blob: 5dca0e025bb64a60d512570bd98878fa83b13d72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
FROM golang:1.23.0-alpine3.20
WORKDIR /usr/src/app
# COPY go.mod go.sum ./
COPY go.mod .
RUN go mod download && go mod verify
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/app .
FROM alpine:latest
# Install necessary packages
RUN apk add --no-cache git openssh bash cgit nginx fcgiwrap spawn-fcgi
# Create a directory for the Git repositories
# RUN mkdir -p /git-server/repos
COPY cgit/nginx.conf /etc/nginx/http.d/default.conf
COPY cgit/cgitrc /etc/cgitrc
EXPOSE 80
# Create a user for running the Git server with git-shell as the default shell
RUN addgroup -S git && adduser -S git -G git -s /bin/bash && echo "git:*" | chpasswd -e
# Set the working directory
#WORKDIR /git-server
# Create SSH directory, authorized_keys file, and set permissions
RUN mkdir -p /home/git/.ssh \
&& chmod 700 /home/git/.ssh \
&& chown -R git:git /home/git/.ssh \
&& chown -R git:nginx /home/git
# Add your SSH public key and restrict to git-shell
# RUN echo 'command="/usr/local/bin/git-init-repo.sh %r",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGBUUE8jxGg2bUaPN0+iJY7DLcf1C4E6/5j6AjBN/GTM8IQ0UJzcWj/gapj/tiVrG/iT5IEMiDy3pnzZQcbIugM=' > /home/git/.ssh/authorized_keys \
RUN echo 'command="/usr/local/bin/git-wrapper",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGBUUE8jxGg2bUaPN0+iJY7DLcf1C4E6/5j6AjBN/GTM8IQ0UJzcWj/gapj/tiVrG/iT5IEMiDy3pnzZQcbIugM=' > /home/git/.ssh/authorized_keys \
&& chmod 600 /home/git/.ssh/authorized_keys \
&& chown -R git:git /home/git/.ssh
# Disable password authentication to enforce SSH key-based access
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
# Set MOTD
RUN echo "Connection successful!" > /etc/motd
# Expose SSH port
EXPOSE 22
COPY --from=0 /usr/local/bin/app /usr/local/bin/git-wrapper
# COPY git-wrapper.sh /usr/local/bin/git-wrapper
# RUN chmod +x /usr/local/bin/git-wrapper
# Copy the entrypoint script
COPY entrypoint.sh /entrypoint.sh
# Make the entrypoint script executable
RUN chmod +x /entrypoint.sh
# Set the entrypoint
ENTRYPOINT ["/entrypoint.sh"]
|
