How to secure the git repo on a live server












1















Reading all the tutorials and articles on the internet. As a simple workflow, I have understood that we can create a bare repository on our live server and push updates to it from the local repo etc.



My question and concern is that since the live server will also be a Git repo and it would have the .git folder, Wouldn't that be a security problem? How to prevent access to it?



Update



Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?










share|improve this question





























    1















    Reading all the tutorials and articles on the internet. As a simple workflow, I have understood that we can create a bare repository on our live server and push updates to it from the local repo etc.



    My question and concern is that since the live server will also be a Git repo and it would have the .git folder, Wouldn't that be a security problem? How to prevent access to it?



    Update



    Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?










    share|improve this question



























      1












      1








      1


      1






      Reading all the tutorials and articles on the internet. As a simple workflow, I have understood that we can create a bare repository on our live server and push updates to it from the local repo etc.



      My question and concern is that since the live server will also be a Git repo and it would have the .git folder, Wouldn't that be a security problem? How to prevent access to it?



      Update



      Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?










      share|improve this question
















      Reading all the tutorials and articles on the internet. As a simple workflow, I have understood that we can create a bare repository on our live server and push updates to it from the local repo etc.



      My question and concern is that since the live server will also be a Git repo and it would have the .git folder, Wouldn't that be a security problem? How to prevent access to it?



      Update



      Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?







      git






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 24 '12 at 4:43







      M. Ahmad Zafar

















      asked Nov 24 '12 at 4:20









      M. Ahmad ZafarM. Ahmad Zafar

      3,44332241




      3,44332241
























          3 Answers
          3






          active

          oldest

          votes


















          4














          You may want to consider separating the repository and the working tree.



          For example, somewhere outside of the folder served by your Web server, run git init --bare. Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).



          [core]
          repositoryformatversion = 0
          filemode = true
          bare = false
          worktree = /path/to/web/root
          [receive]
          denycurrentbranch = ignore


          Finally add hooks/post-receive with the following contents and mark it executable



          #!/bin/sh
          git checkout -f


          Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.






          share|improve this answer
























          • If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

            – M. Ahmad Zafar
            Nov 24 '12 at 5:40











          • Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

            – Michael Mior
            Nov 24 '12 at 18:58











          • I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

            – Michael Mior
            Nov 15 '16 at 15:49



















          0














          Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.



          Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.



          There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit. Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.






          share|improve this answer
























          • Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

            – M. Ahmad Zafar
            Nov 24 '12 at 4:43











          • You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

            – mvp
            Nov 24 '12 at 4:47



















          0














          Love the accepted answer, great example of the use of git hooks.



          How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.



          With the use of helper scripts, and git aliases, of course.



          I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin)
          and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.



          I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)



          I guess with hooks you could also manage the installation/decompression into the "live" directory...



          EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)






          share|improve this answer

























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f13538226%2fhow-to-secure-the-git-repo-on-a-live-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            4














            You may want to consider separating the repository and the working tree.



            For example, somewhere outside of the folder served by your Web server, run git init --bare. Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).



            [core]
            repositoryformatversion = 0
            filemode = true
            bare = false
            worktree = /path/to/web/root
            [receive]
            denycurrentbranch = ignore


            Finally add hooks/post-receive with the following contents and mark it executable



            #!/bin/sh
            git checkout -f


            Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.






            share|improve this answer
























            • If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

              – M. Ahmad Zafar
              Nov 24 '12 at 5:40











            • Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

              – Michael Mior
              Nov 24 '12 at 18:58











            • I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

              – Michael Mior
              Nov 15 '16 at 15:49
















            4














            You may want to consider separating the repository and the working tree.



            For example, somewhere outside of the folder served by your Web server, run git init --bare. Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).



            [core]
            repositoryformatversion = 0
            filemode = true
            bare = false
            worktree = /path/to/web/root
            [receive]
            denycurrentbranch = ignore


            Finally add hooks/post-receive with the following contents and mark it executable



            #!/bin/sh
            git checkout -f


            Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.






            share|improve this answer
























            • If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

              – M. Ahmad Zafar
              Nov 24 '12 at 5:40











            • Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

              – Michael Mior
              Nov 24 '12 at 18:58











            • I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

              – Michael Mior
              Nov 15 '16 at 15:49














            4












            4








            4







            You may want to consider separating the repository and the working tree.



            For example, somewhere outside of the folder served by your Web server, run git init --bare. Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).



            [core]
            repositoryformatversion = 0
            filemode = true
            bare = false
            worktree = /path/to/web/root
            [receive]
            denycurrentbranch = ignore


            Finally add hooks/post-receive with the following contents and mark it executable



            #!/bin/sh
            git checkout -f


            Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.






            share|improve this answer













            You may want to consider separating the repository and the working tree.



