├── .gitignore
├── git-server-docker.jpg
├── git-shell-commands
    └── no-interactive-login
├── docker-compose.yml
├── start.sh
├── Dockerfile
├── README.md
└── sshd_config


/.gitignore:
--------------------------------------------------------------------------------
1 | # IntelliJ project files
2 | .idea
3 | *.iml
4 | out
5 | gen
6 | 


--------------------------------------------------------------------------------
/git-server-docker.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jkarlosb/git-server-docker/HEAD/git-server-docker.jpg


--------------------------------------------------------------------------------
/git-shell-commands/no-interactive-login:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | printf '%s\n' "Welcome to git-server-docker!"
3 | printf '%s\n' "You've successfully authenticated, but I do not"
4 | printf '%s\n' "provide interactive shell access."
5 | exit 128
6 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 | 
 5 |   git-server:
 6 |     image: jkarlos/git-server-docker
 7 |     #build: .
 8 |     restart: always
 9 |     container_name: git-server
10 |     ports:
11 |       - "2222:22"
12 |     volumes:
13 |     - ~/git-server/keys:/git-server/keys
14 |     - ~/git-server/repos:/git-server/repos
15 | 
16 | 


--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # If there is some public key in keys folder
 4 | # then it copies its contain in authorized_keys file
 5 | if [ "$(ls -A /git-server/keys/)" ]; then
 6 |   cd /home/git
 7 |   cat /git-server/keys/*.pub > .ssh/authorized_keys
 8 |   chown -R git:git .ssh
 9 |   chmod 700 .ssh
10 |   chmod -R 600 .ssh/*
11 | fi
12 | 
13 | # Checking permissions and fixing SGID bit in repos folder
14 | # More info: https://github.com/jkarlosb/git-server-docker/issues/1
15 | if [ "$(ls -A /git-server/repos/)" ]; then
16 |   cd /git-server/repos
17 |   chown -R git:git .
18 |   chmod -R ug+rwX .
19 |   find . -type d -exec chmod g+s '{}' +
20 | fi
21 | 
22 | # -D flag avoids executing sshd as a daemon
23 | /usr/sbin/sshd -D
24 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:3.4
 2 | 
 3 | MAINTAINER Carlos Bernárdez "carlos@z4studios.com"
 4 | 
 5 | # "--no-cache" is new in Alpine 3.3 and it avoid using
 6 | # "--update + rm -rf /var/cache/apk/*" (to remove cache)
 7 | RUN apk add --no-cache \
 8 | # openssh=7.2_p2-r1 \
 9 |   openssh \
10 | # git=2.8.3-r0
11 |   git
12 | 
13 | # Key generation on the server
14 | RUN ssh-keygen -A
15 | 
16 | # SSH autorun
17 | # RUN rc-update add sshd
18 | 
19 | WORKDIR /git-server/
20 | 
21 | # -D flag avoids password generation
22 | # -s flag changes user's shell
23 | RUN mkdir /git-server/keys \
24 |   && adduser -D -s /usr/bin/git-shell git \
25 |   && echo git:12345 | chpasswd \
26 |   && mkdir /home/git/.ssh
27 | 
28 | # This is a login shell for SSH accounts to provide restricted Git access.
29 | # It permits execution only of server-side Git commands implementing the
