Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Hi!

I had a question about the git repositories. We're running cPanel 74.0.9. Are the git repositories private and are they only hosted on our server? Or would anyone have read access to them? We'd rather no one even know we're running a git server on our servers except for the people who have read / write access.

Thanks!
 

cPanelAdamF

cPanel Product Owner
Staff member
Mar 21, 2013
257
73
153
Houston TX
cPanel Access Level
DataCenter Provider
Twitter
By default, git repositories are not shared publicly. There's some nuance to that statement, though.
  • Git repositories are just files on disk and are storied in the file space of your account. As a result, you can delegate access to those git repositories by managing who has access to your account. Additionally, you can control who can push and pull to your repositories by installing their SSH Key on your account.
  • When you create a git repository using the interface in cPanel, we will (by default) place the necessary security files in your repo which will prevent Apache from serving the repository itself if it's ever asked to do so. For example, if you place a git repository in a "document root" of one of your websites, it won't be available for your website users to clone from. (I can explain how to remove this prevention if you like)
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Thank you for the response @cPanelAdamF.

Let me give an example. Let's say I have a user named example with the home directory of /home/example. example has a website installed at /home/example/public_html. I want to create a repository under /home/example/git/website. I know how to create the repository. But I want it so I can view the repository via a web browser, like I do my github repositories. I only want my IPv4 address and let's say one other IPv4 address access, plus an IPv6 range to have access to the repositories web interface, and I want it so no other people can even tell there's a git server running on the server.

I do not just want to deny them access, I want it to look like it doesn't even exist. How would I go about doing that? When I was running a private gitlab server on my server, I used iptables to control access. But gitlab was running on a different port than 80 / 443. Maybe I should just create the repository and see what happens?
 

cPanelAdamF

cPanel Product Owner
Staff member
Mar 21, 2013
257
73
153
Houston TX
cPanel Access Level
DataCenter Provider
Twitter
You've definitely got some special needs here, @Spork Schivago. I encourage you to try and see and report back what progress you make here.

You will likely need iptables in order to hide a public repository in the way you want to have it hidden. I admit I'm not an iptables expert (but I work with many who are).
 
  • Like
Reactions: Spork Schivago

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
You've definitely got some special needs here, @Spork Schivago. I encourage you to try and see and report back what progress you make here.

You will likely need iptables in order to hide a public repository in the way you want to have it hidden. I admit I'm not an iptables expert (but I work with many who are).
I am getting much better with iptables but I still haven't mastered it, that's for sure! I figured most people would be using the repository the way we use it. The plan was to create the website in the repository. Wouldn't most people want that private, for the server side code, that includes database passwords, etc? And although I am sure the cPanel programmers are well aware of writing secure code, there's always a chance some exploitable code sneaks past. With my systems exposed to the internet (where random people can see them), I try to block unused services from them. If they do not have a need to ssh into my server, I'd rather them not even see that an ssh server is running, just so there's possibly one less way of getting unauthorized access to the machine.

Are most people using the repository's for company projects or open source projects you think?

Thanks! I will let you know what I find out. It will be a little bit before I get time to play around with this though. Busy weekend.