If you are by any means involved in any part of the software development process, chances are you have heard or used (or both) git, and for sure - github.
Github is great, you can create free account in no time, and be ready for pushing changes down your repos. There is just one catch - these repositories you are creating on the github are public.
Which is fine, for most uses cases, especially managing and maintaining open-source projects.
A lot of big companies have their repos publicly available on github. Companies like Google, Amazon and Microsoft, who recently acquired entire service and is recognized now as a biggest contributor on the whole github platform.
Github have an option for private repositories of course, but it is a paid service, and depending on size of the team and included features, prices vary.
7$/month is not something super pricey, especially if you are using git as a irreplaceable every day tool, whether you are a lone developer or working in a team. And you don't want to mess around with configuring and maintaining a service, you want something that works right "out of the box".
With that said, it is far more interesting (at least for me), if you would install and configure self-hosted git service yourself.
Why? Simply, because you can. :)
All you need is a raspberry pi, and a dozen minutes to spend on reading this how to. ;) So let's dive in.
Installing Raspbian Lite on RaspberryPi
If you are in a possession of any model of raspberry pi, and it is sitting in the drawer doing nothing (like it was a case with mine), you can put it to good and practical use.
I bought my piece of raspberry pi almost two years ago, it is a RaspberyPi 2 model B+. But any other variant will do, as the things we are going to install and configure will be working fine on any.
I have equipped mine with a 32GB SD card but a 16GB will suffice as well.
For to the image to be flashed to the SD card I've chosen Raspbian Lite, it's smaller in size, saving space on our sd card, and we don't need GUI for our purposes, since the most of the configuration we will be performing remotely through the CLI.
Raspbian is officialy supported OS by the Raspberry Pi Foundation, so you can easilly download image or .zip and flash it to the SD card with tool like Etcher as recommended on the docs page of the project.
Installing and configuring Gogs
Gogs is a cross-platform self-hosted git service written in Go.
Before we download it we need to setup a few things which are preruquisite for Gogs, as listed in their documentation those are:
MySQL database (MSSQL and PostgreSQL are also supported, but I've chosen MySQL)
Git (bash) version >= 1.7.1 for both server and client sides
functioning SSH server
Before performing any installs, be sure your system is up-to-date:
sudo apt-get update && sudo apt-get upgrade
1) After this, we can install and configure MySQL server:
sudo apt-get install mysql-server
If you were not prompted to enter a password of a root user type:
sudo mysql_secure_installation
You can answer the question as it suits your needs, as long as you have root access to the MySQL server.
In case you want some other user (other than root), to be used for accessing gogs database, you have to grant the permission to the created database or entire permissions.
After accessing MySQL command with:
sudo mysql -u root -p
and entering root's password, perform:
GRANT ALL PRIVILEGES ON *.* TO 'raspberryuser'@'localhost' IDENTIFIED BY 'password';
Now, while we are at the MySQL prompt, we can create a gogs database with appropriate collation:
CREATE DATABASE IF NOT EXISTS gogs COLLATE utf8_general_ci ;
2) Now, make sure you have installed git on your pi, by simple running:
sudo apt-get install git
3) As a last prerequisite gogs documentations mentions having functional SSH server. Now, when you run a gogs service it will run it's own SSH server on default port 22. To avoid collision with the system SSH server, the easiest solution is to change port of the system ssh.
You can do that by editing following file:
nano /etc/ssh/sshd_config
Uncomment the line :
#Port 22
and change the port number to something else (ex. 2244).
You will need to restart the ssh service:
service ssh restart
Additionally, allow gogs to bind as privileged port, perform:
sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/gogs
Finally, now we can download gogs, simply perform :
wget https://dl.gogs.io/0.11.53/gogs_0.11.53_raspi2_armv6.zip
in the command line. This should download the binary in your current folder.
Extract the contents of the file, and then:
cd extracted_folder
Execute:
./gogs web
It should launch the install page of the gogs service, which you can access externally from the web browser, by entering:
http://ip-of-your-raspberrypi:3000
In my case that was:
http://192.168.0.14:3000
And you should be prompted with the installation page, that looks like this:
Fill out the form to match your user and database settings, and the rest of the configuration involving application port, url and log path, as shown below
and hit 'Install Gogs'. If everything went well, you will probably be redirected to the user login page. However, "locahost" will be used for hostname, so replace it with your pi's IP address, so you can create account on your new installation of gogs.