30 | # pull/push functionality, plus custom commands present in a subdirectory
31 | # named git-shell-commands in the user’s home directory.
32 | # More info: https://git-scm.com/docs/git-shell
33 | COPY git-shell-commands /home/git/git-shell-commands
34 | 
35 | # sshd_config file is edited for enable access key and disable access password
36 | COPY sshd_config /etc/ssh/sshd_config
37 | COPY start.sh start.sh
38 | 
39 | EXPOSE 22
40 | 
41 | CMD ["sh", "start.sh"]
42 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # git-server-docker
 2 | A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/jkarlosb/git-server-docker) and [Docker Hub](https://hub.docker.com/r/jkarlos/git-server-docker/)
 3 | 
 4 | !["image git server docker" "git server docker"](https://raw.githubusercontent.com/jkarlosb/git-server-docker/master/git-server-docker.jpg)
 5 | 
 6 | ### Basic Usage
 7 | 
 8 | How to run the container in port 2222 with two volumes: keys volume for public keys and repos volume for git repositories:
 9 | 
10 | 	$ docker run -d -p 2222:22 -v ~/git-server/keys:/git-server/keys -v ~/git-server/repos:/git-server/repos jkarlos/git-server-docker
11 | 
12 | How to use a public key:
13 | 
14 |     Copy them to keys folder: 
15 | 	- From host: $ cp ~/.ssh/id_rsa.pub ~/git-server/keys
16 | 	- From remote: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys
17 | 	You need restart the container when keys are updated:
18 | 	$ docker restart <container-id>
19 | 	
20 | How to check that container works (you must to have a key):
21 | 
22 | 	$ ssh git@<ip-docker-server> -p 2222
23 | 	...
24 | 	Welcome to git-server-docker!
25 | 	You've successfully authenticated, but I do not
26 | 	provide interactive shell access.
27 | 	...
28 | 
29 | How to create a new repo:
30 | 
31 | 	$ cd myrepo
32 | 	$ git init --shared=true
33 | 	$ git add .
34 | 	$ git commit -m "my first commit"
35 | 	$ cd ..
36 | 	$ git clone --bare myrepo myrepo.git
37 | 
38 | How to upload a repo:
39 | 
40 | 	From host:
41 | 	$ mv myrepo.git ~/git-server/repos
42 | 	From remote:
43 | 	$ scp -r myrepo.git user@host:~/git-server/repos
44 | 
45 | How clone a repository:
46 | 
47 | 	$ git clone ssh://git@<ip-docker-server>:2222/git-server/repos/myrepo.git
48 | 
49 | ### Arguments
50 | 
51 | * **Expose ports**: 22
52 | * **Volumes**:
53 |  * */git-server/keys*: Volume to store the users public keys
54 |  * */git-server/repos*: Volume to store the repositories
55 | 
56 | ### SSH Keys
57 | 
58 | How generate a pair keys in client machine:
59 | 
60 | 	$ ssh-keygen -t rsa
61 | 
62 | How upload quickly a public key to host volume:
63 | 
64 | 	$ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys
65 | 
66 | ### Build Image
67 | 
68 | How to make the image:
69 | 
70 | 	$ docker build -t git-server-docker .
71 | 	
72 | ### Docker-Compose
73 | 
74 | You can edit docker-compose.yml and run this container with docker-compose:
75 | 
76 | 	$ docker-compose up -d
77 | 


