diff options
-rw-r--r-- | docs/man/gitolfs3-authenticate.1 | 33 | ||||
-rw-r--r-- | docs/man/gitolfs3-server.1 | 124 | ||||
-rw-r--r-- | docs/man/gitolfs3-shell.1 | 36 |
3 files changed, 193 insertions, 0 deletions
diff --git a/docs/man/gitolfs3-authenticate.1 b/docs/man/gitolfs3-authenticate.1 new file mode 100644 index 0000000..67151e1 --- /dev/null +++ b/docs/man/gitolfs3-authenticate.1 | |||
@@ -0,0 +1,33 @@ | |||
1 | .TH GITOLFS3-AUTHENTICATE 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual" | ||
2 | .SH NAME | ||
3 | git-lfs-authenticate \- Git LFS authentication agent for Gitolfs3 | ||
4 | .SH SYNOPSIS | ||
5 | .B git-lfs-authenticate | ||
6 | <repository> | ||
7 | upload/download | ||
8 | .SH DESCRIPTION | ||
9 | .B git-lfs-authenticate | ||
10 | is a Git LFS authentication agent for Gitolfs3. | ||
11 | When accessible from the Git shell, | ||
12 | .B git-lfs-authenticate | ||
13 | can authorize users to access the Gitolfs3 Git LFS server. | ||
14 | |||
15 | Although | ||
16 | .B git-lfs-authenticate | ||
17 | does assume that the user can be trusted, as they have access to the server, | ||
18 | it is a good idea to restrict the shell for the \fIgit\fR user. | ||
19 | For example, the user should not be able to modify environment variables, nor | ||
20 | should the user be able to execute any arbitrary command. | ||
21 | The Git shell provided by Gitolfs3 may be a good option. (See | ||
22 | .BR gitolfs3-shell (1).) | ||
23 | .SH ENVIRONMENT VARIABLES | ||
24 | .TP | ||
25 | .B GITOLFS3_HREF_BASE | ||
26 | .B Required. | ||
27 | The base URL at which the Gitolfs3 server is available. | ||
28 | Must end with a slash. | ||
29 | .TP | ||
30 | .B GITOLFS3_KEY_PATH | ||
31 | .B Required. | ||
32 | The path to the key which is used to authorize the request to the Gitolfs3 | ||
33 | server. | ||
diff --git a/docs/man/gitolfs3-server.1 b/docs/man/gitolfs3-server.1 new file mode 100644 index 0000000..4f384cf --- /dev/null +++ b/docs/man/gitolfs3-server.1 | |||
@@ -0,0 +1,124 @@ | |||
1 | .TH GITOLFS3-SERVER 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual" | ||
2 | .SH NAME | ||
3 | server \- Gitolfs3 Git LFS server | ||
4 | .SH SYNOPSIS | ||
5 | .B server | ||
6 | .SH DESCRIPTION | ||
7 | .B server | ||
8 | is the Gitolfs3 Git LFS server. It is primarily configured using environment | ||
9 | variables. | ||
10 | A complete reference of the environment variables can be seen below. | ||
11 | |||
12 | .B Important note: | ||
13 | The working directory of the Gitolfs3 server should be the folder containing all Git repositories. | ||
14 | Otherwise, repositories will not be recognized (and nothing will work). | ||
15 | |||
16 | The Gitolfs3 server uses S3-compatible services as backing storage. | ||
17 | In the configured S3 bucket, a familiar structure is used: | ||
18 | .in +2 | ||
19 | lfs-test.git/ ................. repository name | ||
20 | .in +2 | ||
21 | lfs/objects/ ................ namespace | ||
22 | .in +2 | ||
23 | 4e/ ....................... first byte of the object ID (OID) | ||
24 | .in +2 | ||
25 | 7b/ ..................... second byte of the OID | ||
26 | .in +2 | ||
27 | 4e7bfdb[...]11ce013 ... OID (SHA256) | ||
28 | .in -10 | ||
29 | |||
30 | Public and private repositories are distinguished using the presence of a | ||
31 | \fIgit-daemon-export-ok\fR file in the bare repository. | ||
32 | Unauthenticated users accessing the service over the public internet are | ||
33 | allowed to download all files from all public repositories. | ||
34 | Unauthenticated users accessing the service over a trusted network are allowed | ||
35 | to download all files from all repositories, so also from all private | ||
36 | repositories. | ||
37 | Only authenticated users are authorized to upload files. | ||
38 | For information on access control in private networks, please see the | ||
39 | documentation for the environment variable | ||
40 | .BR GITOLFS3_TRUSTED_FORWARDED_HOSTS . | ||
41 | |||
42 | This server can be used in combination with the Gitolfs3 Git LFS authentication | ||
43 | agent (see | ||
44 | .BR gitolfs3-authenticate ). | ||
45 | For more information, please see the documentation for the environment variable | ||
46 | .BR GITOLFS3_KEY_PATH . | ||
47 | .SH ENVIRONMENT VARIABLES | ||
48 | .TP | ||
49 | .B GITOLFS3_S3_SECRET_ACCESS_KEY_FILE | ||
50 | .B Required. | ||
51 | Path to the Secret Access Key to access the configured S3 service. | ||
52 | .TP | ||
53 | .B GITOLFS3_S3_ACCESS_KEY_ID_FILE | ||
54 | .B Required. | ||
55 | Path to the Access Key ID to access the configured S3 service. | ||
56 | .TP | ||
