Browse Source

Finish configuring gitea.

pull/1/head
Craig Stewart 4 years ago
parent
commit
3aeb06273d
  1. 60
      guides/building-a-git-repo/finalising.html
  2. 52
      guides/building-a-git-repo/installgitea.html

60
guides/building-a-git-repo/finalising.html

@ -43,6 +43,66 @@ My Blog
</p>
</div>
<div id="content">
<p>First off gitea will try to validate the SSL certificate we are using for postfix, but this is a self signed cert, and not valid for "localhost" so we need to patch the config file to not validate this certificate.</p>
<pre>sudo sed -i.bak '/mailer/a\
SKIP_VERIFY = true' /etc/gitea/app.ini</pre>
<p>Then we need to make gitea a service that will start when we start the server.</p>
<pre>cat << EOF | sudo tee -a /etc/systemd/system/gitea.service > /dev/null
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable gitea
sudo systemctl start gitea</pre>
<p>And finally we are using fail2ban to block IP addresses that are making too many failed logins over SSH from being able to brut force passwords, but now we have set up a server that allows logins over HTTPS, so we should block those too.</p>
<pre>cat << EOF | sudo tee -a /etc/fail2ban/filter.d/gitea.conf > /dev/null
# gitea.conf
[Definition]
failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex =
EOF
cat << EOF | sudo tee -a /etc/fail2ban/jail.d/jail.local > /dev/null
[gitea]
enabled = true
port = http,https
filter = gitea
logpath = /var/lib/gitea/log/gitea.log
maxretry = 10
findtime = 3600
bantime = 900
action = iptables-allports
EOF
sudo service fail2ban restart</pre>
<p>We should now have a working git server. If you set up an Admin user when configuring gitea in the previous steps then we are set. If not you should register a user now, as the first registered user will become admin. Once that is done your Git Server is ready to use.</p>
<p style="text-align:center;"><a href="/guides/building-a-git-repo/installgitea.html" title="Installing Gitea">Installing Gitea</a>|<a href="/guides/building-a-git-repo/" title="Building A git Repository Server">Main Page</a>|<a href="/guides/building-a-git-repo/other-considerations.html" title="Other Considerations">Other Considerations</a></p>
</div>
</div>

52
guides/building-a-git-repo/installgitea.html

@ -64,45 +64,21 @@ sudo chown root:root gitea
sudo mv gitea /usr/local/bin/
sudo chmod +x /usr/local/bin/gitea
sudo -u git /usr/local/bin/gitea web -c /etc/gitea/app.ini</pre>
<p>At this point you should be able to visit your git domain in a web browser, https://git.example.com in this guide, and configure gitea through the installation page. Once done the gitea process will stop, and we need to make the config secure</p>
<p>At this point you should be able to visit your git domain in a web browser, https://git.example.com in this guide, and configure gitea through the installation page.</p>
<p>Most of the settings can be left as their defaults, with the following exceptions,
<ul>Config changes from defaults
<li>In Database settings you need to enter the Database password you set for the gitea user of the database</li>
<li>In General Application Settings change the LFS Root Path to "/var/lib/gitea/data/lfs"</li>
<li>Change Domain to the FQDN you are using (git.example.com in this guide)</li>
<li>Change Application URL to HTTPS at your domain (https://git.example.com/ in this guide)</li>
<li>Change Log Path to "/var/lib/gitea/log"</li>
<li>In the Optional Settings, expand Email Service Settings and set SMTP Host to "localhost:25"</li>
<li>Set From to something like "no-reply@git.example.com"</li>
<li>Tick both Enable Register Confirmation and Enable Mail Notifications</li></ul>
<p>The remaining Settings are your choice, click install Gitea and the config file will be created and Gitea will be configured. Once done the gitea process will stop, and we need to make the config secure.</p>
<pre>sudo chmod 750 /etc/gitea
sudo chmod 644 /etc/gitea/app.ini
cat << EOF | sudo tee -a /etc/systemd/system/gitea.service > /dev/null
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable gitea
sudo systemctl start gitea</pre>
sudo chmod 644 /etc/gitea/app.ini</pre>
<p>We now have a configured Git server, there just remain a few steps to get it ready to go into service.</p>
<p style="text-align:center;"><a href="/guides/building-a-git-repo/installdb.html" title="Installing a Database">Installing a Database</a>|<a href="/guides/building-a-git-repo/" title="Building A git Repository Server">Main Page</a>|<a href="/guides/building-a-git-repo/finalising.html" title="Finalising Everything">Finalising Everything</a></p>
</div>
</div>

Loading…
Cancel
Save