开发者

How can I push/pull between git repositories when both are behind firewalls/NATs/...?

I'm intrigued by git. I've used nearly all of the usual players over the past decades. Currently on SVN and not really happy.

I think I understand the basics, but I don't understand one key concept about the distributed nature: how does a user in his/her house talk to/开发者_JS百科from my computer (separate houses, ISP, etc.) , when we both have dynamic IP addresses from our ISPs, and use at least one level of firewall/NAT to hide the local network address from the world.

It's not as if there is a useful DNS entry pointing to the other host/PC/laptop. And most (all?) ISPs don't make it obvious how you open ports in general (sure, I can do it in my house, but what about when I'm in a hotel room?)

Any pointer to the answer to this FAQ greatly appreciated.


This isn't a git question per se. If you were hosting, say, a Subversion repository on your laptop, other developers will still have trouble talking to it while you're in a hotel room. You'll need to make your repos available by tunneling through other protocols or pushing them to mutually accessible resources.

The worst but still operable case is when repos can't talk to each other directly, but you can email patches to each other with git send-email.

Next up the ladder, say you have a shell account with an internet provider that also provides ~/public_html. In that case, you'd create in that webspace a bare repository as described in Setting up a git repository which can be pushed into and pulled from over HTTP(S). Your pushes would be authenticated via SSH, and your collaborators would set up remotes to pull from the appropriate HTTP URL.

That's marginally better than email but slow and klunky. Now git has the benefit of a smart HTTP backend where pulls over HTTP are much faster. With either the smart or the dumb backend, you can enable authentication.

If you don't care about authentication, you could also serve your repository with git daemon from a host that everyone can reach.

If you both have shell access to the same host, you could exchange work directly after connecting to that box. You have many options here:

  • full shell access: same account, same (centralized) repo
  • full shell access: different accounts, separate repos, git pull
  • allow collaborators git-only access to your shell account
  • (and so on)

The above might do in a pinch, but all the manual care and feeding will become tiresome. Outsource that headache to GitHub or Gitorious.


You both talk to a central server (eg, GitHub) using normal outgoing HTTPS requests.


I assume that you are not both on the same local private network, is it?

You can try to set up SSH tunnel, and push/fetch via SSH. You can configure ssh to use non-standard port, and have it exported on your router. You can use one of free dynamic DNS services like DynDNS.

Each of you can set up free account on one of public Git hosting sites like GitHub, push your changes to it when you are ready, and the other would fetch changes from other public repository: this would not need to punch any holes in your firewall / export ports in your router / NAT.

The picture would look similar to this figure from Chapter 5.1 "Distributed Workflows" of Pro Git book, only without the blessed repository and integration manager position, and developers fetching directly from each others public repositories:

lieutenant-diagram http://progit.org/figures/ch5/18333fig0502-tn.png


If all else fails, you can always exchange git bundle's using any channel: be it email attachements or USB disk.


Make a standalone openvpn tunnel between...

example (without crypto):

box one (server): virtual ip 10.10.11.5

openvpn --float  --ping 30 --ping-exit 300 --inactive 300 --mssfix 1400 --tun-mtu 1500 --mute-replay-warnings --dev tun --comp-lzo --port 3565 --ifconfig 10.10.11.5 10.10.11.6  --proto tcp-server

box two ( client): virtual ip 10.10.11.6

openvpn --remote dynamic_ip_of_server_or_no_ip_hostname --float  --ping 30 --ping-exit 300 --inactive 300 --mssfix 1400 --tun-mtu 1500 --mute-replay-warnings --dev tun --comp-lzo --port 3565 --ifconfig 10.10.11.6 10.10.11.5  --proto tcp-client

then, commit to server over ssh... or smbmount, or NFS mount...


three solutions:

  • central cerver (e.g. github)
  • VPN
  • IPv6 (teredo/miredo works perfectly for home setups) + dynDNS (very few do free dynDNS AAAA records, the only one i found was majimoto.net)
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