enricorossi.org

Enrico Rossi


Git public and private server setup

Following a thread among friends on Git hosting problems, I have decided to write about my git installation in order to make some of my repositories publicly available, other shared and other private for restricted use among developers.

Public available git area.

Create a directory in your webserver and make it accessible by the web as a simple folder or an alias (almost any server comes with a default configuration which shares the /var/www directory).

I’ll take as an example the /var/www/git directory. Take care of access permission for the http server’s daemon. It has to read access to the directory.

In the shared directory create your git project’s directory, initialize a bare git repository and enable the post-update hook.

umask 002 # Make files/directory writable to the group.
cd /var/www
mkdir git
cd git
mkdir myfirstprj.git
cd myfirstprj.git
git init --bare --shared
cd hooks

if your git version is recent

mv post-update.sample post-update

else

chmod +x post-update

eventually you can edit the description file to something more indicative of the project.

Remember that at this point the git project is empty, first you need to push something into it in order to make it available for cloning.

Push something into the public repository.

You have your local copy of the myfirstprj and you wish to make it public, first we need to add the remote repository’s link into your local project.

cd myfirstprj
git remote add origin ssh://<myserver>/var/www/git/myfirstprj.git

You can now push everything or just some branch (like master), with or without tags (see git push –help for more info).

git push origin master

at this point clients can clone the repository.

To clone the project from a client just point to the URL of the folder.

git clone http://<myweburl>/git/myfirstprj.git

You can install the gitweb tool to make your repositories browsable from the net (see my blog on my gitweb installation).

But still you need to keep track of the remote repository in order to simply push/pull updates.

git branch --set-upstream master origin/master

This will make branch master set up to track remote branch master from origin (as stated in the response of the command).

More than one developer allowed to push into the repository.

This can be possible with the git-shell login shell. You can find many detailed example on the web, in short:

Create a user/group which has write access to the git directory you want to share.

Use the git-shell as the login shell for this user and sets his home directory to the directory which contains all the git subdirectory to share. It will take care of restrict the user access only to it’s home directory and execute only the git command in that directory.

Create the .ssl subdirectory in the home directory of the user, with all the authorized key of the developers you want to give write access to the repository.

Now these developers can use the ssh access to clone the project with writable access.

Non public shared repository.

Setup the repository on the server in a non-public directory, not reachable by web or other clients. Make the ownership and permission on that directory to give access only to the git user for the project, than follow the previous step in order to use ssh with git-shell.