TuxNet DokuWiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
it-wiki:git:gitea

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
it-wiki:git:gitea [2020/02/06 11:27] – [Step 3: Installing Gitea] markoit-wiki:git:gitea [2020/02/11 09:29] (aktuell) – [Step 1: Preparing the system] marko
Zeile 14: Zeile 14:
 apt upgrade -y apt upgrade -y
 reboot reboot
 +</code>
 +
 +For this setup, several software packages are required:
 +  *Git, a dependency of Gitea.
 +  *PostgreSQL, as Gitea requires a database.
 +  *Nginx, which will be used as a reverse proxy.
 +  *Certbot, a utility for obtaining Let's Encrypt SSL certificates.
 +  *Sudo, to run commands as the postgres system user.
 +
 +Install them as follows:
 +<code bash>
 +apt install -y git nginx certbot postgresql sudo
 +</code>
 +
 +Next, create a user to run Gitea:
 +<code bash>
 +adduser --system --shell /bin/bash --home /home/gitea gitea
 </code> </code>
  
Zeile 49: Zeile 66:
 ===== Step 3: Installing Gitea ===== ===== Step 3: Installing Gitea =====
 Download the latest linux-amd64 binary from [[https://dl.gitea.io/gitea/|Gitea's download page]]. For example: Download the latest linux-amd64 binary from [[https://dl.gitea.io/gitea/|Gitea's download page]]. For example:
 +<code bash>
 +wget https://dl.gitea.io/gitea/master/gitea-master-linux-amd64 -O /usr/local/bin/gitea
 +chmod 755 /usr/local/bin/gitea
 +</code>
  
-For this setup, several software packages are required: +Nextcreate systemd unit file for Gitea: 
-  *Git, a dependency of Gitea. +<code bash> 
-  *PostgreSQL, as Gitea requires a database. +$EDITOR /etc/systemd/system/gitea.service 
-  *Nginx, which will be used as a reverse proxy+</code>
-  *Certbot, a utility for obtaining Let's Encrypt SSL certificates. +
-  *Sudo, to run commands as the postgres system user.+
  
-Install them as follows:+And enter the following:
 <code bash> <code bash>
-apt install -y git nginx certbot postgresql sudo+[Unit] 
 +Description=Gitea (Git with a cup of tea) 
 +After=syslog.target 
 +After=network.target 
 +Requires=postgresql.service 
 +[Service] 
 +Type=simple 
 +User=gitea 
 +Group=gitea 
 +WorkingDirectory=/var/lib/gitea/ 
 +RuntimeDirectory=gitea 
 +ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini 
 +Restart=always 
 +Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea 
 +[Install] 
 +WantedBy=multi-user.target
 </code> </code>
  
