I want to have a local Gitorious installation that cannot be accessed outside of my local network, and is as secure and private as possible. The repos will be holding code I need kept private and secure in case of hacking or theft.

I’m not an expert with Linux, and certainly not an expert with git/gitorious, so any tips for improving my installation described below would be most helpful!

I have:

• Installed Gitorious on a local machine running Ubuntu Server 11.04 64-bit, with an encrypted LVM.
• Used this guide for Gitorious installation, if anyone is curious.
• Modified Gitorious to support local IPs as hostnames.
• In gitorious.yml:
  • host fields are a local IP (e.g. 192.168.xxx.xxx)
  • public_mode: false
  • only_site_admins_can_create_profiles: true
  • hide_http_clone_urls: true
• git-daemon was installed, but is now removed.
• No ports forwarded by internet facing router to machine.

Both git:// based and http:// based requests would normally allow open cloning of repos. Removing git-daemon and setting hide_http_clone_urls to false seems to have disabled both. They both deliver errors now when I attempt to clone.

With an encrypted LVM the machine is secure in case of physical theft. Also, all cloned repos on other machines are kept on encrypted drives as well. I used a custom script on the encrypted LVM that fills the harddrive with porn in case of too many failed attempts.

My current concerns:

• Is repo access through git:// and http:// fully disabled?
• Are all avenues of repo access secured behind ssh now?
• Is there a way to block all requests to the machine that don’t originate from within the local network, in case my router gets angry and seeks revenge against me?
• Anything more I can do to encrypt or protect the repos in case something goes wrong?
• How do I backup gitorious’s data? Just backup the MySQL database and repos directory?

Thank you.