Documentation Index Fetch the complete documentation index at: https://mintlify.com/livrasand/gitGost/llms.txt
Use this file to discover all available pages before exploring further.
Overview While gitGost does not currently ship with an official Dockerfile, deploying via Docker is straightforward. This guide provides production-ready Docker configurations.
The gitGost repository does not include a Dockerfile yet. This guide provides a reference implementation you can use.
Creating a Dockerfile Create a Dockerfile in the root of the gitGost repository:
# Build stage FROM golang:1.22-alpine AS builder # Install git (required for go mod download with private repos) RUN apk add --no-cache git # Set working directory WORKDIR /build # Copy go mod files COPY go.mod go.sum ./ RUN go mod download # Copy source code COPY . . # Build with version info ARG COMMIT_HASH=unknown ARG BUILD_TIME=unknown RUN go build -ldflags "-w -s -X main.commitHash=${COMMIT_HASH} -X main.buildTime=${BUILD_TIME}" \ -o gitgost ./cmd/server # Runtime stage FROM alpine:latest # Install git and ca-certificates (required for GitHub API) RUN apk add --no-cache git ca-certificates # Create non-root user RUN addgroup -g 1000 gitgost && \ adduser -D -u 1000 -G gitgost gitgost # Set working directory WORKDIR /app # Copy binary from builder COPY --from=builder /build/gitgost . # Copy web assets if they exist COPY --from=builder /build/web ./web # Change ownership RUN chown -R gitgost:gitgost /app # Switch to non-root user USER gitgost # Expose default port EXPOSE 8080 # Health check HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1 # Run the server CMD [ "./gitgost" ]
Building the Docker Image
Build with version info
docker build \ --build-arg COMMIT_HASH= $( git rev-parse --short HEAD ) \ --build-arg BUILD_TIME= $( date -u +%Y-%m-%dT%H:%M:%SZ ) \ -t gitgost:latest \ .
Verify the image
docker images | grep gitgost # Expected output: # gitgost latest abc123def456 2 minutes ago 25MB
Test run
docker run --rm -p 8080:8080 \ -e GITHUB_TOKEN=your_token \ gitgost:latest
Docker Run Command For a simple deployment without Docker Compose:
docker run -d \ --name gitgost \ --restart unless-stopped \ -p 8080:8080 \ -e GITHUB_TOKEN="your_github_token" \ -e GITGOST_API_KEY="your_api_key" \ -e SUPABASE_URL="https://your-project.supabase.co" \ -e SUPABASE_KEY="your_supabase_key" \ -e PANIC_PASSWORD="your_strong_password" \ -e NTFY_ADMIN_TOPIC="gitgost-admin-alerts" \ -e LOG_FORMAT="json" \ gitgost:latest
Using an .env file # Create .env file cat > .env << 'EOF' GITHUB_TOKEN=your_github_token GITGOST_API_KEY=your_api_key SUPABASE_URL=https://your-project.supabase.co SUPABASE_KEY=your_supabase_key PANIC_PASSWORD=your_strong_password NTFY_ADMIN_TOPIC=gitgost-admin-alerts LOG_FORMAT=json EOF # Run with .env file docker run -d \ --name gitgost \ --restart unless-stopped \ -p 8080:8080 \ --env-file .env \ gitgost:latest
Docker Compose Basic Configuration Create docker-compose.yml:
version : '3.8' services : gitgost : build : context : . dockerfile : Dockerfile args : COMMIT_HASH : ${COMMIT_HASH:-main} BUILD_TIME : ${BUILD_TIME:-unknown} image : gitgost:latest container_name : gitgost restart : unless-stopped ports : - "8080:8080" environment : - GITHUB_TOKEN=${GITHUB_TOKEN} - GITGOST_API_KEY=${GITGOST_API_KEY:-} - PORT=8080 - LOG_FORMAT=json - READ_TIMEOUT=30s - WRITE_TIMEOUT=30s - SUPABASE_URL=${SUPABASE_URL:-} - SUPABASE_KEY=${SUPABASE_KEY:-} - PANIC_PASSWORD=${PANIC_PASSWORD} - NTFY_ADMIN_TOPIC=${NTFY_ADMIN_TOPIC:-} - NTFY_BASE_URL=${NTFY_BASE_URL:-https://ntfy.sh} - SERVICE_URL=${SERVICE_URL:-https://gitgost.leapcell.app} healthcheck : test : [ "CMD" , "wget" , "--no-verbose" , "--tries=1" , "--spider" , "http://localhost:8080/health" ] interval : 30s timeout : 3s start_period : 5s retries : 3 networks : - gitgost-network networks : gitgost-network : driver : bridge
Production Configuration with nginx Create docker-compose.prod.yml:
version : '3.8' services : gitgost : build : context : . dockerfile : Dockerfile args : COMMIT_HASH : ${COMMIT_HASH:-main} BUILD_TIME : ${BUILD_TIME:-unknown} image : gitgost:latest container_name : gitgost restart : unless-stopped expose : - "8080" environment : - GITHUB_TOKEN=${GITHUB_TOKEN} - GITGOST_API_KEY=${GITGOST_API_KEY:-} - PORT=8080 - LOG_FORMAT=json - READ_TIMEOUT=30s - WRITE_TIMEOUT=30s - SUPABASE_URL=${SUPABASE_URL} - SUPABASE_KEY=${SUPABASE_KEY} - PANIC_PASSWORD=${PANIC_PASSWORD} - NTFY_ADMIN_TOPIC=${NTFY_ADMIN_TOPIC} - NTFY_BASE_URL=${NTFY_BASE_URL:-https://ntfy.sh} - SERVICE_URL=${SERVICE_URL} healthcheck : test : [ "CMD" , "wget" , "--no-verbose" , "--tries=1" , "--spider" , "http://localhost:8080/health" ] interval : 30s timeout : 3s start_period : 5s retries : 3 networks : - gitgost-network nginx : image : nginx:alpine container_name : gitgost-nginx restart : unless-stopped ports : - "80:80" - "443:443" volumes : - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/nginx/ssl:ro - ./logs:/var/log/nginx depends_on : - gitgost networks : - gitgost-network networks : gitgost-network : driver : bridge
