On Tue, 18 Jun 2024 15:42:10 -0500 "David C. Rankin" <drankinatty@xxxxxxxxx> wrote: > On 6/18/24 05:35, Carl Lei wrote: > > Oh, I meant to run another apache instance, serving only the git > > CGI, and reverse-proxy from your main HTTP server to this dedicated > > git server. Actually it need not be apache, any kind of server > > capable of running CGI will do fine. > > That I'll have to digest. Sounds like a good fix. For ssh, if > everything is owned by a 'git' user, we would also need to have > dedicated certificates for that user? If you are using SSH certificates then it depends; there is more than one way to organize them. E.g. if your certificates includes "principals" then the git user can be simply given an AuthorizedPrincipalsFile.
