Add my git user

I log in as root:

adduser-N -d /path/to/my/repository/repo -s /bin/bash -r MyGitUser

-N do not create a group with the same name as the user
-d home directory of the new account
-s login shell of the new account
-r create a system account

what’s happen in /etc/passwd
MyGitUser:x:888:100:/path/to/my/repository/repo:/bin/bash

passwd MyGitUser

ok back again.

Now i’m able todo something like
git clone MyGitUser@myhost:project.git
or more complicated
git clone MyGitUser@myhost:/path/to/my/repository/repo/project.git

cheers

CGIT inside ispconfig 3

I got many git resources on my server, there must be a way to push it into the world wide web. CGI.GIT is one of them. Let’s try it out here inside of ispconfig 3.

Through the previous installation I have a lot of development tools on board.

Missing only:
yum install openssl-devel asciidoc xmlto

cd /usr/local/src
wget https://git.zx2c4.com/cgit/snapshot/cgit-1.0.tar.xz
tar xf cgi-1.0.tar.xz
cd cgi-1.0
make get-git
make CGIT_SCRIPT_PATH=/usr/share/cgit prefix=/usr install install-man
.
.
install -m 0755 -d /usr/share/man/man5
SUBDIR git
install -m 0644 cgitrc.5 /usr/share/man/man5
install -m 0755 -d /usr/share/cgit
install -m 0755 cgit /usr/share/cgit/cgit.cgi
install -m 0755 -d /usr/share/cgit
install -m 0644 cgit.css /usr/share/cgit/cgit.css
install -m 0644 cgit.png /usr/share/cgit/cgit.png
install -m 0644 favicon.ico /usr/share/cgit/favicon.ico
install -m 0644 robots.txt /usr/share/cgit/robots.txt
install -m 0755 -d /usr/lib/cgit/filters
cp -r filters/* /usr/lib/cgit/filters
.
.

Aha, this files are installed. With yum history I removed the installed developer parts..

Create the cache
install -vd “/var/cache/cgit”

For better syntax highlight:
yum install highlight

create a new web site in ispconfig and check only cgi & active.
Option -> Apache directives:

<Directory /var/www/MyGitWebSide/web>
DirectoryIndex disabled
DirectoryIndex cgit.cgi
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>

Back in the console

cd /var/www/MyGitWebSide/web
cp /usr/share/cgit/* .
mkdir css
mv cgit.css cgit.png css
rm index.html

Clean up permissions:
chown -R webXXX:clientXXXX *

Directory looks like
ls
cgit.cgi css favicon.ico robots.txt stats

vi /etc/cgitrc
# cgit config
css=/css/cgit.css
logo=/css/cgit.png
# if you don’t want that webcrawler (like google) index your site
robots=noindex, nofollow
#syntax highlight
source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
## and included like this:
## include=/etc/cgitrepos
repo.url=test-git
repo.path=/path/to/my/repository/test.git
repo.desc=Test Git
repo.owner=me@myhost
# if had another module – it would be added like so
# repo.url=OSGi-module
# repo.path=/home/git/repositories/OSGi-module.git
# repo.desc=the OSGi-module repository
# repo.owner=foo@bar.com

cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh

Enable version 3 and add “–inline-css” at the end.

vi /usr/lib/cgit/filters/syntax-highlighting-edited.sh

# for version 3.
#
# Version 2 can be found (for example) on EPEL 5, while version 3 can be
# found (for example) on EPEL 6.
#
# This is for version 2
#exec highlight –force -f -I -X -S “$EXTENSION” 2>/dev/null

# This is for version 3
exec highlight –force -f -I –inline-css -O xhtml -S “$EXTENSION” 2>/dev/null

Now I’m able to browse my git on web.

Quick and dirty

Sometimes I felt like a normal person without any kind of bad conscience. It takes me two hours and the server was ready. https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3
helped me out.

I was a fool, hammer down every ssl information with enter. This must be corrected:

Postfix
cd /etc/postfix
Genenerate Postfix ssl key:
openssl req -x509 -newkey rsa:2048 -keyout smtpd.key -out smtpd.cert -days 3650 -nodes
chmod 600 smtp.*

change /etc/postfix/master.cf (add some lines to get smtps, taken from my old host)
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

ISPConfig
cd /usr/local/ispconfig/interface/ssl
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key

HTTPD
vi /etc/httpd/conf.d/ssl.conf
replace follow line:
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key (one line !!!)

Standard SSL website share the same ssl-keys from ispconfig.

Uh done. I was near a seam outburst.

Time to left the old server…

It was in time to update my v-server. The given package could not be updated. I went to my provider and bought a new one. It came preinstalled with Ubuntu 14.04. A System with a lifecycle till april 2019. No. I take a look to the systems that can be installed and yeah.. centos 7 is there. Security lifecycle till 2024. Good. That’s the way …the story goes on…