I originally posted about this back in 2018, but the recently released Debian Trixie has removed the git-daemon-sysvinit package. That was what I was originally using to make this work. The following contains updated instructions to utilize inetd, instead.
Some of my personal projects are tracked using private git repositories, hosted on this server. I can access these via ssh, but for a while I've had in mind to make at least a couple of them publicly accessible… somehow. After finally getting around to looking into it, this turns out to be deceptively simple using git-daemon (instructions for Debian distros):
-
Choose the user who will host the repositories, and setup some items in their home folder like so:
cd ~ mkdir -p git-daemon/git echo "Repositories herein are served publicly by git-daemon." > git-daemon/README -
In the
git-daemon/gitfolder, add a symlink to each of the actual git repository folders you want to make public, with the same<repo>.gitname (assuming these are bare repositories). These will become accessible viagit://<hostname>/git/<repo>or<repo>.git. -
Ensure each repository (under the
.gitfolder, if not bare) contains a blankgit-daemon-export-okfile: e.g.,touch <repo>.git/git-daemon-export-ok. git-daemon will not allow access to any repository which does not contain this file. -
Ensure the
openbsd-inetdpackage is installed, and then add the git-daemon service to it by running:sudo update-inetd --add "git stream tcp nowait <user> /usr/bin/git git daemon --inetd --verbose --base-path=/home/<user>/git-daemon"where
<user>(two places) is the name of the user account which owns the git repositories. -
Have the inetd service reload its config:
sudo service inetd reload. -
Ensure the git protocol port (9418) forwards to the server by your network.
Simple! The git protocol is faster than serving over HTTP(S), and the standard configuration ensures that anonymous clients can pull, but not push, which is exactly what I was after.
Comment to add? Send me a message: <brendon@quantumfurball.net>