== About == . Website: https://rocketgit.com . Author: Catalin(ux) M. BOIE . Description: Light and fast Git hosting solution . License: Affero GPLv3+ . Language: PHP (plan to rewrite everything in C in the near future) . Database: PostgreSQL . Project start date: 2011-03-04 == Features == . Free software . No Java . No Javascript . Upgrades with the standard tools of the distributions . Very little dependencies, all packaged in main-stream distributions . SELinux friendly . Very small (RPM is around 400KiB) . IPv6 ready . Internationalization ready == Install == . Install RocketGit from source (./configure && make && make install) or with a package manager: Fedora: dnf install http://kernel.embedromix.ro/dinorepo-0.0.10-1.noarch.rpm dnf install rocketgit CentOS/RedHat/Oracle yum install http://kernel.embedromix.ro/dinorepo-el-0.0.11-1.noarch.rpm yum install rocketgit Edit /etc/rocketgit/config.php Edit /etc/rocketgit/php-fpm.conf Edit /etc/rocketgit/pool.conf . Activate rocketgit php-fpm: systemd based distributions: systemctl enable rocketgit-fpm systemctl start rocketgit-fpm RedHat/CentOS/Oracle chkconfig rocketgit-fpm on service rocketgit-fpm start . PHP Adjust php.ini to: - allow enough RAM and execution time - fix timezone (date.timezone = UTC, for example) You may want to activate an op cache to speed up the PHP scripts: yum/dnf install php-opcache Also, we recommend to activate opcache also for cli: change opcache.enable_cli to 1 in /etc/php.d/10-opcache.ini and /etc/php-zts.d/10-opcache.ini. . Install and prepare a web server: nginx/apache: nginx is recommended because of the chunked encoding in POST requests. yum/dnf install nginx or yum/dnf install httpd mod_ssl Copy rocketgit.conf.sample from /etc/nginx/conf.d (or /etc/httpd/conf.d) into rocketgit.conf and edit it. Activate web server (nginx) systemd based distributions: systemctl enable nginx.service systemctl restart nginx.service RedHat/CentOS/Oracle chkconfig nginx on service nginx restart Or activate web server (apache) systemd based distributions: systemctl enable httpd.service systemctl restart httpd.service RedHat/CentOS/Oracle chkconfig httpd on service httpd restart . Activate sshd (for ssh:// access) systemd based distributions: systemctl enable sshd.service systemctl start sshd.service RedHat/CentOS/Oracle chkconfig sshd on service sshd restart . Activate xinetd (for git:// access, optional) systemd based distributions: systemctl enable xinetd.service systemctl start xinetd.service RedHat/CentOS/Oracle chkconfig xinetd on service xinetd restart . Prepare PostgreSQL server yum/dnf install postgresql-server Add the following lines, before wildcard matches, in /var/lib/pgsql/data/pg_hba.conf: local rocketgit rocketgit trust host rocketgit rocketgit 127.0.0.1/32 trust host rocketgit rocketgit ::1/128 trust systemd based distributions: systemctl enable postgresql.service export PGSETUP_INITDB_OPTIONS="--data-checksums" # recommended postgresql-setup --initdb # (TAKE CARE! YOU MAY DESTROY ALL YOUR DATA!) systemctl start postgresql.service RedHat/CentOS/Oracle chkconfig postgresql on service postgresql initdb service postgresql start Notes: - Check also the config file (/etc/rocketgit/config.php) and set correctly the rg_sql string. - If the web server and the db are not on the same host, you need to replace 127.0.0.1 and ::1 with your "safe network". You may want to use md5/etc. for authentication. Also, you may want to change 'listen_addresses' to '*'. You should also want to activate SSL. # Create a PostgreSQL user and database su - postgres createuser --createdb --no-createrole --no-superuser rocketgit createdb -O rocketgit rocketgit . Prepare the mail To be able to generate e-mails as other user, you have to: For sendmail: - Enable daemon: systemd based distributions: systemctl enable sendmail.service RedHat/CentOS/Oracle: chkconfig sendmail on - Edit /etc/mail/trusted-users and add 'rocketgit' and 'apache'. - Restart daemon: systemd based distributions: systemctl restart sendmail.service RedHat/CentOS/Oracle: service sendmail restart . Edit firewall to permit ssh, git, http and https ports In /etc/sysconfig/iptables (IPv4) and ip6tables (IPv6), add something like this: -A INPUT -m tcp -p tcp --dport ssh -j ACCEPT -A INPUT -m tcp -p tcp --dport git -j ACCEPT -A INPUT -m tcp -p tcp --dport http -j ACCEPT # optional -A INPUT -m tcp -p tcp --dport https -j ACCEPT If you use firewalld: firewall-cmd --permanent --add-port=ssh/tcp firewall-cmd --permanent --add-port=git/tcp firewall-cmd --permanent --add-port=http/tcp # optional firewall-cmd --permanent --add-port=https/tcp firewall-cmd --reload . Point your browser to the newly created server and you will be asked to create the admin account. . As admin user, go to Admin -> Settings and check if any setting should be tweaked. It is very important to set the 'Host name' value. . Activate the builder service, if you want: systemctl enable rocketgit-builder . Activate the worker service, if you want: systemctl enable rocketgit-worker@main == Thanks == . Special thanks to my family that supports me in this project. . Special thanks to my brother that contributed brain and time to this project. . Special thanks to git people for the best tool to manage the sources. . Special thanks to Petre Bandac for free hosting of rg2 server. . Special thanks to a lot of people that came with suggestions. . Special thanks to gitosys, Gitorious and other projects from where I learned things. . Special thanks to OWASP for their good documentation on how to write a secure web application. . See AUTHORS file for all the people who contributed to this project.