Git SSL Certificate Problem Caused By Self Signed Certificates

  • 6

Git SSL Certificate Problem Caused By Self Signed Certificates

Category : How-to

Get Social!

git-logoIt’s never been easier to set up your own Git server to host your own git repositories for your projects. Thanks to people like the folks over at GitLab you can be up and running in no time at all.

If you host something like this yourself, you’ll probably have entered the world called self signed certificates. These are SSL certificates that have not been signed by a known and trusted certificate authority. There is no security concern using a self signed certificate, the level of security will be similar to a paid for certificate, the problem is that your commuter won’t know that it can trust the certificate. You may have seen this error in a Web Browser, such as Chrome:

chrome-ssl-warning

With Git, however, you’ll get an error from the git command line tool similar to the below:

The preferred method of dealing with this error is to add the Certificate Authority’s signing certificate as a trusted Certificate Authority on your computer.The way to do this differs depending on your OS and is out of scope for this post.

There are two Git specific methods of forcing Git to accept the self signed certificates, which don’t require you to import the CA certificate to your computers Trusted  CA store:

Turn off Git SSL Verification

You can stop the Git client from verifying your servers certificate and to trust all SSL certificates you use with the Git client. This has it’s own security risks as you would not be warned if there was a valid problem with the server you are trying to connect to.

That said, it’s the quickest and easiest fix for a non trusted server certificate. Simply run the below git command on your Git client.

Tell Git Where Your Certificate Authority Certificates Are

Another option is to point your Git client towards a folder that contains the Certificate Authority certificate that was used to sign your Git server’s SSL certificate. You may not have one of these if you’re using Self Signed certificates.

Save the CA certificate to a folder on your Git client and run the following git command to tell your Git client to use it when connecting t the server:

 


  • 12

Add Create OpenVZ Template to the Proxmox Web GUI

Get Social!

proxmox logo gradCreating a template from an OpenVZ container is a very manual process. My biggest problem is that you have to have root access to the Proxmox hardware node in order to create a tar from the root of the CT. See How to make a new OpenVZ template for more information on manually creating a template.

proxmox-create-template-context-menu

I created a small code patch for the Proxmox API and web GUI to add a ‘create template’ feature for CTs. The code adds a context menu entry when you right click on a CT in the Proxmox web GUI.

Before using the feature, the CT must be shut down and any network interfaces removed. The feature presents the user with a dialogue box requesting which storage device the template should be saved to, and what it should be called.

Once the storage has been selected and the template has been given a name, a new ‘create template’ task is created which archives the root directory of the selected container and adds it to the cache folder of the selected storage.

proxmox-create-template-dialogue-box

The changes were declined by the Proxmox team on the grounds that creating a template is a technical process and may not result in creating a working, cloned instance. In addition, it is very easy to leave sensitive information in the CT which is the source of the template – all data on the CTs file system will be archived into the template making it available the next time a CT is created. If SSH keys are left on the CT, for example, then they will be available in the new CT also.

Because the feature was not accepted into the main distribution of Proxmox, I will maintain it myself and manually apply the patches to my Proxmox servers after every update. I have created a public repository on my Gitlab server that holds the git patch file which is available for everyone. 

If you accepts the risks mentioned above, and are happy to hack away at your Proxmox binaries, then you are welcome to try the patch for yourself.

You can download the patch and get more information on my public Proxmox Github page.

I should mention that this patch may not always be up to date. In addition, this is changing the actual Proxmox distribution files and as such may have unintended side effects. Please use these patches with caution and only in your development environments.

gitlabDownload

 


  • 6

Gitlab error “fatal: The remote end hung up unexpectedly” Again

Category : How-to

Get Social!

gitlabI previously wrote in this blog post about how to fix an error with Gitlab. The error was presented when using the  git push command with a remote repository that uses the Gitlabs HTTP protocol and not the SSH protocol.

The following error was presented in the Git client when using the git push command:

It seems that the issue is Nginx, Gitlab’s HTTP server, is not configured to receive large amounts of data. We need to specify the attribute client_max_body_size in Gitlab’s Nginx configuration file and specify the maximum amount of data Nginx will accept.

Open the configuration file and find the line location @gitlab.

Add the client_max_body_size attribute and specify the size value to use.

The M stands for megabyte – you can also use G for gigabytes.

If the size of your git push ever exceeds the above value, you will have to either increase the size further or reduce your git commit sizes.

Your completed /etc/nginx/sites-available/gitlab file should look like the below example which has a 20MB upload limit.

 


  • 0

Install Grails from Git on Windows

Category : How-to

Get Social!

grails-core-gradlew.bat-installGood news: installing Grails from source is easy-peasey on Windows! Before you get started, you’ll need to have git and a JDK installed.

You can download both git and the JDK from the following locations:

Once these are both installed, set the JAVA_HOME variable from a command prompt. You’ll need to locate the exact java version which is in your Program Files\Java folder as it changes with each version.

Move to the folder where you would like to deploy Grails.

And run the git clone command to start downloading the source.

Move into the folder which was created with the git clone command.

Finally run the install command which will download any further dependencies and compile the application.

And that’s it! I told you it was easy.


  • 0

Ignoring Files and Directories in Git with .gitignore

Tags :

Category : How-to

Get Social!

octocat-githubWith Git you are able to define file exceptions to exclude certain files and folders from git repository commits. You can create a files which contains a list of patterns which git will check against on each git add and ignore any matching files.

You can create ignore pattern lists to ignore files on either a global scale which will affect all repositories on the system or limit it to a specific repository.

Both types of ignore use a .gitignore file which contains literal paths of files inside the repository or patterns which will be used to exclude matching files and directories.

.gitignore patterns

Patterns inside the .gitignore file are matched from the root directory of the git repository. Patterns are comprised of a wildcard character *, to match any character, and literal characters to match the exact phrase.

A typical example of using a .gitignore file would be to exclude all files ending in .log. The below pattern would be added to the .gitignore file

Or, as with something like log4j, your log files may include numbers at the end. This pattern will exclude any file names that contain .log.

Another use is to exclude all files in a specific path, such as the application build directory. This will ignore the Build directory and everything within it.

Single repository .gitignore

Add your patterns to the below file to add exclusions to affect only a singe git repository. You must make sure you have changed to the root directory of your repository, or include it in the file path.

Global .gitignore

You must run a git config command to enable .gitignore to work across all local repositories. You can edit the ~/.gitignore path if required.

Once enabled, edit the ~/.gitignore file and add patterns which will affect the next git add command.

For example, you may add a global gitignore entry for .bak files. Add the following line to you global gitignore file:

 

You can use just one of the above methods or a combination of both gitignore methods on your git client.