ghe setup admin - aetas-github-training/Support GitHub Wiki
- Installing GHE on AWS guide
- vCPU, Memory, Attached Storage, and Root Storage requirements
- Your GitHub Enterprise license is available from https://enterprise.github.com/download
- SSH access to the appliance:
- Generating SSH keys
- Administrative Shell (SSH) Access
- For an easier alternative to Windows GUI SSH clients, consider installing GitHub Desktop for Windows. GitHub for Windows includes Git Shell (powered by posh-git), which provides command-line tools such as
ssh-keygen, andssh. - When SSHed into the appliance, consider using Screen to maintain sessions even if a connection is dropped.
- Configuring email for notifications
-
Hostname & subdomain isolation
â ī¸ We recommend not enabling GitHub Pages unless subdomain isolation is enabled.- âšī¸ To support subdomain isolation, consider using an SSL certificate with a wildcard for
*.github.example.com+ Subject Alternative Name (SAN) ofgithub.example.com
- Enabling SSL
â ī¸ We strongly recommended you configure a High Availability replica instance to allow for seamless manual failover in the event of a system failure.- High Availability Cluster Configuration
- Initiating a failover to your replica instance
- DNS failover
â ī¸ We highly recommend you configure automated backups using the GitHub Backup Utilities as they provide versioned snapshots for disaster recovery. GitHub Backup Utilities should be used in conjunction with the High Availability replica and your VM hypervisor's snapshot functionality.- Backups and disaster recovery guide
- GitHub open source
backup-utils - Getting started
â ī¸ Make sure to usessh-agent(preferred) or a passphrase-less key when configuring the backup host.- Requirements
- Scheduling backups
- Using the backup and restore commands
- An instance must be placed into maintenance mode to restore from a backup snapshot
- Be sure to keep
backup-utilsup-to-date (see Releases page for updates)- If you installed
backup-utilsusing Git (e.g.:git clone -b stable https://github.com/github/backup-utils.git), you can easily update by performing agit pullin thebackup-utilsdirectory.
- If you installed
- đē GitHub Training Videos:
- âšī¸ Full HA configuration upgrade playbook below
- Upgrading the GitHub Enterprise Virtual Machine
- âšī¸ Single-step upgrades are supported for the current and next feature release versions (e.g.: 2.2.x to 2.4.x)
- Go directly to new release downloads (without having to log in) by visiting https://enterprise.github.com/releases
- Crafting a force push policy
- Setting Git push limits
- Preventing Users from creating organizations
- Set
user_renaming_enabledtofalsein the global scope Site Admin Advanced Settings to prevent users from changing their usernames
- Auditing users across your instance via Site Admin tools
- Accessing the GitHub Enterprise audit log dashboard
- Searching the audit log
- Forwarding audit log events
- Query-available audited actions
- System Resource Monitoring and Alerting
- Modern monitoring and alerting article
- đē GitHub Training Videos:
- User security best practices
- User suspension
- User (Admin) promotion & demotion
â ī¸ Note that when using SAML authentication, if you remove a user from your identity provider, you must also manually suspend them. Otherwise, they'll continue to be able to authenticate using access tokens or SSH keys. (https://help.github.com/enterprise/2.4/admin/guides/user-management/using-saml/#revoking-access-to-your-instance)
- Impersonate a user by visiting
/stafftools/<username> - Impersonate a user via Site Admin icon (rocket ship) when viewing a user page
- Impersonate a user via Staff Tools via
\(backslash) keyboard shortcut -
Impersonation is an audited action and the stated reason for impersonation is logged.
â ī¸ Note that only the start of impersonation is displayed in the audit log
- Audit logging
- Audited actions
- Auditing users across an organization
- Auditing users across your instance
- Searching the Audit Log
- Managing dormant users guide
- Dormant users can be viewed at
/stafftools/users/dormant
-
Administrative shell access
- Remember to connect using port
122
- Remember to connect using port
- Command-line utilities guide
- Useful commands
-
ghe-announce- sets a banner at the top of every GitHub Enterprise page -
ghe-maintenance- put the instance into maintenance mode -
ghe-user-csv- dumps a list of all the users in the installation in CSV format -
ghe-system-info- responds with JSON of instance health stats -
ghe-license-info- responds with JSON of of the currently installed license -
ghe-set-password- set a new password to log into the Management Console -
ghe-org-admin-promote- gives organization admin privileges (by adding to the Owners team) to all users in your installation who already have Site Admin privileges - Useful, but not available when LDAP sync is enabled:
ghe-user-promoteghe-user-demoteghe-user-suspendghe-user-unsuspend
-
- About improved organization permissions in GitHub Enterprise 2.4
- Disabling Organization Creation advanced setting
- Organizations and teams
- Team administration
- Alternative access controls
- Fork a repo - this is a way to enable contributions by users with read-only access
- What happens to forks when a repository is deleted or changes visibility?