--------------------------------------------------------------------------------
/sshd_config:
--------------------------------------------------------------------------------
  1 | #	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
  2 | 
  3 | # This is the sshd server system-wide configuration file.  See
  4 | # sshd_config(5) for more information.
  5 | 
  6 | # This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
  7 | 
  8 | # The strategy used for options in the default sshd_config shipped with
  9 | # OpenSSH is to specify options with their default value where
 10 | # possible, but leave them commented.  Uncommented options override the
 11 | # default value.
 12 | 
 13 | #Port 22
 14 | #AddressFamily any
 15 | #ListenAddress 0.0.0.0
 16 | #ListenAddress ::
 17 | 
 18 | # The default requires explicit activation of protocol 1
 19 | #Protocol 2
 20 | 
 21 | # HostKey for protocol version 1
 22 | #HostKey /etc/ssh/ssh_host_key
 23 | # HostKeys for protocol version 2
 24 | #HostKey /etc/ssh/ssh_host_rsa_key
 25 | #HostKey /etc/ssh/ssh_host_dsa_key
 26 | #HostKey /etc/ssh/ssh_host_ecdsa_key
 27 | #HostKey /etc/ssh/ssh_host_ed25519_key
 28 | 
 29 | # Lifetime and size of ephemeral version 1 server key
 30 | #KeyRegenerationInterval 1h
 31 | #ServerKeyBits 1024
 32 | 
 33 | # Ciphers and keying
 34 | #RekeyLimit default none
 35 | 
 36 | # Logging
 37 | # obsoletes QuietMode and FascistLogging
 38 | #SyslogFacility AUTH
 39 | #LogLevel INFO
 40 | 
 41 | # Authentication:
 42 | 
 43 | #LoginGraceTime 2m
 44 | #PermitRootLogin prohibit-password
 45 | #StrictModes yes
 46 | #MaxAuthTries 6
 47 | #MaxSessions 10
 48 | 
 49 | RSAAuthentication yes
 50 | PubkeyAuthentication yes
 51 | 
 52 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 53 | # but this is overridden so installations will only check .ssh/authorized_keys
 54 | AuthorizedKeysFile	.ssh/authorized_keys
 55 | #AuthorizedKeysFile	/home/git/.ssh/authorized_keys
 56 | 
 57 | #AuthorizedPrincipalsFile none
 58 | 
 59 | #AuthorizedKeysCommand none
 60 | #AuthorizedKeysCommandUser nobody
 61 | 
 62 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 63 | #RhostsRSAAuthentication no
 64 | # similar for protocol version 2
 65 | #HostbasedAuthentication no
 66 | # Change to yes if you don't trust ~/.ssh/known_hosts for
 67 | # RhostsRSAAuthentication and HostbasedAuthentication
 68 | #IgnoreUserKnownHosts no
 69 | # Don't read the user's ~/.rhosts and ~/.shosts files
 70 | #IgnoreRhosts yes
 71 | 
 72 | # To disable tunneled clear text passwords, change to no here!
 73 | PasswordAuthentication no
 74 | #PermitEmptyPasswords no
 75 | 
 76 | # Change to no to disable s/key passwords
 77 | #ChallengeResponseAuthentication yes
 78 | 
 79 | # Kerberos options (deprecated)
 80 | #KerberosAuthentication no
 81 | #KerberosOrLocalPasswd yes
 82 | #KerberosTicketCleanup yes
 83 | #KerberosGetAFSToken no
 84 | 
 85 | # GSSAPI options (deprecated)
 86 | #GSSAPIAuthentication no
 87 | #GSSAPICleanupCredentials yes
 88 | 
 89 | # Set this to 'yes' to enable PAM authentication, account processing,
 90 | # and session processing. If this is enabled, PAM authentication will
 91 | # be allowed through the ChallengeResponseAuthentication and
 92 | # PasswordAuthentication.  Depending on your PAM configuration,
 93 | # PAM authentication via ChallengeResponseAuthentication may bypass
 94 | # the setting of "PermitRootLogin without-password".
 95 | # If you just want the PAM account and session checks to run without
 96 | # PAM authentication, then enable this but set PasswordAuthentication
 97 | # and ChallengeResponseAuthentication to 'no'.
 98 | #UsePAM no
 99 | 
100 | #AllowAgentForwarding yes
101 | #AllowTcpForwarding yes
102 | #GatewayPorts no
103 | #X11Forwarding no
104 | #X11DisplayOffset 10
105 | #X11UseLocalhost yes
106 | #PermitTTY yes
107 | #PrintMotd yes
108 | #PrintLastLog yes
109 | #TCPKeepAlive yes
110 | #UseLogin no
111 | #UsePrivilegeSeparation sandbox
112 | #PermitUserEnvironment no
113 | #Compression delayed
114 | #ClientAliveInterval 0
115 | #ClientAliveCountMax 3
116 | #UseDNS no
117 | #PidFile /run/sshd.pid
118 | #MaxStartups 10:30:100
119 | #PermitTunnel no
120 | #ChrootDirectory none
121 | #VersionAddendum none
122 | 
123 | # no default banner path
124 | #Banner none
125 | 
126 | # override default of no subsystems
127 | Subsystem	sftp	/usr/lib/ssh/sftp-server
128 | 
129 | # the following are HPN related configuration options
130 | # tcp receive buffer polling. disable in non autotuning kernels
131 | #TcpRcvBufPoll yes
132 | 
133 | # disable hpn performance boosts
134 | #HPNDisabled no
135 | 
136 | # buffer size for hpn to non-hpn connections
137 | #HPNBufferSize 2048
138 | 
139 | 
140 | # Example of overriding settings on a per-user basis
141 | #Match User anoncvs
142 | #	X11Forwarding no
143 | #	AllowTcpForwarding no
144 | #	PermitTTY no
145 | #	ForceCommand cvs server
146 | 


--------------------------------------------------------------------------------