loading...
Cover image for Private Github with gogs and raspberry pi

Private Github with gogs and raspberry pi

bojana_dev profile image Bojana Dejanović Updated on ・5 min read

If you are by any means involved in any part of the software development process, chances are you have heard or used (or both) git, and for sure - github.

Github is great, you can create free account in no time, and be ready for pushing changes down your repos. There is just one catch - these repositories you are creating on the github are public.

Which is fine, for most uses cases, especially managing and maintaining open-source projects.

A lot of big companies have their repos publicly available on github. Companies like Google, Amazon and Microsoft, who recently acquired entire service and is recognized now as a biggest contributor on the whole github platform.

Github have an option for private repositories of course, but it is a paid service, and depending on size of the team and included features, prices vary.

7$/month is not something super pricey, especially if you are using git as a irreplaceable every day tool, whether you are a lone developer or working in a team. And you don't want to mess around with configuring and maintaining a service, you want something that works right "out of the box".

With that said, it is far more interesting (at least for me), if you would install and configure self-hosted git service yourself.

Why? Simply, because you can. :)

All you need is a raspberry pi, and a dozen minutes to spend on reading this how to. ;) So let's dive in.

Installing Raspbian Lite on RaspberryPi

If you are in a possession of any model of raspberry pi, and it is sitting in the drawer doing nothing (like it was a case with mine), you can put it to good and practical use.

I bought my piece of raspberry pi almost two years ago, it is a RaspberyPi 2 model B+. But any other variant will do, as the things we are going to install and configure will be working fine on any.

I have equipped mine with a 32GB SD card but a 16GB will suffice as well.

For to the image to be flashed to the SD card I've chosen Raspbian Lite, it's smaller in size, saving space on our sd card, and we don't need GUI for our purposes, since the most of the configuration we will be performing remotely through the CLI.

Raspbian is officialy supported OS by the Raspberry Pi Foundation, so you can easilly download image or .zip and flash it to the SD card with tool like Etcher as recommended on the docs page of the project.

Installing and configuring Gogs

Gogs is a cross-platform self-hosted git service written in Go.

Before we download it we need to setup a few things which are preruquisite for Gogs, as listed in their documentation those are:

  1. MySQL database (MSSQL and PostgreSQL are also supported, but I've chosen MySQL)

  2. Git (bash) version >= 1.7.1 for both server and client sides

  3. functioning SSH server

Before performing any installs, be sure your system is up-to-date:

sudo apt-get update && sudo apt-get upgrade 

1) After this, we can install and configure MySQL server:

sudo apt-get install mysql-server 

If you were not prompted to enter a password of a root user type:

sudo mysql_secure_installation

You can answer the question as it suits your needs, as long as you have root access to the MySQL server.
In case you want some other user (other than root), to be used for accessing gogs database, you have to grant the permission to the created database or entire permissions.
After accessing MySQL command with:

sudo mysql -u root -p

and entering root's password, perform:

GRANT ALL PRIVILEGES ON *.* TO 'raspberryuser'@'localhost' IDENTIFIED BY 'password'; 

Now, while we are at the MySQL prompt, we can create a gogs database with appropriate collation:

CREATE DATABASE IF NOT EXISTS gogs COLLATE utf8_general_ci ; 

2) Now, make sure you have installed git on your pi, by simple running:

sudo apt-get install git

3) As a last prerequisite gogs documentations mentions having functional SSH server. Now, when you run a gogs service it will run it's own SSH server on default port 22. To avoid collision with the system SSH server, the easiest solution is to change port of the system ssh.
You can do that by editing following file:

nano /etc/ssh/sshd_config

Uncomment the line :

#Port 22

and change the port number to something else (ex. 2244).
You will need to restart the ssh service:

service ssh restart

Additionally, allow gogs to bind as privileged port, perform:

sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/gogs

Finally, now we can download gogs, simply perform :

wget https://dl.gogs.io/0.11.53/gogs_0.11.53_raspi2_armv6.zip 

in the command line. This should download the binary in your current folder.

Extract the contents of the file, and then:

cd extracted_folder 

Execute:

./gogs web  

It should launch the install page of the gogs service, which you can access externally from the web browser, by entering:

http://ip-of-your-raspberrypi:3000 

In my case that was:

http://192.168.0.14:3000 

And you should be prompted with the installation page, that looks like this:

Gogs install page

Fill out the form to match your user and database settings, and the rest of the configuration involving application port, url and log path, as shown below

Gogs install page

and hit 'Install Gogs'. If everything went well, you will probably be redirected to the user login page. However, "locahost" will be used for hostname, so replace it with your pi's IP address, so you can create account on your new installation of gogs.

Replace localhost with ip

Gogs sign in page

Now you can click "Sign up now" to create your new account.

Gogs sign up page

Now you can login with your newly created account, and start creating repos!

Gogs dashboard

Now, we don't want to launch gogs with ./gogs web everytime we lost ssh connection with our pi, it would be good to run gogs as daemon, so it's runnig in the background and it's always on.

