66 lines
2.3 KiB
Markdown
66 lines
2.3 KiB
Markdown
[[!meta date="2008-10-19 18:33:59 -0400"]]
|
|
|
|
One may want to provide ikiwiki hosting with [[rcs/git]]+ssh access and web
|
|
server located at different hosts. Here's a description for such
|
|
a setup, using password-less SSH as a way of communication between
|
|
these two hosts.
|
|
|
|
[[!img separate-webserver.svg size=490x align=right]]
|
|
|
|
Git server
|
|
==========
|
|
|
|
Let's create a user called `ikiwiki_example`. This user gets SSH
|
|
access restricted to GIT pull/push, using `git-shell` as a shell.
|
|
|
|
The root (bare) repository:
|
|
|
|
- is stored in `~ikiwki_example/ikiwiki_example.git`
|
|
- is owned by `ikiwiki_example:ikiwiki_example`
|
|
- has permissions 0700
|
|
|
|
The master repository's post-update hook connects via SSH to
|
|
`webserver` as user `ikiwiki_example`, in order to run
|
|
`~/bin/ikiwiki.update` on `webserver`; this post-update hook, located
|
|
in `~ikiwki_example/ikiwiki_example.git/hooks/post-update`, is
|
|
executable and contains:
|
|
|
|
#!/bin/sh
|
|
/usr/bin/ssh ikiwiki_example@webserver bin/ikiwiki.update
|
|
|
|
Password-less SSH must be setup to make this possible; one can
|
|
restrict `gitserver:ikiwiki_example` to be able to run only the needed
|
|
command on the web server, using such a line in
|
|
`webserver:~ikiwiki_example/.ssh/authorized_keys`:
|
|
|
|
command="bin/ikiwiki.update",from="gitserver.example.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ...
|
|
|
|
Web server
|
|
==========
|
|
|
|
Let's create a user called `ikiwiki_example` on `webserver`. She needs
|
|
to have write permission to the destination directory.
|
|
|
|
The working tree repository (`srcdir`):
|
|
|
|
- is stored in `~ikiwki_example/src`
|
|
- is owned by `ikiwiki_example:ikiwiki_example`
|
|
- has permissions 0700
|
|
- has the following origin: `ikiwiki_example@gitserver:ikiwiki_example.git`
|
|
|
|
The CGI wrapper is generated with ownership set to
|
|
`ikiwiki_example:ikiwiki_example` and permissions `06755`.
|
|
|
|
Password-less SSH must be setup so that `ikiwiki_example@webserver` is
|
|
allowed to push to the master repository. As told earlier, SSH access
|
|
to `ikiwiki_example@gitserver` is restricted to GIT pull/push, which
|
|
is just what we need.
|
|
|
|
The Git wrapper is generated in `~ikiwiki_example/bin/ikiwiki.update`:
|
|
|
|
git_wrapper => '/home/ikiwiki_example/bin/ikiwiki.update'
|
|
|
|
As previously explained, this wrapper is run over SSH by the master
|
|
repository's post-update hook; it pulls updates from the master
|
|
repository and triggers a wiki refresh.
|