/ server

Hosting git - the right way

Remember this old post? Nope. Don't worry, this time I'll show the correct way how to host git repositories with access controls on a linux server.

Why am I writing about this topic? Because version control matters. You should ALWAYS use git for your projects, and store your important data on a backup storage. You can always register and pay for an online provider to host your repositories, but I already have some Amazon EC2 instances, so I am using one of those to keep my private stuff there. This is a cheap way to have a linux server, because the micro instance is free for a year, after that it's about $20/month (You'll get root access with all the goodies...).

Anyway, in the past I was just installing git, I've created some bare repos, and a linux user with a key-pair access to the server. That was a horrible idea. Lately I wanted to have a better user management system with per-repository (or branch) access, so I searched for a better solution.

Gitolite

Gitolite allows you to setup git hosting on a central server, with fine-grained access control and many more powerful features.

Sounds perfect. Let's go do the basic setup:

Create a git user - to host all the repos
(on your server)

sudo adduser git
sudo su git
cd
mkdir .ssh && chmod 700 .ssh
touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys

Create a key-pair for your git user
(on your local machine)

ssh-keygen -t rsa -b 4096 -C "admin@example.com"

This will generate two files, a public and a private key. Copy your public key to the server to /home/git/admin.pub (Don't use your existing ssh key, gitolite won't accept it for security reasons, so please create a new one and save it under a name like admin or gitolite.)

Install gitolite
(on your server)

mkdir bin
sudo nano /etc/environment
#append:
#PATH="<original_path>:/home/git/bin"
#add:
#LC_ALL=en_US.UTF-8
#LANG=en_US.UTF-8
#save

git clone git://github.com/sitaramc/gitolite
gitolite/install -ln
gitolite setup -pk ~/admin.pub
rm ~/admin.pub

Clone the gitolite admin repo
(on your local machine)

Before you start cloning, it's useful to setup the default credentials for your host. In order to do that, just edit - or create - your .ssh/config file:

Host          gitserver
HostName      example.com
User          git
IdentityFile  ~/.ssh/admin

Now you can clone just like this (the system will resolve gitserver as git@example.com and it will use your private key as the identity file):

git clone gitserver:gitolite-admin

Managing gitolite users and permissions is very easy. You just have to create a new file under the keydir folder to create a new user. The user name will be identical to the file name which contains the key. If you want to edit the access levels you just have to edit the conf/gitolite.conf file. I don't want to get into the details, you can find good instructions about the gitolite config syntax here. After you finish, (git) push your changes to the server, this way gitolite will know about the new rules.

Creating new repositories
(on your server)

sudo su git
cd repositories
mkdir <project>.git  
cd <project>.git  
git init --bare  
gitolite setup

Now you are ready to clone your brand new repository, but before you do so, don't forget to configure the access levels inside your gitolite-admin repo.

The good thing in gitolite is that you can give access on a per-branch basis so for example you will be the only one who can merge pull requests to the dev branch, but all other coworkers can only work on their personal branches. You can read more about this setup here. If you need more help, you should read the official docs on git-scm.com, or you can go to gitolite official.