GitHub is a well-known git repository, but one limit is that it is not free for private git repository (cost $7/month this posting time). It means that your source code of an important project will also be available for your competitors one day. So this tutorial guides how to setup a private git server on Linux server (CentOS in this tut).
Create the SSH Key Pair
First, we need to create SSH key pair for remote access. From your local Mac/Linux PC (Windows? Use PuTTYgen), create a key-pair using ssh-keygen as follows:
[bash]ssh-keygen -C "[email protected]"[/bash]
. Just enter the full path of the generated key. It is suggested to type a password (PASS1 for example) for this key-pair for more security purpose.
At the end of this step, you will have 2 files, one is a private key and one is public key (.pub file). The public key will be uploaded to the remote server for allowing ssh access from this user later.
Install Git server on remote CentOS server
- First, setup git environment for the server:[bash]yum install -y git[/bash]
- Then, setup a git user on remote server:[bash]useradd git[/bash]
. Can change password of git user by
[bash]passwd git[/bash]
- Add your local generated SSH key to the access list of the git user. We will need to create authorized_keys first[bash]su git
mkdir ~/.ssh && touch ~/.ssh/authorized_keys
[/bash] - On the local PC, copy the .pub file to VPS and import it into authorized_keys:[bash]cat .ssh/id_rsa_remote_git.pub | ssh root@REMOTE_SERVER_IP "cat >> ~/.ssh/authorized_keys"[/bash]
Setup a Bare Repository
Now, on the remote server, we can set up an empty repository (called it first-project) for them by running git init with the –bare option:
[bash]git init –bare first-project.git[/bash]
. Note that someone must login to the remote server and create a bare repository every time you want to add a project.
Using git on Local PC
Let’s use gitserver as the hostname of the server on which you’ve set up your ‘git’ user and repository. If you’re running it internally, and you set up DNS for gitserver to point to that server, then you can use the commands pretty much as is:
[bash]cd myproject
git init
git add .
git commit -m ‘initial commit’
git remote add origin ssh://git@gitserver:SSH_PORT/FULL_PATH_TO/first-project.git
git push origin master[/bash]
We can also clone it down and push changes back up just as easily:
[bash]git clone ssh://git@gitserver:SSH_PORT/FULL_PATH_TO/first-project.git first-project
nano README
git add README.md
git commit -am ‘Add the README file’
git push origin master[/bash]
As you might see that I am going to use git url in ssh format. The reason is that I normally do not allow to ssh to the server via default ssh port (22), so I must use this full format to specify this 🙂
Restrict git user to only perform git commands
Edit the home directory of the git user to git-shell:
[bash]nano /etc/passwd[/bash]
. We will see something like
[bash]git:x:1000:1000::/home/git:/bin/sh[/bash]
. Change /bin/sh to /usr/local/bin/git-shell (or run which git-shell to see where it’s installed). The line should look something like this:
[bash]git:x:1000:1000::/home/git:/usr/local/bin/git-shell[/bash]
One note on this is that after change root login to git-shell, even the root user cannot switch to git user on the server. So the root user (or other user) must create a new bare repo for a new project.
Some recommended budget VPS (under $7/year) in order be able to try this:
- INIZ (rebranded from StormVZ), a stable VPS provider in New York, Los Angeles and Amsterdam.
- Prometeus, a very stable VPS provider in EU and Dallas.
- RamNode, a stable and high performance VPS provider for Seattle, Atlanta and Netherlands.
