This site is now 100% read-only, and retired.

Setting up your own graphical git-server with gitbucket

Posted by Steve on Tue 14 Oct 2014 at 09:18

Tags: ,

This article documents the process of configuring a git host, using gitbucket, which will give you a graphical interface to a collection of git repositories, accessible via any browser, along with support for groups, issues, and forks.

Although it is very simple to configure the hosting of git repositories using nothing more than an ssh login and a simple "git --bare init", having a a graphical interface is something a lot of users expect - in short we'll be setting up something that looks and acts much like a personal installation of github.

Installation of gitbuck is very straight-forward as releases consist of a single .war file which is launched via Java. To get started you will need to install a java runtime. Thankfully these days installing Java upon Debian systems is very straightforward:

root@host:~# apt-get install icedtea-7-jre-jamvm

Gitbucket will store all the git repositories beneath the home-directory of the user who launches it, so we'll first create a dedicated user:

root@host:~# useradd gitbucket

At the time this guide was written the most recent release of gitbucket was 2.4.1, so we'll download that release, and do so as the user we have just created:

root@host:~# su - gitbucket
gitbucket@host:~$ wget https://github.com/takezoe/gitbucket/releases/download/2.4.1/gitbucket.war

At this point we're almost ready:

  • We've created a new user to run the software as.
  • We've downloaded the software, but we've not yet started it.

When gitbucket is launched it will start its own webserver running on 0.0.0.0:8080. While we could expose that directly to the network it seems saner to hide it behind a reverse-proxy. With a suitable reverse proxy we can also cache resources, such as javascript, and images, so that things are nice and fast for visitors.

Although Apache is the most popular webserver it can be relatively heavy-weight, so for simple tasks like this I prefer to use nginx. If you're already running a webserver on your host then you're on your own configuring it at this point, but if this is a new system dedicated to storing git-repositories and nothing else then it should be a simple to install it:

root@host:~# apt-get install nginx-full

The only thing you need to do is configure a virtual-host for the git handling, and you can do that by creating the file /etc/nginx/sites-enabled/git.conf with contents like so:

proxy_cache_path /tmp/cache keys_zone=one:1000m levels=1 inactive=30d max_size=1G;
proxy_temp_path /tmp;

server {
    listen [::]:80  default ipv6only=off;

    location ~ \.(gif|png|txt|css|png|jpe?g|ico|js)$ {
         proxy_pass http://127.0.0.1:8080;
         proxy_hide_header       Set-Cookie;
         proxy_ignore_headers    Set-Cookie Expires Cache-Control;

         proxy_redirect    off;
         proxy_buffering on;
         proxy_buffer_size  128k;
         proxy_buffers 100  128k;

         proxy_cache one;
         proxy_cache_key $uri;
         proxy_cache_use_stale error timeout invalid_header;
         proxy_cache_valid 200 301 302 60h;
         expires 30d;
    }

    ## send all traffic to the back-end
    location / {
        proxy_pass  http://127.0.0.1:8080;
        proxy_redirect off;
        proxy_set_header        X-Forwarded-For $remote_addr;
    }
}

This is a pretty straight-forward file which mostly proxies to the java webserver - but it has the advantage that it caches static-media, which won't change.

The only remaining step is to launch the actual service. If you've previously configured runit then launching gitbucket is as simple as writing a run script containing:

#!/bin/sh
exec su - gitbucket -c "exec java ~/gitbucket.war"

If you're using systemd then you'll want to create the file /etc/systemd/system/gitbucket.service with the following contents:

[Unit]
Description=Git hosting service

[Service]
ExecStart=/bin/su - gitbucket -c "exec java -jar gitbucket.war"
KillMode=process

[Install]
WantedBy=multi-user.target

Once you've created that file you can enable the service, and start it, by running:

root@host ~ # systemctl enable gitbucket.service
root@host ~ # systemctl start gitbucket.service

Finally if you're using sys-v you can find an initscript online which can be used to ensure that the service starts on system-boot.

Providing the service is running, and you've restarted your reverse-proxy you should now find a usable interface which you can import your git repositories to.

By default it will serve files over HTTP, but you can also add your SSH keys to it, and enable the integrated SSH-server to push code securely.

The default login credentials are:

  • Username: root
  • Password: root

This password must be changed as soon as possible.

 

 


Re: Setting up your own graphical git-server with gitbucket
Posted by Anonymous (178.213.xx.xx) on Tue 14 Oct 2014 at 12:46
You could also add otpions to the cli startup like --port=8080 --host=127.0.0.1 for more security.
It is also possible to specify the root of the gitbucket filesystem with : --gitbucket.home=/home/git

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by Steve (2.126.xx.xx) on Tue 14 Oct 2014 at 20:19
[ View Weblogs ]

That was a useful update, thank-you.

I tend assume that hosts are firewalled, such that everything is closed unless explicitly opened - but it's worth checking these things and scanning your hosts now and again.

Steve

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by fsateler (190.151.xx.xx) on Tue 14 Oct 2014 at 15:20
[ View Weblogs ]

The systemd service file should use the User directive instead of relying on su:

[Service]
User=gitbucket
ExecStart=/usr/bin/java -jar /path/to/gitbucket.war

I also think that setting KillMode=process is not such a great idea. If I want the service to end, I want all subprocesses to end as well.

Saludos,
Felipe Sateler

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by Steve (2.126.xx.xx) on Tue 14 Oct 2014 at 20:18
[ View Weblogs ]

Thanks - I converted my own system from runit to systemd, so leaving the su felt natural.

With regard to the kill-mode though things work as-is, and there are no sub-processes launched, so I think that's safe enought to leave alone.

Steve

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by peterhoeg (218.212.xx.xx) on Wed 15 Oct 2014 at 07:25
And this is admittedly nitpicking, but the systemd unit file should go into /etc/systemd/system. /lib/systemd/system is reserved for unit files from upstream.

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by Steve (2.126.xx.xx) on Wed 15 Oct 2014 at 07:33
[ View Weblogs ]

I found conflicting advice on this, which I guess I'm now contributing to myself!

When I get a chance to test the other location I'll do so, and update this text if it still works :)

Steve

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by fsateler (190.151.xx.xx) on Wed 15 Oct 2014 at 15:56
[ View Weblogs ]

My take is that /lib/systemd/system is reserved for the distro. You cannot complain if some other package then ships a file that overwrites yours. On the other hand, if the distro overwrites a file in /etc, that is a bug.


Saludos,
Felipe Sateler

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by Anonymous (109.190.xx.xx) on Sun 19 Oct 2014 at 23:14
Why do you use JamVM (icedtea-7-jre-jamvm) instead of default-jre-headless ?

The standard HotSpot JVM is faster on the most used architectures (x86*). I wouldn't recommend using java on the architectures where JamVM should be faster (from the description of the jamvm package : "This is a somewhat faster alternative than the Zero port on architectures like armel, mips, mipsel, powerpc."). The Zero port is the "zero assembly" port for !x86* architectures.

[ Parent ]

Re: Setting up your own graphical git-server with gitbucket
Posted by Thorsten (84.138.xx.xx) on Thu 30 Oct 2014 at 16:59
wow - that`s easy! Thanks for your post - again! /thorsten

[ Parent ]