more robust for ssh floods

author: Your Name <you@example.com> 2026-02-07 19:58:55 +0800
committer: Your Name <you@example.com> 2026-02-07 19:58:55 +0800
commit: d1cebc658174a16014c2a3847bdf55bb3553b7fb (patch)
tree: 843abd31aabf15bdf9c78314c69922a5df586531 /docs
parent: 7bd52ea1ae10870cc2ff8aa5c237679c30ffda72 (diff)
1 files changed, 62 insertions, 0 deletions
diff --git a/docs b/docs
new file mode 100644
index 0000000..89d3373
--- /dev/null
+++ b/docs
@@ -0,0 +1,62 @@
+CGIT CONTAINER
+Cgit with automatic HTTPS (cgit + caddy + Let's Encrypt).
+Requirements:
+    - Public IPv4 address
+    - Domain pointing to the IP
+    - /git directory for bare repos
+Host setup (one-time):
+    cat > /etc/sysctl.d/99-container-routing.conf << 'EOF'
+    net.ipv4.ip_forward=1
+    net.ipv4.conf.enp1s0.proxy_arp=1
+    EOF
+    sysctl -p /etc/sysctl.d/99-container-routing.conf
+    mkdir -p /git/.ssh
+Run:
+    ./start_container.sh
+Run (manual):
+    podman run -d \
+        --name cgit \
+        --network public-routed \
+        --ip 10.89.0.2 \
+        --cap-add=NET_ADMIN \
+        --env-file config.env \
+        -v cgit_data:/data \
+        -v /git:/git \
+        localhost/cgit
+    sleep 2
+    podman exec cgit ip addr add 37.27.166.242/32 dev eth0
+    ip route add 37.27.166.242/32 via 10.89.0.2
+SSH keys:
+    Drop .pub files in /git/.ssh/, they're combined into authorized_keys on run.
+Create repo:
+    git init --bare /git/myrepo
+Restart:
+    podman restart cgit
+Stop:
+    podman stop cgit && podman rm cgit && ip route del 37.27.166.242/32
+Cleanup:
+    podman stop cgit
+    podman rm cgit
+    podman volume rm cgit_data
+    ip route del 37.27.166.242/32
+    podman network rm public-routed    # only if no other containers use it
+Logs:
+    podman logs -f cgit
+Processes:
+    podman exec cgit ps aux
+Shell:
+    podman exec -it cgit sh
author	Your Name <you@example.com>	2026-02-07 19:58:55 +0800
committer	Your Name <you@example.com>	2026-02-07 19:58:55 +0800
commit	d1cebc658174a16014c2a3847bdf55bb3553b7fb (patch)
tree	843abd31aabf15bdf9c78314c69922a5df586531 /docs
parent	7bd52ea1ae10870cc2ff8aa5c237679c30ffda72 (diff)

diff --git a/docs b/docs new file mode 100644 index 0000000..89d3373 --- /dev/null +++ b/docs
@@ -0,0 +1,62 @@
	1	CGIT CONTAINER
	2
	3	Cgit with automatic HTTPS (cgit + caddy + Let's Encrypt).
	4
	5	Requirements:
	6	- Public IPv4 address
	7	- Domain pointing to the IP
	8	- /git directory for bare repos
	9
	10	Host setup (one-time):
	11	cat > /etc/sysctl.d/99-container-routing.conf << 'EOF'
	12	net.ipv4.ip_forward=1
	13	net.ipv4.conf.enp1s0.proxy_arp=1
	14	EOF
	15	sysctl -p /etc/sysctl.d/99-container-routing.conf
	16	mkdir -p /git/.ssh
	17
	18	Run:
	19	./start_container.sh
	20
	21	Run (manual):
	22	podman run -d \
	23	--name cgit \
	24	--network public-routed \
	25	--ip 10.89.0.2 \
	26	--cap-add=NET_ADMIN \
	27	--env-file config.env \
	28	-v cgit_data:/data \
	29	-v /git:/git \
	30	localhost/cgit
	31
	32	sleep 2
	33	podman exec cgit ip addr add 37.27.166.242/32 dev eth0
	34	ip route add 37.27.166.242/32 via 10.89.0.2
	35
	36	SSH keys:
	37	Drop .pub files in /git/.ssh/, they're combined into authorized_keys on run.
	38
	39	Create repo:
	40	git init --bare /git/myrepo
	41
	42	Restart:
	43	podman restart cgit
	44
	45	Stop:
	46	podman stop cgit && podman rm cgit && ip route del 37.27.166.242/32
	47
	48	Cleanup:
	49	podman stop cgit
	50	podman rm cgit
	51	podman volume rm cgit_data
	52	ip route del 37.27.166.242/32
	53	podman network rm public-routed # only if no other containers use it
	54
	55	Logs:
	56	podman logs -f cgit
	57
	58	Processes:
	59	podman exec cgit ps aux
	60
	61	Shell:
	62	podman exec -it cgit sh