diff options
| author | 2025-10-27 17:59:36 +0100 | |
|---|---|---|
| committer | 2025-10-27 18:19:10 +0100 | |
| commit | 8a7feeb9ba8254037c3ce4ad74ec7eb52a2401a7 (patch) | |
| tree | 9fef90f3f9e6c6774979dabb71d68fda7fa68075 /README.md | |
| parent | e6fd29bfe889be243609235e42fcfb9660b91488 (diff) | |
Renamed README
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..e958e79 --- /dev/null +++ b/README.md @@ -0,0 +1,93 @@ +# git-server + +Welcome to **git-server** — a simple, fast, memory-friendly, and secure server for your Git repositories. + +The goal of this project is to provide a **minimal Git server** with no unnecessary features or management overhead. +It’s designed for everyone who doesn’t need or want a fancy GUI or advanced functionality beyond the essentials. +As a result, it’s **small, secure, fast**, and uses **under 10 MB of memory**. + +--- + +## Features + +- 🐳 **Dockerized** +- ⚙️ **Simple configuration** via command line or Docker Compose +- 🚀 **Fast & secure**, with minimal dependencies: Git, SSH, Fish, Sudo +- 👥 **Built-in user and repository management** +- 🔐 **Basic ACL system** with per-user read/write permissions +- 📜 **Logging** of all Git operations + +--- + +## Security + +Keeping your repositories safe from unauthorized access is a top priority. +This server applies multiple hardening and sandboxing measures, such as: + +- Minimal Alpine base image with only essential tools installed +- Only **public-key authentication** (no passwords) +- **No TTY and no interactive shell logins** +- All Git commands are **sanitized and validated** +- Repositories are stored under `/srv/repos` and cannot access paths outside that directory +- Per-user **ACL file** checks permissions for each operation +- **Root and “git” user logins are disabled** + +--- + +## Examples + +### Command Line + +```sh +docker run --rm -p "2222:22" git-server \ + -u "user1:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm +lzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15" \ + -r "/repo1.git;user1:w" + +Command line: +```sh +docker run --rm -p "2222:22" git-server -u "user1:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm +lzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15" -r "/repo1.git;user1:w" +``` + + +Docker Compose: +```yaml +services: + git-server: + image: docker.it-jaros.com/com.it-jaros.git + ports: + - "2222:22" + environment: + # Note: Variable names cannot contain dashes, but values can! + # UID/GID of the user that owns all repositories + - GIT_UID=1000 + - GIT_GID=1000 + + # Users in the form USER_<id>=<username>:<ssh-public-key> + - USER_user1=user1:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15 + - USER_user2=user2:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15 + + # Repositories in the form REPO_<id>=<path>;<user>:<perm>[;<user2>:<perm>;...] + # Permissions: + # r = read + # w = write + # A user without a permission flag has read access by default. + - REPO_repo1=/repo1.git;user1 + - REPO_repo2=/repo2.git;user2:w + - REPO_repo3=/repo3.git;user1:r;user2:w + + volumes: + # Basic volumes that should be mapped + - ./ssh:/var/ssh + - ./repos:/srv/repos + - ./log:/var/log +``` + +## Notes + +You can use any SSH key type supported by Git and your base system. Logs are written to /var/log/git-run by default. ACL files and repository definitions are recreated automatically on container restart. + +## License + +GPLv3 © 2025 Matthias Jaros
\ No newline at end of file |
