Debian 8 - Create A Private Centralized Git Server

Install Git

sudo apt-get update
sudo apt-get install git -y

Creating Our Users and Repos

Any user that is going to be allowed to use our repositories needs to be a user in our system. The easiest way to add a user is with this command:

sudo useradd [username]  

Our repositories need to be accessible by all of the users we just set up, hence we probably want to create a group and add all of our users to that group.

groupadd [git group name]  

Now we need to add all of our git users to that group

useradd [existing username] [git group name]  

I recommend creating a directory at the top level in which we are going to stick all of our repositories. However, you may desire to stick all the repos in the home directory of one of the users.

mkdir /repos  

Now create all of your bare repositories

cd /repos  
git init --bare [a repo name]  
git init --bare [a repo name]  
git init --bare [a repo name]  
git init --bare [a repo name]

Now ensure that everyone in our group has full access to them:

sudo chmod -R 770 /repos  
sudo chown -R $USER:[git group name] 770 /repos 

Alternative - One SSH User

Often people will use a single SSH user (usually "git"), and create/register a SSH keypair per member of your team. Thus, if you ever want to remove a user from having access, you just remove their public key from the server. However, this will prevent you from being able to create some repositories that only a subset of your team can access.

Configure The Firewall

We're going to be committing and receiving files through SSH, which ensures that we go through authentication. Thus we can configure our server so that is the only port allowed to connect. This will stop others being able to view our repos using the native git protocol on port 9418 that has absolutely no authentication.

sudo apt-get install ufw -y
sudo ufw allow 22/tcp
sudo ufw default deny
sudo ufw enable

Now when you want to create a repo, just create a directory and run.



Stuart is a software developer with a passion for Linux and open source projects.

comments powered by Disqus