immerda:GitRepositories: Unterschied zwischen den Versionen
|Zeile 22:||Zeile 22:|
| '''HTTPs'''<br/>private repositories
| '''HTTPs'''<br/>private repositories
Version vom 12. April 2013, 12:40 Uhr
immerda.ch provides access to git repositories. Either single repositories on our general git-storage or your very own repository storage, that you can manage completely on your own.
To manage access and authorization of a git repository storage, we use gitolite. So any information regarding how you can configure your different repositories can be found in gitolite's documentation.
To make it possible to browse your repositories on the web, we use cgit, which can be publicly available or protected by htpasswd.
What you can get
If you are a friend of us, you can get your own repository storage on our servers. Simply get in touch with us and we can create you either access to your own repositories on git.immerda.ch or your very own repository storage, where you can manage your own access and give access to your friends without involving us. While you can configure a lot on your own, there are a few decisions you need to make before ordering your own repository storage.
Should your repository storage:
be avaiable by other means than ssh?
Depending on the setup of your repository storage, you can access your git repositories by different means: ssh, git, http(s) . You can also configure the access to your repositories for these different protocols using the gitolite config file on a repository basis. But still you need to tell us by which protocols your repositories should (potentially be available).
Access by http(s) will include the cgit webinterface to browse your repositories. But it can still be made non-public by allowing access only to these users, that can authenticated against ssh for your repository storage.
be publicly available for anonymous pull?
If you do not want to have only private repositories for your own non-public project and share your work (for example on free software projects) with the world, you might want to make them available for anonymous/unauthenticated pulls. This can happen over the git-protocol or http(s). Depending on which protocols you have chosen before, this will either be additionally only over authenticated https or if you want to share your work with the public by unauthenticated http(s).
be accessible with which domain name?
Which domain name will be used to access your repositories? This will be your domain to access your repositories, either by ssh, git or http(s) protocol.
use which login name?
You have to choose a login name for your repository storage. This will be the login name that you can use access your repositories by ssh. Also if you choose to make it possible to browse your repositories by http(s), you will also be able to access them by http(s)://git-LOGINNAME.immerda.ch using a correct certificate for the domain name.
As mentioned earlier: We use gitolite to manage access and authorization to your repositories, so gitolite's documentation is a good starting point to learn how you can configure access to your different repositories.
All repository storages are available over the ssh protocol using public-ssh keys to authenticate you as an user. For more information we refer to gitolite's documentation.
Access URL for your repository will look like:
daemon / git-protocol
If you want to make your repositories available by the git protocol, you will need to allow read-access for the daemon user:
repo some_repo RW = @developers R = daemon
You will then be able to clone these repositories by
If you want to make a repository appear in the webinterface cgit (and accessible via anonymous http(s)), you need to - similar to the git-protocol - give read access to the daemon user for this repository. Additionally you might want to set gitweb options for the git config that will be read by cgit and for example label your repository in the webinterface.
repo some_repo RW = @developers R = daemon config gitweb.owner = "Ada Lovelace" config gitweb.description = "My repository"
Repositories that are published in a public cgit can be cloned using anonymous http(s). So you will be able to clone any repository that is avaiable in cgit with the following command:
git clone http://git.yourdomain.com/some_repo
If you have given your user an htpasswd (see below on how to do that), you will also be able to push changes to that repository over https. Either using
If you enabled http(s) as one of the protocols to access your git repositories, you can set a password for your username (in gitolite's config) using gitolite's htpasswd command:
ssh LOGINNAME@git.yourdomain.com htpasswd
This will set the login name for your gitolite user. And you will be able to push changes to your repositories by https using your gitolite-username and the set password.
https access to non public repositories
As mentioned earlier, you can also clone & fetch any published repositories using the smart-http protocol. However, you are also able to access any non-published repositories using the https-protocol using the configured htpasswd authentication (see above) to authenticate yourself. For technical reasons, you need to prefix such non-public repositories with the following path _gl/. This means that your hidden_repo.git will be available using the following url:
https://git.yourdomain.com/_gl/hidden_repo.git # or with the correct certificate https://git-LOGINNAME.immerda.ch/_gl/hidden_repo.git
This prefix is only required for repositories that are not published in cgit. A good example is for example the gitolite-admin.git repository, which you might not want to publish in cgit, but still push changed to it over https.