From cf84dc5d2b33e86f5ddcef4346e9714167a989d2 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 19 Oct 2008 18:33:59 -0400 Subject: initial tip submission --- ...pository_and_web_server_on_different_hosts.mdwn | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn (limited to 'doc/tips') diff --git a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn new file mode 100644 index 000000000..20c6cf1d3 --- /dev/null +++ b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn @@ -0,0 +1,61 @@ +One may want to provide ikiwiki hosting with git+ssh access and web +server located at different hosts. Here's a description for such +a setup, using password-less SSH as a way of communication between +these two hosts. + +Git server +========== + +Let's create a user called `ikiwiki_example`. This user gets SSH +access restricted to GIT pull/push, using `git-shell` as a shell. + +The root (bare) repository: + +- is stored in `~ikiwki_example/ikiwiki_example.git` +- is owned by `ikiwiki_example:ikiwiki_example` +- has permissions 0700 + +The master repository's post-update hook connects via SSH to +`webserver` as user `ikiwiki_example`, in order to run +`~/bin/ikiwiki.update` on `webserver`; this post-update hook, located +in `~ikiwki_example/ikiwiki_example.git/hooks/post-update`, is +executable and contains: + + #!/bin/sh + /usr/bin/ssh ikiwiki_amnesia@www bin/ikiwiki.update + +Password-less SSH must be setup to make this possible; one can +restrict `gitserver:ikiwiki_example` to be able to run only the needed +command on the web server, using such a line in +`webserver:~ikiwiki_example/.ssh/authorized_keys`: + + command="bin/ikiwiki.update",from="vcs.example.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ... + +Web server +========== + +Let's create a user called `ikiwiki_example` on `webserver`. She needs +to have write permission to the destination directory. + +The working tree repository (`srcdir`): + +- is stored in `~ikiwki_example/src` +- is owned by `ikiwiki_example:ikiwiki_example` +- has permissions 0700 +- has the following origin: `ikiwiki_example@gitserver:ikiwiki_example.git` + +The CGI wrapper is generated with ownership set to +`ikiwiki_example:ikiwiki_example` and permissions `06755`. + +Password-less SSH must be setup so that `ikiwiki_example@webserver` is +allowed to push to the master repository. As told earlier, SSH access +to `ikiwiki_example@gitserver` is restricted to GIT pull/push, which +is just what we need. + +The Git wrapper is generated in `~ikiwiki_example/bin/ikiwiki.update`: + + git_wrapper => '/home/ikiwiki_example/bin/ikiwiki.update' + +As previously explained, this wrapper is run over SSH by the master +repository's post-update hook; it pulls updates from the master +repository and triggers a wiki refresh. -- cgit v1.2.3 From 9f7298d4fe172d54bcdd94ed43e42aee08aecb8f Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 19 Oct 2008 18:45:38 -0400 Subject: linked to rcs/git to be in the backlinks --- doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/tips') diff --git a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn index 20c6cf1d3..eb1583b08 100644 --- a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn +++ b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn @@ -1,4 +1,4 @@ -One may want to provide ikiwiki hosting with git+ssh access and web +One may want to provide ikiwiki hosting with [[rcs/git]]+ssh access and web server located at different hosts. Here's a description for such a setup, using password-less SSH as a way of communication between these two hosts. -- cgit v1.2.3 From d8e653e6847aa626ca18cb5444f96dbc5325aaae Mon Sep 17 00:00:00 2001 From: "http://xma.myopenid.com/" Date: Sun, 19 Oct 2008 19:20:19 -0400 Subject: Webserver, why ? --- doc/tips/laptop_wiki_with_git/discussion.mdwn | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc/tips') diff --git a/doc/tips/laptop_wiki_with_git/discussion.mdwn b/doc/tips/laptop_wiki_with_git/discussion.mdwn index 234833ca7..3f2643a65 100644 --- a/doc/tips/laptop_wiki_with_git/discussion.mdwn +++ b/doc/tips/laptop_wiki_with_git/discussion.mdwn @@ -5,3 +5,5 @@ Or, was this last remark about rebuilding after pulling meant to apply to rebuil [[DavidBremner]] * *Updated* Now that I play with this a bit, this seems not so important. Having a seperate sync operation that I run from the laptop is no big deal, and lets me update the parts of my site not yet managed by ikiwiki at the same time. + +* Ok, I have finally finished to set this up. I have a question for you :) Is it mandatory to have a locally running webserver on the laptop ? I mean, do I need to setup the CGI wrapper on the laptop ? Is it possible to just add/edit/delete/whatever, git commit all the stuff and git push back to the server ? Thank you. --[[xma]] -- cgit v1.2.3 From 3f8eb12b5f3a807ccfcc17fb6dca4788a8284029 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 19 Oct 2008 19:28:25 -0400 Subject: response --- doc/tips/laptop_wiki_with_git/discussion.mdwn | 3 +++ 1 file changed, 3 insertions(+) (limited to 'doc/tips') diff --git a/doc/tips/laptop_wiki_with_git/discussion.mdwn b/doc/tips/laptop_wiki_with_git/discussion.mdwn index 3f2643a65..6ce72ae7b 100644 --- a/doc/tips/laptop_wiki_with_git/discussion.mdwn +++ b/doc/tips/laptop_wiki_with_git/discussion.mdwn @@ -7,3 +7,6 @@ Or, was this last remark about rebuilding after pulling meant to apply to rebuil * *Updated* Now that I play with this a bit, this seems not so important. Having a seperate sync operation that I run from the laptop is no big deal, and lets me update the parts of my site not yet managed by ikiwiki at the same time. * Ok, I have finally finished to set this up. I have a question for you :) Is it mandatory to have a locally running webserver on the laptop ? I mean, do I need to setup the CGI wrapper on the laptop ? Is it possible to just add/edit/delete/whatever, git commit all the stuff and git push back to the server ? Thank you. --[[xma]] + +> Of course you don't need a web server on the laptop. It is useful for +> previewing pages before publishing them though. --[[Joey]] -- cgit v1.2.3 From 3d8a6fa447587be7023d24319c5f775919777bad Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 19 Oct 2008 19:47:19 -0400 Subject: fix example --- doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/tips') diff --git a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn index eb1583b08..7fb883b10 100644 --- a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn +++ b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn @@ -22,7 +22,7 @@ in `~ikiwki_example/ikiwiki_example.git/hooks/post-update`, is executable and contains: #!/bin/sh - /usr/bin/ssh ikiwiki_amnesia@www bin/ikiwiki.update + /usr/bin/ssh ikiwiki_example@www bin/ikiwiki.update Password-less SSH must be setup to make this possible; one can restrict `gitserver:ikiwiki_example` to be able to run only the needed -- cgit v1.2.3 From 991c1b096b3f21e99352e43e6c2615df9dae1331 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 19 Oct 2008 19:48:14 -0400 Subject: some more example bugfixes --- doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/tips') diff --git a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn index 7fb883b10..58940b89f 100644 --- a/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn +++ b/doc/tips/Git_repository_and_web_server_on_different_hosts.mdwn @@ -22,14 +22,14 @@ in `~ikiwki_example/ikiwiki_example.git/hooks/post-update`, is executable and contains: #!/bin/sh - /usr/bin/ssh ikiwiki_example@www bin/ikiwiki.update + /usr/bin/ssh ikiwiki_example@webserver bin/ikiwiki.update Password-less SSH must be setup to make this possible; one can restrict `gitserver:ikiwiki_example` to be able to run only the needed command on the web server, using such a line in `webserver:~ikiwiki_example/.ssh/authorized_keys`: - command="bin/ikiwiki.update",from="vcs.example.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ... + command="bin/ikiwiki.update",from="gitserver.example.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ... Web server ========== -- cgit v1.2.3