Setting up Gollum

setup | AD hack | image


Setup privilege separation unless you are already inside a container. Create a dedicated user for running gollum

which git-shell
#groupadd -g 32765 gollum
useradd -u 32765 -m -g nogroup -s /usr/bin/git-shell gollum
passwd --delete --unlock gollum
#usermod -p '*' gollum

Define a shared UI user. Unless you go for Omniauth, setup the GIT profile that corresponds to the non-authenticated Gollum web UI. Try to use some mailing-list address and shared name. You will be able to setup binding to some Directory Server afterwards anyway.

chsh -s /bin/bash gollum
su - gollum
git config --global "root@domain.tld"
git config --global "Gollum web UI"
chsh -s /usr/bin/git-shell gollum

Setup GIT access through SSH

mkdir ~gollum/.ssh/
vi ~gollum/.ssh/authorized_keys
chmod 700 ~gollum/
chmod 700 ~gollum/.ssh/
chmod 600 ~gollum/.ssh/authorized_keys
chown -R gollum:gollum ~gollum/

Create repositories as such

    git init --bare /home/gollum/REPO.git
    chown -R gollum:gollum /home/gollum/REPO.git

and validate remotely

git clone ssh://gollum@SERVER_ADDRESS:PORT/REPO.git
cd REPO/
echo ok > ok
git add ok
git commit
git push


from source


apt -y install git ruby ruby-dev zlib1g-dbg zlib1g-dev libicu-dev make build-essential
gem install bundle


slackpkg install ruby libyaml cmake pkg-config libarchive gcc-g++
sbopkg -i rubygem-bundler

and proceed

ruby -v #2.7.2p137
bundler -v #2.1.4
git clone
cd gollum/
bundle install
bin/gollum -v #5.1.1
cp config.rb ~gollum/config.rb.dist
chown gollum:gollum ~gollum/config.rb.dist

from gem

apt install build-essential git ruby ruby-dev libicu-dev zlib1g-dev
gem install gollum rdiscount
which gollum
gollum -v #4.1.4 / 5.1.1


as user

cd ~/
cp /var/lib/gems/2.5.0/gems/gollum-4.1.4/config.rb config.rb.dist
vi config.rb

wiki_options = {
  :live_preview => false,
  :allow_editing => false,
  :allow_uploads => false,
  :h1_title => true,
  :universal_toc => true

Precious::App.set(:wiki_options, wiki_options)
Precious::App.set(:environment, :production)

Ready to go

Enable it at boot time

ls -lhF /bin/ksh
ls -lhF /bin/ash
ls -lhF /bin/dash

vi /etc/rc.local

echo gollum as gollum/REPO.git
/usr/bin/chsh -s /bin/ksh gollum
su - gollum -c "nohup /usr/bin/gollum --config config.rb --host --bare /home/gollum/REPO.git/ >> /home/gollum/REPO.log 2>&1 &"
/usr/bin/chsh -s /usr/bin/git-shell gollum

chmod +x /etc/rc.local

Apply and check

cat ~gollum/REPO.log
ps auxww | grep gollum
lynx -dump localhost:4567

Additional notes

replacing the GRIT adapter

apt -y install cmake pkg-config libcurl3-dev libssl-dev
gem install gollum-rugged_adapter

--adapter rugged

Note. With sate-of-the-art markdown formatting with better tables, and with the rugged adapter,

proxy ready

Only listening to localhost to be reverse proxied locally,


more options

Show everything in Files UI view,

  :show_all => true

Gollum via Rack

more Features

Optionally, add mediawiki formatting,

gem install wikicloth

replacing rdiscount

gem install github-markdown

You can then omit --bare when launching Gollum, as it is only required by GRIT.



How to unlock account for public key ssh authorization, but not for password authorization?



A simple, Git-powered wiki with a sweet API and local frontend.

gollum / gollum Wiki

Git Tip of the Week: Gollum

Formats and extensions


Authentication Middleware for Gollum Wiki

Installing Gollum on Ubuntu with authentication

Gollum with HTTP authentication for multi-users on web.

Copyright © 2024 Pierre-Philipp Braun