-Next, create a user to run Gitea:+Make sure the new unit is loaded:
 <code bash> <code bash>
-adduser --system --disabled-password --group --shell /bin/bash --home /home/gitea gitea+systemctl daemon-reload
 </code> </code>
 +
 +Then instruct systemd to start Gitea at system startup:
 +<code bash>
 +systemctl enable gitea.service
 +</code>
 +
 +===== Step 4: Configuring Gitea =====
 +For the initial configuration, we'll use the included web install script. First, start Gitea:
 +<code bash>
 +systemctl start gitea.service
 +</code>
 +
 +Then navigate to http://your_domain:3000/install and fill in the required parameters as follows:
 +  * Database Type: PostgreSQL
 +  * Host: 127.0.0.1:5432
 +  * Username: gitea
 +  * Password: Enter the password you chose during Postgres role creation.
 +  * Database Name: gitea
 +  * SSL: Disable
 +  * Site Title: Title of your choice.
 +  * Repository Root Path: /var/lib/gitea/data/repositories
 +  * Git LFS Root Path: /var/lib/gitea/data/lfs
 +  * Run As Username: gitea
 +  * SSH Server Domain: your_domain
 +  * SSH Server Port: 22
 +  * Gitea HTTP Listen Post: 3000
 +  * Gitea Base URL: https://your_domain/
 +  * Log Path: /var/lib/gitea/log
 +
 +Configure email and the remaining settings as deemed fit, then click "Install Gitea". You will be redirected to a faulty URL. This is normal, as we haven't configured Nginx or HTTPS yet. For performance reasons, we will now configure Gitea to listen on a unix socket instead of the default TCP port.
 +
 +Stop Gitea before proceeding:
 +<code bash>
 +systemctl stop gitea.service
 +</code>
 +
 +Tighten permissions on /etc/gitea as shown below. This prevents anyone not in the gitea group from reading app.ini, which contains sensitive information, including database credentials.
 +<code bash>
 +chmod 750 /etc/gitea
 +chown root:gitea /etc/gitea/app.ini
 +chmod 640 /etc/gitea/app.ini
 +</code>
 +
 +Open its configuration file:
 +<code bash>
 +$EDITOR /etc/gitea/app.ini
 +</code>
 +
 +Remove the following line from the [server] section:
 +<code bash>
 +HTTP_PORT = 3000
 +</code>
 +
 +And add the following lines to the [server] section:
 +<code>
 +HTTP_ADDR        = /run/gitea/gitea.sock
 +PROTOCOL         = unix
 +UNIX_SOCKET_PERMISSION = 666
 +</code>
 +
 +===== Step 5: Setting Up the Reverse Proxy =====
 +Stop Nginx if it is running, as certbot will need to bind to port 80:
 +<code bash>
 +systemctl stop nginx.service
 +</code>
 +
 +Use the following command to obtain a certificate for your domain:
 +<code bash>
 +certbot certonly --standalone --agree-tos -m your_email@example.com -d your_domain
 +</code>
 +
 +Let's Encrypt will verify domain ownership before issuing the certificate. Your certificate, chain, and private key will be stored in /etc/letsencrypt/live/your_domain/.
 +
 +We can now configure Nginx. Create a new configuration file:
 +<code bash>
 +$EDITOR /etc/nginx/sites-available/gitea
 +</code>
 +
 +And enter the following configuration:
 +<code bash>
 +server {
 +        listen 80;
 +        listen [::]:80;
 +        server_name your_domain;
 +        return 301 https://$server_name$request_uri;
 + access_log /var/log/nginx/gitea-proxy_access.log;
 + error_log /var/log/nginx/gitea-proxy_error.log;
 +}
 +server {
 +        listen 443 ssl;
 +        listen [::]:443 ssl;
 +        server_name your_domain;
 +        ssl on;
 +        ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
 +        ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
 +        location / {
 +                proxy_pass http://unix:/var/run/gitea/gitea.sock;
 + }
 + access_log /var/log/nginx/gitea-proxy_access.log;
 + error_log /var/log/nginx/gitea-proxy_error.log;
 +}
 +</code>
 +
 +The first server block simply serves to redirect all HTTP requests to HTTPS. The second block listens for HTTPS connections and proxies them to the unix socket on which we configured Gitea to listen.
 +
 +Once you've saved the above configuration, run the following to enable it:
 +<code bash>
 +ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled
 +</code>
 +
 +Check for any syntax errors with and edit your configuration accordingly:
 +<code bash>
 +nginx -t
 +</code>
 +
 +Finally, start Nginx and Gitea:
 +<code bash>
 +systemctl start nginx.service gitea.service
 +</code>
 +
 +Your Gitea instance should now be running successfully. If you did not create an administrator account using the initial web installer, the first user to sign up will be given the administrator role.
 +
 +===== Optional Steps =====
 +==== Logging Configuration ====
 +By default, Gitea logs messages of severity level Info and above. You will most likely want to change that to Warn or Error. To do so, open /etc/gitea/app.ini and change the LEVEL parameter in the [log] section to one of: trace, debug, info, warn, error, critical, fatal, none. For example, to log messages of severity Warn and above, use:
 +<code bash>
 +[log]
 +MODE = file
 +LEVEL = warn
 +ROOT_PATH = /var/lib/gitea/log
 +</code>
 +
 +Restart Gitea for the changes to take effect:
 +<code bash>
 +systemctl restart gitea.service
 +</code>
 +
 +==== Separate SSH server ====
 +Gitea can alternatively use its own SSH server. To enable it, add the following line to the [server] configuration section:
 +
 +<code bash>
 +START_SSH_SERVER = true
 +</code>
 +
 +And change the SSH port to any number above 1000, for instance:
 +<code bash>
 +SSH_PORT = 2222
 +</code>
 +
 +Then restart Gitea to apply the changes.
it-wiki/git/gitea.1580988469.txt.gz · Zuletzt geändert: von marko