            For example, somewhere outside of the folder served by your Web server, run git init --bare. Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).



            [core]
            repositoryformatversion = 0
            filemode = true
            bare = false
            worktree = /path/to/web/root
            [receive]
            denycurrentbranch = ignore


            Finally add hooks/post-receive with the following contents and mark it executable



            #!/bin/sh
            git checkout -f


            Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 24 '12 at 5:36









            Michael MiorMichael Mior

            21.6k66292




            21.6k66292













            • If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

              – M. Ahmad Zafar
              Nov 24 '12 at 5:40











            • Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

              – Michael Mior
              Nov 24 '12 at 18:58











            • I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

              – Michael Mior
              Nov 15 '16 at 15:49



















            • If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

              – M. Ahmad Zafar
              Nov 24 '12 at 5:40











            • Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

              – Michael Mior
              Nov 24 '12 at 18:58











            • I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

              – Michael Mior
              Nov 15 '16 at 15:49

















            If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

            – M. Ahmad Zafar
            Nov 24 '12 at 5:40





            If I understood it correctly, its a normal repo but instead of have a .git folder inside a the web directory, the .git is placed in another directory lets say named git_config ??

            – M. Ahmad Zafar
            Nov 24 '12 at 5:40













            Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

            – Michael Mior
            Nov 24 '12 at 18:58





            Exactly. And you would place the git_config directory somewhere outside of the directory served by your web server. Then there's no risk of this being exposed.

            – Michael Mior
            Nov 24 '12 at 18:58













            I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

            – Michael Mior
            Nov 15 '16 at 15:49





            I realized I used the phrase "no risk of this being exposed." Of course it's still possible that someone compromises your web server through other means and accesses the repository data. But this does at least prevent your web server from actively serving it.

            – Michael Mior
            Nov 15 '16 at 15:49













            0














            Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.



            Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.



            There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit. Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.






            share|improve this answer
























            • Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

              – M. Ahmad Zafar
              Nov 24 '12 at 4:43











            • You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

              – mvp
              Nov 24 '12 at 4:47
















            0














            Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.



            Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.



            There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit. Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.






            share|improve this answer
























            • Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

              – M. Ahmad Zafar
              Nov 24 '12 at 4:43











            • You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

              – mvp
              Nov 24 '12 at 4:47














            0












            0








            0







            Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.



            Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.



            There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit. Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.






            share|improve this answer













            Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.



            Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.



            There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit. Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 24 '12 at 4:28









            mvpmvp

            72.3k887123




            72.3k887123













            • Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

              – M. Ahmad Zafar
              Nov 24 '12 at 4:43











            • You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

              – mvp
              Nov 24 '12 at 4:47



















            • Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

              – M. Ahmad Zafar
              Nov 24 '12 at 4:43











            • You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

              – mvp
              Nov 24 '12 at 4:47

















            Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

            – M. Ahmad Zafar
            Nov 24 '12 at 4:43





            Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

            – M. Ahmad Zafar
            Nov 24 '12 at 4:43













            You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

            – mvp
            Nov 24 '12 at 4:47





            You could change apache .htaccess to contain RewriteEngine On, RewriteRule ^(.*/)?.git+ - [F,L] - this will forbid serving git internals over the web. See more here serverfault.com/questions/128069/…

            – mvp
            Nov 24 '12 at 4:47











            0














            Love the accepted answer, great example of the use of git hooks.



            How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.



            With the use of helper scripts, and git aliases, of course.



            I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin)
            and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.



            I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)



            I guess with hooks you could also manage the installation/decompression into the "live" directory...



            EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)






            share|improve this answer






























              0














              Love the accepted answer, great example of the use of git hooks.



              How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.



              With the use of helper scripts, and git aliases, of course.



              I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin)
              and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.



              I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)



              I guess with hooks you could also manage the installation/decompression into the "live" directory...



              EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)






              share|improve this answer




























                0












                0








                0







                Love the accepted answer, great example of the use of git hooks.



                How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.



                With the use of helper scripts, and git aliases, of course.



                I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin)
                and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.



                I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)



                I guess with hooks you could also manage the installation/decompression into the "live" directory...



                EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)






                share|improve this answer















                Love the accepted answer, great example of the use of git hooks.



                How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.



                With the use of helper scripts, and git aliases, of course.



                I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin)
                and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.



                I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)



                I guess with hooks you could also manage the installation/decompression into the "live" directory...



                EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 21 '18 at 14:43

























                answered Nov 21 '18 at 14:29









                Agnes K. CathexAgnes K. Cathex

                279




                279






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f13538226%2fhow-to-secure-the-git-repo-on-a-live-server%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    'app-layout' is not a known element: how to share Component with different Modules

                    android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

                    WPF add header to Image with URL pettitions [duplicate]