57 | .B GITOLFS3_S3_REGION | ||
58 | .B Required. | ||
59 | The S3 region which the configured bucket is in. | ||
60 | .TP | ||
61 | .B GITOLFS3_S3_ENDPOINT | ||
62 | .B Required. | ||
63 | The S3 endpoint to use. | ||
64 | Whether using Amazon S3 or another provider, this URL always be provided. | ||
65 | In the case of Scaleway Object Storage, this may look like | ||
66 | \fIhttps://s3.nl-ams.scw.cloud\fR for the region \fInl-ams\fR. | ||
67 | .TP | ||
68 | .B GITOLFS3_S3_BUCKET | ||
69 | .B Required. | ||
70 | The S3 bucket to use. | ||
71 | Should be in the configured region (see | ||
72 | .BR GITOLFS_S3_ENDPOINT ). | ||
73 | .TP | ||
74 | .B GITOLFS3_BASE_URL | ||
75 | .B Required. | ||
76 | The base URL under which the Gitolfs3 server itself runs. | ||
77 | This is required so that the server can generate hyperlinks that refer to | ||
78 | itself. | ||
79 | .TP | ||
80 | .B GITOLFS3_KEY_PATH | ||
81 | .B Required. | ||
82 | Path to the key that is used to generate and verify tags (MACs) for requests. | ||
83 | Must correspond with the key used by | ||
84 | .BR gitolfs3-authenticate (1), | ||
85 | if using. | ||
86 | .TP | ||
87 | .B GITOLFS3_LISTEN_HOST | ||
88 | .B Required. | ||
89 | The host on which the Gitolfs3 server should listen. | ||
90 | .TP | ||
91 | .B GITOLFS3_LISTEN_PORT | ||
92 | .B Required. | ||
93 | The port on which the Gitolfs3 server should listen. | ||
94 | .TP | ||
95 | .B GITOLFS3_DOWNLOAD_LIMIT | ||
96 | .B Required. | ||
97 | The maximum amount of file bytes which may be downloaded within the span of an | ||
98 | hour. | ||
99 | |||
100 | The server keeps track of the amount of bytes downloaded in the last hour in a | ||
101 | file called \fI.gitofls3-dlimit\fR, which it stores in its working directory. | ||
102 | Every hour, the counter is reset. | ||
103 | When the server crashes, the counter is not reset. | ||
104 | This means that the implementation is pretty messy, and that repeated crashes | ||
105 | of the server turn this 'hour' into practical 'infinity'. | ||
106 | |||
107 | The main purpose of this feature is to prevent incurring unforeseen egress | ||
108 | costs. | ||
109 | |||
110 | .B Note: | ||
111 | Only untrusted hosts are held to this limit. | ||
112 | .TP | ||
113 | .B GITOLFS3_TRUSTED_FORWARDED_HOSTS | ||
114 | .B Optional. | ||
115 | A comma-separated list of hosts which can be classified as 'trusted'. | ||
116 | |||
117 | If a request comes in for which the X-Forwarded-Host header contains one of the | ||
118 | hosts in this list, then the user is automatically generated read access to all | ||
119 | repositories, regardless of the presence of a \fIgit-daemon-export-ok\fR file. | ||
120 | Furthermore, presigned URLs are returned for download requests, instead of | ||
121 | downloads being proxied through the Gitolfs3 server. | ||
122 | |||
123 | .B Note: | ||
124 | There must be no space between the comma-separated items. | ||
diff --git a/docs/man/gitolfs3-shell.1 b/docs/man/gitolfs3-shell.1 new file mode 100644 index 0000000..56eac31 --- /dev/null +++ b/docs/man/gitolfs3-shell.1 | |||
@@ -0,0 +1,36 @@ | |||
1 | .TH GITOLFS3-SHELL 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual" | ||
2 | .SH NAME | ||
3 | shell \- Gitolfs3 shell | ||
4 | .SH SYNOPSIS | ||
5 | .B shell | ||
6 | -c <command> | ||
7 | .SH DESCRIPTION | ||
8 | .B shell | ||
9 | is the Gitolfs3 shell. | ||
10 | .SH COMMANDS | ||
11 | .TP | ||
12 | .B git-receive-pack \fR<repsitory>\fB | ||
13 | Alternatively, using \fBgit receive-pack\fR is also allowed. | ||
14 | No other arguments nor options than indicated above are processed nor allowed. | ||
15 | See | ||
16 | .BR git-receive-pack (1). | ||
17 | .TP | ||
18 | .B git-upload-archive \fR<repsitory>\fB | ||
19 | Alternatively, using \fBgit upload-archive\fR is also allowed. | ||
20 | No other arguments nor options than indicated above are processed nor allowed. | ||
21 | See | ||
22 | .BR git-upload-archive (1). | ||
23 | .TP | ||
24 | .B git-upload-pack \fR<repsitory>\fB | ||
25 | Alternatively, using \fBgit upload-pack\fR is also allowed. | ||
26 | No other arguments nor options than indicated above are processed nor allowed. | ||
27 | See | ||
28 | .BR git-upload-pack (1). | ||
29 | .TP | ||
30 | .B git-lfs-authenticate \fR<repository> upload/download\fB | ||
31 | Outputs a JSON document containing a reference to the Gitolfs3 Git LFS endpoint | ||
32 | for the indicated repository and an accompanying tag/MAC to authenticate with | ||
33 | the Gitolfs3 server. | ||
34 | Only valid for the indicated repository and operation. | ||
35 | See | ||
36 | .BR gitolfs3-authenticate (1). | ||