linux - Secure, Private, Local Gitorious -

-

I have to do a local installation that can not be reached outside of my local network, and as secure and private as possible is.

I am not an expert with Linux, of course, I am not an expert with git / gitorious, so a suggestion to improve my installation below will be most useful!

I have:

  • Gitorious installed on a local machine that runs Ubuntu Server 11.04 64-bit with a local encrypted LVM.
  • If someone is curious, then the guitar is used to install.
  • Modify Gitorious to support local IPs as host names
  • In the gitorious.yml:
    • Host field is a local IP (e.g. 192.168.xxx.xxx)
    • public_mode: false
    • only_site_admin_can_create_profile: True
    • hide_http_clone_urls: true
    • The git-daemon was installed but has now been deleted.
    • No ports facing the Internet from router on the machine.

      Both git: // based and http: // based requests normally allow open cloning of repo. Removing guit-daemon and setting hide_http_clone_urls to the wrong seems to have disabled both of them. They save both errors when they try to clone them.

      In case of physical theft with encrypted LVM, the machine is safe and in addition, all clone repos are placed on the encrypted drive on other machines. I have used a custom script on encrypted LVM that fills the hard drive with obscene in case of very unsuccessful attempts.

      My current concerns:

      • There is repo access via git: // and http: // completely disabled?
      • Is there any way of repo access behind SSH safe now?
      • Is there any way to block all requests to all machines, if originating from within the local network, if my router gets annoyed and tries to take revenge against me?
      • If something goes wrong, then what can I do to encrypt or preserve anything?
      • How do I back up the data of Guitarius? Just back up MySQL database and repository directory?

        Thank you.

        If your git-daemon is not running, then no git: // access. Hide_http_clone_urls does not disable HTML, it just does not show links To protect it from unauthorized access, you can block all access to gache.yourdomain.com at apache / nginx.

        You can see my Debian package, which has several default configurations, better documentation available on the Internet:

        The base folder where all the configuration is stored , Like echarch config and others, there are shell scripts that do the default user and other things, just locate the source tree.

        Being more specific about Apache configuring, take a look here:

        For example, if you do not add git.yourserver.com surname, then anyone The GIT should not be able to clone with the HTTP.

        You will also want to see and support the plans you have planned, who will provide real, safe, who can see who can.

        For a question about SSH, I can say that, yes, it is safe and only what will be entered into a public key in your gitorious establishment.

        Regarding the questions of the requests, you can look at one where you can create something like this: 

          Allow all to deny from 192.168.0   
         For backups, you must back up your repository folder and mysql database.

Comments

Post a Comment

Popular posts from this blog

mysql - BLOB/TEXT column 'value' used in key specification without a key length -

-
I have developed an extension which works up to 1.6 on Magren (I'm trying Enterprise Edition, And I think the community is the same problem, because it is the same code). In my install script, I see the $ installer-> gt; CreateEntityTables ($ this- & gt; getTable ('alphanum / info')); The installation is done until it is not in the _text unit table. It crashed there! It turns out that when I log in to SQL and run it via PHPmyadmin, then this error is: Blob / Text column 'value' is used without the key 'key' . I saw the code there, and this is what is trying to create an index on the value column: -> addIndex ($ this- & gt; getIdxName ($ eavTableName, array ( 'attribute_id array (' attribute_id ',' value ')) - & gt; addIndex ($ this- & gt; getIdxName ($ eavTableName, array (' entity_type_id ' , 'Value')), array ('entity_type_id', 'value')) If there is no if statement is n...
Read more

c# - Using Vici cool Storage with monodroid -

-
Oh, for the moment I am not sure how it is officially supported, but for the success of the people Using Monodroid Vic Cool Storage I am able to leave and compile assemblies in my project, but while trying to use some classes, the errors of time have to be gathered. Especially when trying to connect like the example for Mono Touch string dbName = path. Cobain (environment. Gatefolder path (environment specialfolder personal), "mydb.db3"); // The following line will be called coolestation, where is the database, // to make it if it does not exist, and call a delegate that creates the necessary tables (only when the database file was newly created //) CSConfig.SetDB (DbName, true, () => {CSDatabase.ExecuteNonQuery ("Subscriber Integer Primary Key Attribute, Name Text (50) No, Number, Date First Text (30)");); There is no difference when I try to use the methods of CSConfig and when I cscfif If I try to pass 3 aggregates to STDB (3) then I get the invalid ...
Read more

python - referencing a variable in another function? -

-
I am an experienced TCL developer and write my own processes to help myself. I call it a proc i callVar, print out the value of the variable in a certain format, so I know that it is variable and what is the value "set foo 1; putVar foo" result 'foo = "1" I want to do the same thing in Python, but I can not find the answer :( In TCL I use the up command because when I pass the name of the variable, then I can see the value at the top. . I understand that an advanced light in the dragon There is no mechanism of r, but with its introspection capability, I would think that this is something trivial, but I am not getting the answer anywhere. It seems that this should work: and expanded: def foo (): y = "Hello World" printwor ("y") foo () y = "Hello World " You can, but you should not do so if your code is correct If is needed , then there is something wrong with your design, and you should probably use the dictionar...
Read more