From 31b109e08cd8c5890de7419e8969f1f04d147094 Mon Sep 17 00:00:00 2001 From: Brandon Rozek Date: Fri, 20 Jan 2023 21:14:40 -0500 Subject: [PATCH] New Post --- .../blog/lightweight-gitc-docker-compose.md | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 content/blog/lightweight-gitc-docker-compose.md diff --git a/content/blog/lightweight-gitc-docker-compose.md b/content/blog/lightweight-gitc-docker-compose.md new file mode 100644 index 0000000..4245185 --- /dev/null +++ b/content/blog/lightweight-gitc-docker-compose.md @@ -0,0 +1,200 @@ +--- +title: "Deploying a Lightweight Git Server with CGit using Docker-Compose" +date: 2023-01-20T21:14:03-05:00 +draft: false +tags: ["Git"] +math: false +--- + +In this post, I'll talk about how we can setup CGit within a docker-compose setup. We'll be using the [ClearLinux CGit](https://hub.docker.com/r/clearlinux/cgit) container. + +## Configuring Apache Webserver + +Within the CGit container, an apache webserver is setup to execute the CGit CGI scripts. This configuration is very similar to the [default one](https://github.com/clearlinux/dockerfiles/blob/256680f7c6be8423081e67153de0bff1206f6b63/cgit/httpd-cgit.conf) provided by ClearLinux. However, the default holds your repositories in the `/cgit` subfolder as I wanted it on the root `/` folder. + +/etc/httpd-cgit.conf + +```apache +ServerName localhost + +# Next two lines changed for new document root +DocumentRoot /var/www/cgit + + AllowOverride None + Options ExecCGI FollowSymLinks + Require all granted + + +# cgid module is required to run the cgit binary +LoadModule cgid_module lib/httpd/modules/mod_cgid.so + + ScriptSock /var/run/cgid.sock + + +# Path to cgit stylesheet, graphics +Alias /cgit-data /usr/share/cgit + + AllowOverride None + Options None + Require all granted + + +# Path to cgit binary +# Next line changed +ScriptAlias / /usr/libexec/cgit/cgi-bin/cgit/ + + AllowOverride None + Options None + Require all granted + +``` + +## Configuring CGit + +Now to configure `cgit` itself, we need to create a file called `cgitrc`. Order matters in the declarations, and from what I can gather you should have your `scan-path` near the end of the file. + +To enable cloning and have it discoverable: +```ini +enable-http-clone=1 +clone-prefix=https://URL/TO/WEBSITE +``` + +To download snapsots of the references +```ini +snapshots=tar.gz zip +``` + +To enable the git config to override the owner and description fields +```ini +enable-git-config=1 +``` + +Cache up to 1000 output entries +```ini +cache-size=1000 +``` + +Root Page configuration +```ini +root-title=Brandon Rozek's Repositories +root-desc= +repository-sort=age + +# Start all URLs from the root directory +virtual-root=/ +``` + +Server the appropriate mime-types of certain files +```ini +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.jpeg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml +``` + +Styles for the website +```ini +css=/cgit-data/cgit.css +logo=/cgit-data/cgit.png +favicon=/cgit-data/favicon.ico +source-filter=/usr/libexec/cgit/filters/syntax-highlighting.sh +about-filter=/usr/libexec/cgit/filters/about-formatting.sh +readme=:README.md +readme=:README +``` + +Where to find the repositories + +```ini +scan-path=/var/www/cgit/ +``` + +## Setting up the container + +I prefer using `docker-compose` to help manage all my containers. The first two volumes map the configuration files we created and the last volume holds our repositories. + + +```yaml +cgit: + image: docker.io/clearlinux/cgit + container_name: cgit + hostname: cgit + volumes: + - /etc/cgitrc:/etc/cgitrc + - /etc/httpd-cgit.conf:/etc/httpd/conf.d/httpd-cgit.conf + - /var/www/cgit:/var/www/cgit + restart: always +``` + +## Populating it with Repositories + +Within `/var/www/cgit`, start cloning your repositories: + +```bash +git clone --bare REPO_URL +``` + +If you enabled gitinfo then for each repository you can run `git config -e` and add the following + +```ini +[gitweb] + owner = Name + description = Insert your project description here +``` + +### Aside: Reverse Proxy +In my setup, I have an `nginx` container that handles all of the traffic. Therefore, I don't have users enter to the cgit container directly. I handle this by adding the following reverse proxy configuration. +```nginx +server { + listen 80; + listen [::]:80; + server_name GIT.SERVER.URL + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name GIT.SERVER.URL; + + ssl_certificate /path/to/chain; + ssl_certificate_key /path/to/private/key; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location / { + proxy_pass http://cgit; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + # Needed to get around HTTP2 Streaming Errors + proxy_hide_header Upgrade; + } +} +``` + +## Conclusion + +After all the configuration, you should be able to pull it up using `docker-compose`. + +```bash +docker-compose up cgit +``` + +## References + +These references talked about setting up cgit outside of docker, but they helped me understand the various configuration files needed. + +- https://russellhaering.com/running-cgit-under-nginx/ +- https://jakesthoughts.xyz/blog/setting-up-cgit.html +- https://www.yaroslavps.com/weblog/minimal-git-server/ +- https://blog.stefan-koch.name/2020/02/16/installing-cgit-nginx-on-debian +- https://bryanbrattlof.com/cgit-nginx-gitolite-a-personal-git-server/ +- https://matejamaric.com/blog/git-server/