19 Jun
2024
19 Jun
'24
12:56 a.m.
On Tue, 18 Jun 2024 15:42:10 -0500 "David C. Rankin" <drankinatty@gmail.com> wrote:
On 6/18/24 05:35, Carl Lei wrote:
Oh, I meant to run another apache instance, serving only the git CGI, and reverse-proxy from your main HTTP server to this dedicated git server. Actually it need not be apache, any kind of server capable of running CGI will do fine.
That I'll have to digest. Sounds like a good fix. For ssh, if everything is owned by a 'git' user, we would also need to have dedicated certificates for that user?
If you are using SSH certificates then it depends; there is more than one way to organize them. E.g. if your certificates includes "principals" then the git user can be simply given an AuthorizedPrincipalsFile.