When I’m at work, I’m behind a fairly strict firewall. Me and the firewall don’t really get along that well and we have a long, and troubled history. When I sit behind it, I see the web through a peep-hole of ports 80 and 443. Everything else is locked down, with explicit opening ssh or ppptp to specific remote IP addresses. Most of the time this is not a problem, but there are cases when such a setup can totally cramp your style.
For example, if you want to push some non-work-related code to Github on your lunch break. Since GitHub is not on the approved list of hosts our network team likes, there is no way for me to ssh to it. When I googled this problem, I have seen a lot of blog posts explaining how to get around this limitation by using ssh forwarding. Yes, this is a solution, but not a very graceful one. It would require me to run an ssh server on port 80 at my house, and bounce my data off of it. Either that or use a public http proxy, and a ssh over http tool like Corcscrew (which to me seemed a bit reckless).
So I assumed that this was one of those intractable problems that require much more effort to resolve, than I actually care to give. On the other hand, this seemed like a feature that was bound to get implemented one of these days. There had to be other people in the same predicament as me, and eventually GitHub would cave in, and implement a method to push and pull over HTTP or HTTPS. So I decided that “wait and see” was the best strategy here.
Of course about a minute after I tweeted the above, I realized that GitHub already implemented this feature. Back in April 2010. Which means for over a year now, I have been failing to realize the answer was right there under my nose. What is the secret? You have to use the right URL. You have to use this one:
GitHub from behind firewall
Essentially what you need to do is to clone the repository like so:
git clone https://username@github.com/username/project.git
This will automatically set up your local repository to push via https rather than ssh. If you already have a local repository and you want to push it to a blank GitHub repository you can simply add a https remote master like this
git remote add master https://username@github.com/username/project.git
Or if you were using the standard method before, and would like to switch to https you can do it like this:
git remote set-url master https://username@github.com/username/project.git
Why am I writing about this now? Well, perhaps I want to add my voice to the cavalcade of links that Google displays when you search for “GitHub behind firewall”. There are probably other people out there like me that haven’t experienced the “duh” moment yet so this here post is to help them out.
Have you ever had a problem that you thought would take way to much effort to resolve when a simple solution was right there in your face? Let me know in the comments. Also to salvage this post for long time GitHub users who knew about this all along, and snickered while reading this, please share your favorite git tricks that git-newbs may not know, but should.
The web filter at my office used to be pretty strict (no sourceforge wtf?) and I had to tunnel around it through a slicehost vps. They didn’t block port 22 so I didn’t have to go over port 80 or anything like that.
Actually, I had a similar “Duh!” moment not long ago with git when I realized that running git over ssh didn’t require setting up any git-daemon or gitorious or anything. All I needed was for the remote repository to be on a machine with sshd running and to provide the correct url. So simple and I’d been doing it wrong for at least a year and a half.
I’ve got my Emacs config checked into Git, which I sometimes tweak at work. So I need to push to GitHub from work, too. I’ve used https pushing as well as tunneling through an ssh connection to home over port 443. I prefer the ssh method because I can use an ssh key, which plays better with Magit.
Running my home ssh server on 443 has the nice advantage that I’ve never seen anyone attack it, because no one’s looking for ssh on that port. When it was on the original 22, I would see several new attackers every day, which always had be worrying.
I was in a similar situation not long ago (on a public Wifi), so I googled a bit and found a free VPN service called proxpn that routes everything through port 443. It only has Windows and Mac clients, but since it’s based on OpenVPN, it was just a matter of installing it with Wine and then finding the configuration file on its path, which can be fed directly to Debian’s openvpn command.
Of course, running everything through a VPN just for Github doesn’t make much sense ;)
I read and I snickered :D heheh
What got me to git was “git init”. Realizing that that was the only incantation you need to to start your repository was quite an overwhelming experience for me, after years of using svn.
I don’t have much in terms of git-trick, but I do enjoy finding other people’s git scripts – porcelains that they themselves wrote – that make git just a little more fun to use.
Here’s one that I wrote myself, and use everyday: git-number
@ astine:
Heh! Yeah, git is deceptively simple. Especially when you are used to github being the “everything and the kitchen sink” type service it is easy to think there is more to it than it is. But at the end of the day it was written by Linus and it conforms to the unix philosophy quite well – be good at one thing, and get the fuck out of the way of actual work.
@ Chris:
Yeah, I had the same experience when running SSH server on an old PC back in the day. It was getting hammered by intrusion attempts all the time. I currently don’t have a spare machine I could dedicate to serverdom but I think I will put the SSH port on 433 when I eventually set one up. :)
@ icebrain:
See, I have this thing about free proxies and vpn’s – my mind always assumes that all of them are gigantic honeypots designed to steal people’s passwords and encryption keys. :P
@ nazri:
When I started using git, I was a bit intimidated by the command line so I used GUI wrappers such as TortoiseGit. The GUI actually did make it more work to set up a repository. Then I ended up using it on linux with no GUI tools installed, and realized that the GUI wasn’t really making my life easier but rather obscuring some git features from me.