GithubHelp home page GithubHelp logo

docker-git-server's Introduction

Docker SSH with Git ACL Shell

A docker container for serving git repositories over SSH using a Git shell that implements per-repository access control similar to Gitlab Shell but without dependencies on the Gitlab server.

Install prerequisites

You need docker. You also need to set the registry and log in:

export DOCKER_REGISTRY=registry.replicated.com
docker login [email protected] --password=........ ${DOCKER_REGISTRY}

Build the image

# Make sure everything is committed - we'll use the git sha to tag the image
./scripts/docker-build

Run the container

./scripts/docker-run

The first time you run this you should see host keys being generated into the host file system - take a look in ./data/etc/ssh/host-keys

When you start the container on a Linux machine you should most likely pass --user 2000 to docker run. We didn't default to USER 2000 in the Dockerfile because it's a hassle on OS X.

Archive repositories

The image has a built-in script that creates a .git.tgz archive for every git repo. This can be run from the host's command line:

./scripts/docker-run archive-git-repos

Restore repositories

Git repository archives stored in the archive volume (/srv/git/archives) are automatically restored when the container starts. Existing repositories are overwritten. Archives are deleted after a successful restore.

This prevents accidental overwriting of repositories after a second restart.

Publish the image

# Make sure everything is committed...
./scripts/docker-push

Remove old authorized keys

ssh-keygen -R [0.0.0.0]:2222

Add your public key

We're going to add the key specifying a command to run (git_acl_shell) when an SSH connection is established.

echo -n 'command="git-acl-shell some-account-uid http://localhost:99999",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ' > data/home/git/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> data/home/git/.ssh/authorized_keys

Under normal use, this line would be added by an application managing users' keys.

Create a repo

git init --bare data/home/git/test-repo.git

Clone a repo over SSH

git clone ssh://[email protected]:2222/home/git/test-repo.git

Security

Try this:

ssh -p 2222 [email protected]

You should be told interactive access is disallowed

Upgrade the gem

Update Dockerfile to reference a new version of git_acl_shell (it's open source).

docker-git-server's People

Contributors

aslakhellesoy avatar jbpros avatar tooky avatar

Watchers

Matt Wynne avatar Josh Chisholm avatar avatar Romain Gérard avatar James Cloos avatar Seb Rose avatar Cucumber Bot avatar Theo avatar

docker-git-server's Issues

Shell does not give a good error message on interactive SSH sessions or illegal commands

Try this:

ssh [email protected]

Output:

PTY allocation request failed on channel 0
/usr/lib/ruby/2.3.0/shellwords.rb:81:in `shellsplit': undefined method `scan' for nil:NilClass (NoMethodError)
	from /usr/lib/ruby/gems/2.3.0/gems/git_acl_shell-1.0.0/lib/git_acl_shell/shell.rb:19:in `exec'
	from /usr/lib/ruby/gems/2.3.0/gems/git_acl_shell-1.0.0/exe/git-acl-shell:19:in `<top (required)>'
	from /usr/bin/git-acl-shell:22:in `load'
	from /usr/bin/git-acl-shell:22:in `<main>'
Connection to git.cucumber.pro closed.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.