Copy an init.d script from a extracted gogs folder:

 sudo cp /home/malina/gogs/scripts/init/debian/gogs /etc/init.d/gogs

and modify WORKING_DIR and USER

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Gogs"
NAME=gogs
SERVICEVERBOSE=yes
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
WORKINGDIR=/home/malina/gogs
DAEMON=$WORKINGDIR/$NAME
DAEMON_ARGS="web"
USER=malina

Now we should make it run automatically on boot time with:

sudo chmod ug+x /etc/init.d/gogs

And to make sure it starts after the database server:

sudo update-rc.d gogs defaults 98

We can start gogs as any service with:

sudo service gogs start

If it for some reason service failed to start, perform reboot and then try again.

Additionally, you can configure port forwarding on your home router, so you can access your private github even when you are not at home.

And that's it, now you have your own private github!

Go push some code! ;)


Originally published at http://bojana.dev

Discussion

pic
Editor guide
Collapse
johnbwoodruff profile image
John Woodruff

Cool project if you want to do something with a raspberry pi. For myself, I use GitLab which let's you have unlimited private repos, any number of contributors. (as opposed to the 5 collaborator limit of bitbucket) Lots of other cool stuff too like GitLab CI built in.

Collapse
bojana_dev profile image
Bojana Dejanović Author

Yes, I guess I was more keen to put RPi to some good use, and stumbled on the idea to set up private repos, while started working on some side project that I didn’t wanted to be public on github.

Collapse
johnbwoodruff profile image
John Woodruff

Definitely, I'm often looking for something fun to experiment with on my pi. :) Great article, very cool.

Thread Thread
bojana_dev profile image
Bojana Dejanović Author

Me too, but no free time :)
Thanks :)

Collapse
wegesdal profile image
wegesdal

On my raspberry pi with Stretch there was a difference when editing the ssh configuration file:

nano /etc/ssh/sshd.config

should be

nano /etc/ssh/sshd_config

Just thought I'd share in case someone else has the same issue.

Collapse
bojana_dev profile image
Bojana Dejanović Author

You are right, I have corrected the path in article. Thanks!

Collapse
sproggit profile image
sproggit

This is a really excellent guide; thank you for taking the trouble to create and post it.

However, I won't (unfortunately) be following it... I was reading through and I got to the part where you talk about the need to change the default port of SSH, because Gogs wants to run its own SSH service on port 22...

This is is a really, really, really bad idea.

TCP ports below 1023 are known as "well known ports" and are configured consistently across virtually all devices and systems that support the TCP/IP protocol stack. Having any third party package seek to over-ride a default port in this way is dangerous and should tell us all something about the authors of this software.

I am not claiming or suggesting that Gogs is in any way malicious. However, when a piece of (user-space) software asks you to compromise the integrity and security of a system so that it can be installed and run, you should be asking yourself why it is doing this?

Were the Gogs developers just lazy? Did they not want to use a custom port for their SSH access? If so, that's bad practice right there.

Did they not realize that this is poor practice? If so, how many other poor security decisions have they made?

I don't want my comments to be seen as critical of the article [which is clear and very well written] or the operational functionality of Gogs [on which I have no information to base a view], but I hope this comment will encourage readers to think about the software installation / configuration process a bit more carefully...

Each time you are asked to make a non-default configuration setting on your computer, you are taking a risk. Eventually, you may become so accustomed to this that you stop seeing non-default settings like this as a risk, and implement a requested change that has far more serious consequences... So it helps to have an understanding of the risks and consequences.

Be aware. Be safe.

Collapse
cipi1965 profile image
Matteo Piccina

Mm, check Gitea instead of Gogs, it is a community driven fork, data compatible, of Gogs

Collapse
bojana_dev profile image
Bojana Dejanović Author

Will do. ;) What benefits over Gogs you think it has?

Collapse
cipi1965 profile image
Collapse
gaxx0r profile image
gaxx0r

I love this setup. Backup is really not a problem. I'm using duplicati for scheduled encrypted daily backups and uploading for all my sensitive stuff to my separate Gmail account. There are also many different tools available for backups - rsync, rclone just to name a few. I really like the idea of setting things up myself - you learn way more about how this stuff works. Thank you!

Collapse
pilskalns profile image
Andžs

Bitbucket has free private repros.

Self hosted git on RPi is really cool, but needs backups and security updates. Otherwise, almost no point having local (network) backup with no real backup :)

Collapse
bojana_dev profile image
Bojana Dejanović Author

Yes, although you could set up something yourself, but I get your point. Nevertheless, I guess for small projects where you are usually working alone, it’s not a bad option ;) That’s how I got idea to set up something on RPi

Collapse
pilskalns profile image
Andžs

To my sense it's opposite - on a small project use online 3rd party services - no hassle, no worries. Code will be there even after many years.

On a large project (where SLA doesn't satisfy some of the needs/performance) - use in-house git server.

P.S. I am not against RPi's, owning few of them myself.

Thread Thread
bojana_dev profile image
Bojana Dejanović Author

I guess that make sense, no hassle, just use it for small scale. I think I was lead by the fact - it can be done, I’m gonna try and do it :)