsa.pub.
The key fingerprint is:
[Redacted]
If you decide to configure a passphrase for that ssh-key, you'll have to type it every time you'll want to pull from your repo.
Server management
First thing first, we have to install the git package on the server that will be hosting the git repo :
apt update && apt install git -y
Then, we will create a user named git :
useradd -s /usr/bin/git-shell -m -r git
This will create a system user (UID < 1000) with a /home/git home directory. If you want to host your git repos somewhere else on your filesystem, you should add a -d /home/directory/for/git in the previous command.
This user will also use the git-shell shell. This limits remote connection to that user to git commands (like the rssh shell can limit remote connection to a user to scp or rsync commands).
We have to configure our system to allow the use of this shell :
echo '/usr/bin/git-shell' >> /etc/shells
We now need to create the .ssh/authorized_keys file for the git user with the correct permissions :
sudo -H -u git mkdir /home/git/.ssh && chmod 700 /home/git/.ssh
sudo -H -u git touch /home/git/.ssh/authorized_keys && chmod 600 /home/git/.ssh/authorized_keys
You can now copy the content of the two $HOME/.ssh/id_rsa.pub files we've created earlier using the ssh-keygen command in /home/git/.ssh/authorized_keys.
The last thing we have to do is to create our first git repo. In this example, my project will be called 'captainarknet' as it will be hosting this blog :
sudo -H -u git mkdir /home/git/captainarknet.git
cd /home/git/captainarknet.git
sudo -H -u git git init --bare
The last command should give you the following output :
Initialized empty Git repository in /home/git/captainarknet.git/.git/
We're done with the server configuration. Let's now actually push stuff to our repo !
Initial push
The files for my blog are store in the ~/Documents/projects/captainarknet on my computer. Before doing anything else, we first have to make sure that we currently are in that folder :
cd ~/Documents/projects/captainarknet
Let's now push the content of that folder to our repo :
git init
git add .
git commit -m 'initial commit'
git remote add origin git@git.captainark.net:captainarknet.git
git push origin master
Please note that you'll need to edit git.captainark.net to the FQDN or IP of your git server, and captainarknet.git to the name of the git project on your server.
If everything went well, the last command should give you the following output :
Counting objects: 69, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (64/64), done.
Writing objects: 100% (69/69), 1.01 MiB | 0 bytes/s, done.
Total 69 (delta 15), reused 0 (delta 0)
To git@git.captainark.net:captainarknet.git
* [new branch] master -> master
Thats'it, we've now pushed our first commit to our server !
First pull
Alright, time to pull the files we've just pushed on our webserver. I personally store my web content in /var/www ; if you don't, you'll have to adjust the path accordingly :
cd /var/www
sudo -H -u www-data git pull git@git.captainark.net:captainarknet.git