Create nginx.conf:
events { worker_connections 1024 ; } http { upstream gitgost { server gitgost:8080; } # Rate limiting limit_req_zone $ binary_remote_addr zone=push_limit:10m rate=5r/h; limit_req_zone $ binary_remote_addr zone=admin_limit:10m rate=10r/m; server { listen 80 ; server_name _; return 301 https://$ host $ request_uri ; } server { listen 443 ssl http2; server_name _; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # Security headers add_header Strict-Transport-Security "max-age=31536000" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; # Max body size client_max_body_size 100M ; # Push endpoints (rate limited) location ~ ^/v1/gh/.*/git-receive-pack$ { limit_req zone=push_limit burst=2 nodelay; proxy_pass http://gitgost; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; proxy_read_timeout 300s ; proxy_connect_timeout 75s ; } # Admin endpoints (strict rate limiting) location /admin/ { limit_req zone=admin_limit burst=5 nodelay; proxy_pass http://gitgost; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; } # All other endpoints location / { proxy_pass http://gitgost; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; proxy_http_version 1.1 ; proxy_set_header Upgrade $ http_upgrade ; proxy_set_header Connection "upgrade" ; } } }
Usage
Create .env file
cp .env.example .env # Edit .env with your configuration
View logs
docker-compose logs -f gitgost
Volume Mounts gitGost does not require persistent volumes by design. All git operations are ephemeral.
Do not mount /tmp or other writable directories unless you understand the security implications. gitGost is designed to be stateless.
Optional: Persistent Logs If you want to persist logs outside the container:
services : gitgost : # ... other config ... volumes : - ./logs:/app/logs environment : - LOG_FORMAT=json
Port Mappings Container Port Host Port Purpose 80808080 (or custom)Main HTTP server
gitGost uses a single port for all operations (health, metrics, git-receive-pack, admin, etc.).
Multi-Architecture Builds To build for multiple platforms (e.g., ARM64 for Raspberry Pi):
# Enable Docker buildx docker buildx create --use # Build for multiple architectures docker buildx build \ --platform linux/amd64,linux/arm64 \ --build-arg COMMIT_HASH= $( git rev-parse --short HEAD ) \ --build-arg BUILD_TIME= $( date -u +%Y-%m-%dT%H:%M:%SZ ) \ -t your-registry/gitgost:latest \ --push \ .
Container Registry Push to Docker Hub # Tag the image docker tag gitgost:latest yourusername/gitgost:latest docker tag gitgost:latest yourusername/gitgost: $( git rev-parse --short HEAD ) # Push docker push yourusername/gitgost:latest docker push yourusername/gitgost: $( git rev-parse --short HEAD )
Push to GitHub Container Registry # Login to GHCR echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin # Tag docker tag gitgost:latest ghcr.io/livrasand/gitgost:latest # Push docker push ghcr.io/livrasand/gitgost:latest
Troubleshooting # Check logs docker logs gitgost # Common causes: # - Missing GITHUB_TOKEN # - Invalid environment variables # - Port 8080 already in use on host
Health Check Failing # Test manually docker exec gitgost wget --no-verbose --tries=1 --spider http://localhost:8080/health # Check service status curl http://localhost:8080/health
Build Fails # Clean build cache docker builder prune -a # Rebuild without cache docker build --no-cache -t gitgost:latest .
Security Best Practices
Use Secrets Use Docker secrets or environment files instead of hardcoding credentials in docker-compose.yml.
Run as Non-Root The Dockerfile provided runs as a non-root user (UID 1000) for security.
Network Isolation Use custom networks to isolate gitGost from other containers.
TLS Termination Always use a reverse proxy (nginx, Traefik, Caddy) with TLS for production.
Next Steps
Environment Variables Complete reference of all configuration options
Configuration Advanced configuration and production hardening
Requirements System requirements and prerequisites