18 Jun
2024
18 Jun
'24
8:42 p.m.
On 6/18/24 05:35, Carl Lei wrote:
Oh, I meant to run another apache instance, serving only the git CGI, and reverse-proxy from your main HTTP server to this dedicated git server. Actually it need not be apache, any kind of server capable of running CGI will do fine.
That I'll have to digest. Sounds like a good fix. For ssh, if everything is owned by a 'git' user, we would also need to have dedicated certificates for that user? I'll start reading about setting up a second instance and the proxy world. I'll also hope (strongly) the git kernel list discovers they have a few side-effects of fixing the CVEs in the latest version and publish a fix that makes it all transparent. (hope, but not plan on ...) -- David C. Rankin, J.D.,P.E.