Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- it-wiki:git:gitea [2020/02/06 11:38] – [Step 3: Installing Gitea] marko
+++ it-wiki:git:gitea [2020/02/11 09:29] (aktuell) – [Step 1: Preparing the system] marko
@@ Zeile 30: / Zeile 30: @@
 Next, create a user to run Gitea:
 <code bash>
-adduser --system --disabled-password --group --shell /bin/bash --home /home/gitea gitea
+adduser --system --shell /bin/bash --home /home/gitea gitea
 </code>
@@ Zeile 159: / Zeile 159: @@
 UNIX_SOCKET_PERMISSION = 666
 </code>
+===== Step 5: Setting Up the Reverse Proxy =====
+Stop Nginx if it is running, as certbot will need to bind to port 80:
+<code bash>
+systemctl stop nginx.service
+</code>
+Use the following command to obtain a certificate for your domain:
+<code bash>
+certbot certonly --standalone --agree-tos -m your_email@example.com -d your_domain
+</code>
+Let's Encrypt will verify domain ownership before issuing the certificate. Your certificate, chain, and private key will be stored in /etc/letsencrypt/live/your_domain/.
+We can now configure Nginx. Create a new configuration file:
+<code bash>
+$EDITOR /etc/nginx/sites-available/gitea
+</code>
+And enter the following configuration:
+<code bash>
+server {
+        listen 80;
+        listen [::]:80;
+        server_name your_domain;
+        return 301 https://$server_name$request_uri;
+	access_log /var/log/nginx/gitea-proxy_access.log;
+	error_log /var/log/nginx/gitea-proxy_error.log;
+}
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        server_name your_domain;
+        ssl on;
+        ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
+        location / {
+                proxy_pass http://unix:/var/run/gitea/gitea.sock;
+	}
+	access_log /var/log/nginx/gitea-proxy_access.log;
+	error_log /var/log/nginx/gitea-proxy_error.log;
+}
+</code>
+The first server block simply serves to redirect all HTTP requests to HTTPS. The second block listens for HTTPS connections and proxies them to the unix socket on which we configured Gitea to listen.
+Once you've saved the above configuration, run the following to enable it:
+<code bash>
+ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled
+</code>
+Check for any syntax errors with and edit your configuration accordingly:
+<code bash>
+nginx -t
+</code>
+Finally, start Nginx and Gitea:
+<code bash>
+systemctl start nginx.service gitea.service
+</code>
+Your Gitea instance should now be running successfully. If you did not create an administrator account using the initial web installer, the first user to sign up will be given the administrator role.
+===== Optional Steps =====
+==== Logging Configuration ====
+By default, Gitea logs messages of severity level Info and above. You will most likely want to change that to Warn or Error. To do so, open /etc/gitea/app.ini and change the LEVEL parameter in the [log] section to one of: trace, debug, info, warn, error, critical, fatal, none. For example, to log messages of severity Warn and above, use:
+<code bash>
+[log]
+MODE = file
+LEVEL = warn
+ROOT_PATH = /var/lib/gitea/log
+</code>
+Restart Gitea for the changes to take effect:
+<code bash>
+systemctl restart gitea.service
+</code>
+==== Separate SSH server ====
+Gitea can alternatively use its own SSH server. To enable it, add the following line to the [server] configuration section:
+<code bash>
+START_SSH_SERVER = true
+</code>
+And change the SSH port to any number above 1000, for instance:
+<code bash>
+SSH_PORT = 2222
+</code>
+Then restart Gitea to apply the changes.