Stop Renting Your Code: Build a Secure Private Git Server with Gitosis
If I have to resolve one more "Tree Conflict" in Subversion, I might just pull the power cord on the rack. It’s 2009. The days of centralized, locking version control systems are numbered. Linus Torvalds gave us Git, and it's time we actually used it for more than just kernel hacking.
But here is the problem. Public services like GitHub are gaining traction, but do you really want your proprietary intellectual property sitting on a server in San Francisco? Between the latency and the legal grey areas of the US Patriot Act, it’s a risk for any serious Norwegian software house.
You need your own box. You need full control. And you need it to be fast.
Why Hosting Your Own Git Server Matters
Git is a Distributed Version Control System (DVCS). It’s designed to be fast, but the network still plays a role. When your team in Oslo runs git push, you don't want those packets traveling across the Atlantic. Physics is physics. A round trip to the US West Coast is 150ms+. A round trip to a CoolVDS instance in our Oslo datacenter? Sub-10ms.
Furthermore, we have the Norwegian Personal Data Act (Personopplysningsloven) and the Datatilsynet to consider. Keeping your commit logs—which often contain developer emails and names—inside the EEA/Norway is just good compliance.
The Architecture: Ubuntu + Gitosis
We aren't going to use a heavy web interface. They are slow and vulnerable. We are going to use Gitosis. It manages authorized_keys for you and creates a clean, secure way to host multiple repositories under a single SSH user.
Prerequisites
- A CoolVDS Virtual Dedicated Server (I recommend at least 512MB RAM for caching, running Ubuntu 8.04 LTS Hardy Heron).
- Root access.
- Your local public SSH key (
~/.ssh/id_rsa.pub).
Pro Tip: Do not try this on a cheap shared hosting plan or an oversold OpenVZ container. Git can be memory intensive during large garbage collection (git gc) operations. CoolVDS uses Xen virtualization, ensuring your RAM is actually yours. If the kernel says you have 512MB, you have 512MB.
Step 1: Prepare the Server
Log into your CoolVDS instance. First, let's make sure our package lists are fresh. We need python-setuptools to install Gitosis.
$ sudo apt-get update
$ sudo apt-get install git-core python-setuptools
Step 2: Get Gitosis
Gitosis isn't in the default apt repositories for Hardy Heron yet, so we pull the source. This ensures we have the latest version.
$ cd /tmp
$ git clone git://eagain.net/gitosis.git
$ cd gitosis
$ sudo python setup.py install
Step 3: Create the Git User
Security 101: Never run services as root. We create a dedicated user for git. This user will not have a password; access is controlled strictly via SSH keys managed by Gitosis.
$ sudo adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /home/git git
Step 4: Initialize the Key Ring
Upload your local machine's public key to the server (use scp). Let’s assume you put it at /tmp/id_rsa.pub.
Now, initialize Gitosis using that key. This makes you the admin.
$ sudo -H -u git gitosis-init < /tmp/id_rsa.pub
Set the permissions correctly on the post-update hook script, or you'll run into execution errors later:
$ sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Step 5: Configuring Your Repos (The Magic Part)
Here is the beauty of this setup. You don't log into the server to create new repos anymore. You do it via Git itself.
On your local machine:
$ git clone git@YOUR_COOLVDS_IP:gitosis-admin.git
$ cd gitosis-admin
You will see a file named gitosis.conf. Open it. It looks like this:
[group gitosis-admin]
members = your_username
writable = gitosis-admin
To add a new project called "backend-api" for your team:
[group developers]
members = your_username johndoe sven
writable = backend-api
Commit and push this change. Gitosis automatically creates the repository on the server. No manual mkdir needed.
Performance: The Disk I/O Factor
Git is incredibly efficient, but it hits the disk hard when calculating deltas for large pushes. Most budget VPS providers host you on a single SATA drive shared with 50 other angry neighbors. When they start compiling code, your git push hangs.
This is where hardware architecture matters. At CoolVDS, we run RAID-10 Enterprise SAS arrays (15k RPM). The I/O throughput is massive compared to standard 7.2k SATA drives. RAID-10 gives you the striping speed of RAID-0 with the mirroring redundancy of RAID-1. For a version control server where data integrity is paramount, you cannot settle for less.
Summary of Benefits
| Feature | Shared Hosting | CoolVDS (Xen) |
|---|---|---|
| Isolation | None (One bad script kills everyone) | Full Kernel Isolation |
| Disk Speed | Slow SATA | 15k RPM SAS RAID-10 |
| Latency to Oslo | Variable (Often routed via Germany) | < 10ms (Local Peering) |
Final Thoughts
Stop emailing tarballs. Stop crying over SVN locks. Setting up a private Git server takes 15 minutes if you know what you are doing. It gives you control over your code, compliance with Norwegian data laws, and the speed your developers need to stay in the "flow state."
Ready to deploy? Spin up a CoolVDS instance today. We provide the raw power; you provide the code.