Now you can click "Sign up now" to create your new account.
Now you can login with your newly created account, and start creating repos!
Now, we don't want to launch gogs with ./gogs web everytime we lost ssh connection with our pi, it would be good to run gogs as daemon, so it's runnig in the background and it's always on.
Copy an init.d script from a extracted gogs folder:
sudo cp /home/malina/gogs/scripts/init/debian/gogs /etc/init.d/gogs
and modify WORKING_DIR and USER
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Gogs"
NAME=gogs
SERVICEVERBOSE=yes
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
WORKINGDIR=/home/malina/gogs
DAEMON=$WORKINGDIR/$NAME
DAEMON_ARGS="web"
USER=malina
Now we should make it run automatically on boot time with:
sudo chmod ug+x /etc/init.d/gogs
And to make sure it starts after the database server:
sudo update-rc.d gogs defaults 98
We can start gogs as any service with:
sudo service gogs start
If it for some reason service failed to start, perform reboot and then try again.
Additionally, you can configure port forwarding on your home router, so you can access your private github even when you are not at home.
And that's it, now you have your own private github!
Go push some code! ;)
Originally published at http://bojana.dev
Top comments (15)
Cool project if you want to do something with a raspberry pi. For myself, I use GitLab which let's you have unlimited private repos, any number of contributors. (as opposed to the 5 collaborator limit of bitbucket) Lots of other cool stuff too like GitLab CI built in.
Yes, I guess I was more keen to put RPi to some good use, and stumbled on the idea to set up private repos, while started working on some side project that I didn’t wanted to be public on github.
Definitely, I'm often looking for something fun to experiment with on my pi. :) Great article, very cool.
Me too, but no free time :)
Thanks :)
On my raspberry pi with Stretch there was a difference when editing the ssh configuration file:
nano /etc/ssh/sshd.config
should be
nano /etc/ssh/sshd_config
Just thought I'd share in case someone else has the same issue.
You are right, I have corrected the path in article. Thanks!
This is a really excellent guide; thank you for taking the trouble to create and post it.
However, I won't (unfortunately) be following it... I was reading through and I got to the part where you talk about the need to change the default port of SSH, because Gogs wants to run its own SSH service on port 22...
This is is a really, really, really bad idea.
TCP ports below 1023 are known as "well known ports" and are configured consistently across virtually all devices and systems that support the TCP/IP protocol stack. Having any third party package seek to over-ride a default port in this way is dangerous and should tell us all something about the authors of this software.
I am not claiming or suggesting that Gogs is in any way malicious. However, when a piece of (user-space) software asks you to compromise the integrity and security of a system so that it can be installed and run, you should be asking yourself why it is doing this?
Were the Gogs developers just lazy? Did they not want to use a custom port for their SSH access? If so, that's bad practice right there.
Did they not realize that this is poor practice? If so, how many other poor security decisions have they made?
I don't want my comments to be seen as critical of the article [which is clear and very well written] or the operational functionality of Gogs [on which I have no information to base a view], but I hope this comment will encourage readers to think about the software installation / configuration process a bit more carefully...
Each time you are asked to make a non-default configuration setting on your computer, you are taking a risk. Eventually, you may become so accustomed to this that you stop seeing non-default settings like this as a risk, and implement a requested change that has far more serious consequences... So it helps to have an understanding of the risks and consequences.
Be aware. Be safe.
Mm, check Gitea instead of Gogs, it is a community driven fork, data compatible, of Gogs
Will do. ;) What benefits over Gogs you think it has?
docs.gitea.io/en-us/comparison/ Here you go :)
I love this setup. Backup is really not a problem. I'm using duplicati for scheduled encrypted daily backups and uploading for all my sensitive stuff to my separate Gmail account. There are also many different tools available for backups - rsync, rclone just to name a few. I really like the idea of setting things up myself - you learn way more about how this stuff works. Thank you!
Some comments may only be visible to logged-in visitors. Sign in to view all comments.