Stop Feeding the Cloud: How to Build a Fortified Git Server in Norway
Let’s be honest: if you are still clinging to Subversion in 2011, you are actively hurting your team's productivity. The world has moved to Distributed Version Control Systems (DVCS). But moving to Git often brings a dilemma: do you trust your proprietary code to a US-based cloud host, or do you take control?
With the Patriot Act looming over US-hosted data, European CTOs and lead developers are rightly paranoid. If your servers aren't physically located here in Norway—or at least within the EEA—you don't truly own your data. Today, we are going to build a production-grade Git server on a CoolVDS KVM instance, ensuring your intellectual property stays under Norwegian jurisdiction.
The Architecture: Why SSH and Gitolite?
You could use git-daemon, but that provides zero encryption. You could just use standard Unix accounts, but managing users becomes a nightmare when your team scales beyond three people. The solution is Gitolite. It sits on top of SSH, allowing you to define granular access control lists (ACLs) without giving every developer a shell account on your production server.
This setup relies on low latency. Every git push involves a lot of back-and-forth chatter. If your server is in Texas and your dev team is in Oslo, you will feel the lag. Hosting on a VPS in Norway minimizes round-trip time to the NIX (Norwegian Internet Exchange), making pulls and pushes feel instantaneous.
Step 1: The Foundation
I assume you have provisioned a fresh instance of Ubuntu 10.04 LTS (Lucid Lynx) or 11.04. At CoolVDS, we prefer KVM virtualization over OpenVZ for this; Git can be memory-intensive during garbage collection (git gc), and having guaranteed RAM without "burst" limitations is critical for stability.
First, update your system and install the essentials:
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install git-core openssh-serverStep 2: Preparing the Environment
We need a dedicated user to handle the repositories. Don't run this as root.
$ sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git gitNow, on your local machine (your workstation), generate an SSH key pair if you haven't already. This will be the admin key.
# On your local workstation
$ ssh-keygen -t rsa -f ~/.ssh/git_adminCopy the public key to your new CoolVDS server:
$ scp ~/.ssh/git_admin.pub root@:/tmp/git_admin.pub Step 3: Installing Gitolite
Back on the server, we install Gitolite from the source. It is cleaner than using stale repo packages.
$ su - git
$ mkdir -p ~/bin
$ git clone git://github.com/sitaramc/gitolite
$ ./gitolite/install -ln ~/bin
$ ~/bin/gitolite setup -pk /tmp/git_admin.pubIf that returns without errors, your server is ready. The git_admin.pub key now has full rights to configure the server remotely.
Step 4: Managing Access Like a Pro
Here is the beauty of this setup: you never log into the server to add users again. You manage the configuration via Git itself.
On your local machine, clone the admin repo:
$ git clone git@:gitolite-admin
$ cd gitolite-admin Inside, you will find two folders: conf/ and keydir/. To add a new developer (let's call him Per), drop his public key into keydir/per.pub and edit conf/gitolite.conf:
repo project-viking
RW+ = admin
RW = per
R = consultant_oleCommit and push. Gitolite's hooks will automatically update the server's ~/.ssh/authorized_keys file. This is safe, auditable, and compliant with strict internal security policies.
Pro Tip: Git operations involve heavy random I/O, especially when calculating deltas for large pushes. While standard HDDs are cheap, they bottleneck easily under load. For a smooth experience, ensure your VPS provider offers SSD storage or high-performance RAID-10 SAS. CoolVDS nodes are optimized exactly for this I/O profile.
Data Privacy & The "Patriot Act" Factor
Why go through this trouble instead of using a hosted service? Jurisdiction. Under the US Patriot Act, US authorities can demand access to data stored on servers owned by US companies, regardless of where the server is physically located. By hosting on a Norwegian VPS, adhering to Personopplysningsloven, and keeping your keys managed locally, you retain sovereignty over your code.
Latency matters. Jurisdiction matters. Hardware reliability matters.
Don't leave your code infrastructure to chance or foreign whims. Deploy a high-performance, private Git server on CoolVDS today and keep your intellectual property where it belongs: in your hands.