Repository: jkarlosb/git-server-docker Branch: master Commit: 72f69a5d6b8e Files: 7 Total size: 8.1 KB Directory structure: gitextract_via734th/ ├── .gitignore ├── Dockerfile ├── README.md ├── docker-compose.yml ├── git-shell-commands/ │ └── no-interactive-login ├── sshd_config └── start.sh ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ # IntelliJ project files .idea *.iml out gen ================================================ FILE: Dockerfile ================================================ FROM alpine:3.4 MAINTAINER Carlos Bernárdez "carlos@z4studios.com" # "--no-cache" is new in Alpine 3.3 and it avoid using # "--update + rm -rf /var/cache/apk/*" (to remove cache) RUN apk add --no-cache \ # openssh=7.2_p2-r1 \ openssh \ # git=2.8.3-r0 git # Key generation on the server RUN ssh-keygen -A # SSH autorun # RUN rc-update add sshd WORKDIR /git-server/ # -D flag avoids password generation # -s flag changes user's shell RUN mkdir /git-server/keys \ && adduser -D -s /usr/bin/git-shell git \ && echo git:12345 | chpasswd \ && mkdir /home/git/.ssh # This is a login shell for SSH accounts to provide restricted Git access. # It permits execution only of server-side Git commands implementing the # pull/push functionality, plus custom commands present in a subdirectory # named git-shell-commands in the user’s home directory. # More info: https://git-scm.com/docs/git-shell COPY git-shell-commands /home/git/git-shell-commands # sshd_config file is edited for enable access key and disable access password COPY sshd_config /etc/ssh/sshd_config COPY start.sh start.sh EXPOSE 22 CMD ["sh", "start.sh"] ================================================ FILE: README.md ================================================ # git-server-docker A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/jkarlosb/git-server-docker) and [Docker Hub](https://hub.docker.com/r/jkarlos/git-server-docker/) !["image git server docker" "git server docker"](https://raw.githubusercontent.com/jkarlosb/git-server-docker/master/git-server-docker.jpg) ### Basic Usage How to run the container in port 2222 with two volumes: keys volume for public keys and repos volume for git repositories: $ docker run -d -p 2222:22 -v ~/git-server/keys:/git-server/keys -v ~/git-server/repos:/git-server/repos jkarlos/git-server-docker How to use a public key: Copy them to keys folder: - From host: $ cp ~/.ssh/id_rsa.pub ~/git-server/keys - From remote: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys You need restart the container when keys are updated: $ docker restart How to check that container works (you must to have a key): $ ssh git@ -p 2222 ... Welcome to git-server-docker! You've successfully authenticated, but I do not provide interactive shell access. ... How to create a new repo: $ cd myrepo $ git init --shared=true $ git add . $ git commit -m "my first commit" $ cd .. $ git clone --bare myrepo myrepo.git How to upload a repo: From host: $ mv myrepo.git ~/git-server/repos From remote: $ scp -r myrepo.git user@host:~/git-server/repos How clone a repository: $ git clone ssh://git@:2222/git-server/repos/myrepo.git ### Arguments * **Expose ports**: 22 * **Volumes**: * */git-server/keys*: Volume to store the users public keys * */git-server/repos*: Volume to store the repositories ### SSH Keys How generate a pair keys in client machine: $ ssh-keygen -t rsa How upload quickly a public key to host volume: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys ### Build Image How to make the image: $ docker build -t git-server-docker . ### Docker-Compose You can edit docker-compose.yml and run this container with docker-compose: $ docker-compose up -d ================================================ FILE: docker-compose.yml ================================================ version: '2' services: git-server: image: jkarlos/git-server-docker #build: . restart: always container_name: git-server ports: - "2222:22" volumes: - ~/git-server/keys:/git-server/keys - ~/git-server/repos:/git-server/repos ================================================ FILE: git-shell-commands/no-interactive-login ================================================ #!/bin/sh printf '%s\n' "Welcome to git-server-docker!" printf '%s\n' "You've successfully authenticated, but I do not" printf '%s\n' "provide interactive shell access." exit 128 ================================================ FILE: sshd_config ================================================ # $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 #Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Ciphers and keying #RekeyLimit default none # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 RSAAuthentication yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysFile /home/git/.ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options (deprecated) #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options (deprecated) #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes # disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server ================================================ FILE: start.sh ================================================ #!/bin/sh # If there is some public key in keys folder # then it copies its contain in authorized_keys file if [ "$(ls -A /git-server/keys/)" ]; then cd /home/git cat /git-server/keys/*.pub > .ssh/authorized_keys chown -R git:git .ssh chmod 700 .ssh chmod -R 600 .ssh/* fi # Checking permissions and fixing SGID bit in repos folder # More info: https://github.com/jkarlosb/git-server-docker/issues/1 if [ "$(ls -A /git-server/repos/)" ]; then cd /git-server/repos chown -R git:git . chmod -R ug+rwX . find . -type d -exec chmod g+s '{}' + fi # -D flag avoids executing sshd as a daemon /usr/sbin/sshd -D