Table of Contents
Preamble
If you need a reliable yet versatile Git server, Gitblit is for you. It’s super easy to setup, to upgrade, to migrate, to customize, to modify. It uses JGit so your server doesn’t even have to have Git installed. The configuration file’s options are well documented. It has LDAP authentication built-in. It provides you with Groovy scripts for the Git hook mechanism. It allows you to create tickets, a service very similar to GitHub’s pull requests. The maintainer’s one of the most helpful guys I’ve ever met and is super responsive when it comes to bugs. The list goes on and on, I recommend you to just check it out and see if it fits your needs. So without further ado, let’s get into it!
CentOS
As always, perform a minimal install. I recommend using the following partitions:
- /boot: 1GB, standard
- swap: 500MB, LVM
- /: rest, LVM
I recommend ext4. After the installaltion’s complete, perform an initial update:
yum update
Verify your timezone and correct it if needed (change path according to your location):
timedatectl
timedatectl set-timezone Your_Continent/Your_City
Then reboot.
Certificates
Get a Windows workstation (of course, you can do this on Linux, too, but YMMV then). Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 and copy the 2 JARs to jre7\lib\security in your JAVA_HOME (overwrite the existing JARs).
Download the Gitblit GO ZIP and start a cmd in the extracted root directory.
set PATH=%PATH%;c:\Program Files (x86)\Java\jre7\bin
java -cp gitblit.jar com.gitblit.authority.Launcher --baseFolder data
Provide data for defaults, Site name and Validity will suffice. Press OK, then create a new server SSL certificate as well. Make sure the expirity date is long enough. Copy the generated files to the CentOS server (you’ll put them in place later):
data\certs\authority.confdata\certs\ca.cerdata\certs\caKeyStore.p12data\certs\caRevocationList.crldata\serverKeyStore.jksdata\serverTrustStore.jks
Gitblit
Install the JRE:
yum install java-1.7.0-openjdk-headless
Download and install Gitblit GO, then separate the data directory from the install path for easier upgrades:
export GITBLIT_VERSION=1.6.2
wget http://dl.bintray.com/gitblit/releases/gitblit-${GITBLIT_VERSION}.tar.gz
mkdir /opt/gitblit-${GITBLIT_VERSION}
tar xf gitblit-${GITBLIT_VERSION}.tar.gz -C /opt/gitblit-${GITBLIT_VERSION}
cd /opt
ln -s gitblit-${GITBLIT_VERSION} gitblit
mv /opt/gitblit-${GITBLIT_VERSION}/data /opt/gitblit-config
cd /opt/gitblit
ln -s ../gitblit-config data
Also copy the 6 files you generated in the previous step to their appropriate directories under /opt/gitblit-config.
Temporarily enable port 8443 (the default Gitblit HTTPS port) to be accessible through the firewall:
firewall-cmd --add-port=8443/tcp
Test the installation:
java -jar gitblit.jar --baseFolder data
If it works correctly, enable port 80 (the regular HTTP port) to be accessible through the firewall:
firewall-cmd --add-service http --permanent
systemctl restart firewalld.service
Or if you need something other than port 80:
firewall-cmd --add-port 12345 --permanent
systemctl restart firewalld.service
Now set up and customize the installation via gitblit.properties – the options are well documented. Once done, install the Gitblit systemd unit.
Note: if you’re using anything below Gitblit 1.7, use the Git version of install-service-fedora.sh coz it contains crucial fixes.
/opt/gitblit/install-service-fedora.sh
Open /etc/sysconfig/gitblit and modify the GITBLIT_HTTP_PORT and/or GITBLIT_HTTPS_PORT settings according to your needs. If you’re willing to run Gitblit on a port lower than 1024, also open /etc/systemd/system/gitblit and modify it like this:
[Service]
User=root
Group=root
Otherwise create the gitblit user and group:
useradd --home-dir /opt/gitblit --shell /sbin/nologin --user-group --system gitblit
Then reload the unit file and restart Gitblit:
systemctl daemon-reload
systemctl restart gitblit.service
At this point, your Gitblit installation should be complete.
Repo export
In case you need to export the Git repos via NFS (so that Redmine can integrate with them, for example), you’ll have to install the NFS server:
yum install nfs-utils
Then create a new folder for the exports:
mkdir -p /nfs/git
Now the actual repos need to be available here, so make a bind mount:
mount --bind /opt/gitblit-config/git /nfs/git
Also make sure that anonymous users (i.e. NFS clients) will be able to read it (this will change the permissions on the actual repos):
chmod -R 0775 /nfs/git
Add the mount to /etc/fstab so that it will be mounted automatically upon boot:
/opt/gitblit-config/git /nfs/git none bind 0 0
Set up the NFS exports via /etc/exports:
/nfs/git redmine.foo.bar(ro,insecure,sync,wdelay,no_subtree_check,nohide,all_squash)
Open the required ports on the firewall:
firewall-cmd --add-port=111/tcp --permanent
firewall-cmd --add-port=111/udp --permanent
firewall-cmd --add-port=2049/tcp --permanent
firewall-cmd --add-port=2049/udp --permanent
systemctl restart firewalld.service
Finally, restart the NFS server so that the changes get applied. Also, start it automatically upon boot:
systemctl restart nfs-server.service
systemctl enable nfs-server.service
And that’s it, now you should be able to mount the export on the other end with an fstab entry like this:
scm.foo.bar:/nfs/git /opt/git nfs4 auto 0 0
Upgrade
Upgrading Gitblit is rather simple. Check out the new and removed settings in gitblit.properties (these should be mentioned in the release notes) and update your own file accordingly. Then
- Download the new Gitblit tarball and extract it to
/opt/gitblit-VERSION. - Remove the stock data folder and create a symlink to
../gitblit-config. - Stop the Gitblit service with
systemctl stop gitblit.service. - Replace
gitblit.propertieswith your new, updated file. - Modify the
/opt/gitblitsymlink to point to the new release. - Start the Gitblit service with
systemctl start gitblit.service.