search

rockstorm101 / git-server-docker

Git server over SSH
GNU General Public License v3.0
63 stars 14 forks source link

Trying to get a git-container-server up and running... #2

Closed Docjones closed 2 years ago

Docjones commented 2 years ago

Hello,

i am trying to get a spring-boot-cloud-config-repository up and running using your solution. Due to enterprise policies, i am urged to get a dedicated git-server with ssl key up and running.

I am trying to extend your solution using a Dockerfile:


FROM rockstorm/git-server
MAINTAINER IDS Logistik "sw@ids-logistik.de"

# Adding the configuration files
# config contains the empty git-repo
# src contains the files to be added to the git-repo
ADD config /srv/git/config.git
ADD src /home/git/src

# Adding the ssh configuration
ADD sshd_config /etc/ssh/sshd_config
ADD id_rsa.pub /home/git/.ssh/authorized_keys
RUN chmod -R 0700 /home/git/.ssh ;\
    chown -R git.git /home/git/.ssh ;\
    chmod 0600 /home/git/.ssh/* /etc/ssh/sshd_config

# Setting up the git-repo
ENV GIT_DIR /srv/git/config.git
ENV GIT_WORK_TREE /home/git/src
ENV GIT_INDEX_FILE $GIT_DIR/scratch-index

RUN git read-tree --empty
RUN git config user.email "xxx"
RUN git config user.name  "xxx"
RUN git add /home/git/src
RUN git commit -m"Init"

This works so far - however, i am getting a "Auth Fail" at the client side (the SpringBoot Cloud-Configserver trying to clone the repo).

To debug the issue, i am forced to see the sshd-logging, but i cant find it within the container. I added LogLevel DEBUG3 to the sshd_config file, but the logfile does not appear in /var/log/. Can you assist me in getting the sshd in your container to get some more information?

Docjones commented 2 years ago

According to my research, there seems to be no syslog available to redirect the messages to.

Appending a -e to the argument list of execution of sshd in setup.sh would possibly be the best solution?

rockstorm101 commented 2 years ago

Hi @Docjones, yes exactly, in this container sshd is not run as a service. Therefore nothing will show up at /var/log. I would suggest running sshd with option '-E' instead to create a log wherever you wish. No log rotation or anything fancy but might be good enough for debugging. Could it be that you are affected by the deprecation of RSA? I'll look into making it run as a service, though I'm worried about how much overhead it will be added.

Docjones commented 2 years ago

How about adding the possibility to add command line arguments via ENV Variable (similar to JAVA_OPTS)? That would reduce the efford on your site and perfectly suit my needs :)

Additionally: possibly i hit the RAS deprecation - will try with a different algorithm. Any suggestions?

rockstorm101 commented 2 years ago

How about adding the possibility to add command line arguments via ENV Variable (similar to JAVA_OPTS)? That would reduce the efford on your site and perfectly suit my needs :)

Agreed, I'll change it to allow custom commands. I got it setup that way on other containers. Don't know why I didn't do the same on this one.

Additionally: possibly i hit the RAS deprecation - will try with a different algorithm. Any suggestions?

I would suggest going for the top-of-the-class EdDSA algorithm.

Docjones commented 2 years ago

Hello @rockstorm101 - any progress on this?

rockstorm101 commented 2 years ago

Hi @Docjones, sorry, still not on top of my todo list I'm afraid. Happy to accept a PR if you wish.