f896bfa2dc14303feb19e50db6d13770ecba4a6b — Drew DeVault 29 days ago 08dff73
Add note about locking down S3 access
1 files changed, 12 insertions(+), 0 deletions(-)

M git.sr.ht/installation.md
M git.sr.ht/installation.md => git.sr.ht/installation.md +12 -0
@@ 28,6 28,18 @@ suggest `/var/lib/git/`. Also configure a `git` user and assign ownership over
these for you. If you do not use the package, you must create the user yourself
and ensure that the git.sr.ht web application runs as this user.

## Object storage

To allow users to upload artifacts to git repositories, you need to configure an
S3-compatible object storage system separately, then fill out the s3-related
configuration options in config.ini. We recommend MinIO as a free-software
S3-compatible object storage server.

Please be aware that it is your responsibility to secure the S3 storage to
protect artifacts of private repositories from unauthorized downloads. git.sr.ht
will stream artifact downloads directly from S3 after confirming authorization,
so you simply need to avoid configuring the bucket for public access.

## SSH dispatch

It is necessary to configure git.sr.ht's SSH dispatcher as the system-wide SSH