diff options
| author | Drew DeVault <sir@cmpwn.com> | 2020-08-21 09:52:32 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2020-08-21 09:52:32 -0400 |
| commit | f896bfa2dc14303feb19e50db6d13770ecba4a6b (patch) | |
| tree | 18ddc6f0db952de7da587855a3b8c83dd46771d9 /git.sr.ht | |
| parent | 08dff73cfe7344180c05d0b41a910fade06f294e (diff) | |
| download | sr.ht-docs-f896bfa2dc14303feb19e50db6d13770ecba4a6b.tar.gz | |
Add note about locking down S3 access
Diffstat (limited to 'git.sr.ht')
| -rw-r--r-- | git.sr.ht/installation.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/git.sr.ht/installation.md b/git.sr.ht/installation.md index 79ad9db..c86a309 100644 --- a/git.sr.ht/installation.md +++ b/git.sr.ht/installation.md @@ -28,6 +28,18 @@ suggest `/var/lib/git/`. Also configure a `git` user and assign ownership over these for you. If you do not use the package, you must create the user yourself and ensure that the git.sr.ht web application runs as this user. +## Object storage + +To allow users to upload artifacts to git repositories, you need to configure an +S3-compatible object storage system separately, then fill out the s3-related +configuration options in config.ini. We recommend MinIO as a free-software +S3-compatible object storage server. + +Please be aware that it is your responsibility to secure the S3 storage to +protect artifacts of private repositories from unauthorized downloads. git.sr.ht +will stream artifact downloads directly from S3 after confirming authorization, +so you simply need to avoid configuring the bucket for public access. + ## SSH dispatch It is necessary to configure git.sr.ht's SSH dispatcher as the system-wide SSH |