The website for craig.stewart.zone https://craig.stewart.zone/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

111 lines
3.3 KiB

<!DOCTYPE html>
<html lang="en">
<head>
<link href="/styles/default.css" rel="stylesheet" type="text/css" />
<title>
Finalising Everything
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>
<div id="wrapper">
<div id="header">
<h1>
Finalising Everything
</h1>
</div>
<div id="layout">
<div id="navigation">
<p class="link">
<a href="/index.html">
Home
</a>
</p>
<p class="link">
<a href="/about.html">
About Me
</a>
</p>
<p class="link">
<a href="/contact.html">
Contact Me
</a>
</p>
<!--<p class="link">
<a href="/cv.html">
My CV
</a>
</p>-->
<p class="link">
<a href="https://www.craig-james-stewart.co.uk/blog/">
My Blog
</a>
</p>
</div>
<div id="content">
<p>First off gitea will try to validate the SSL certificate we are using for postfix, but this is a self signed cert, and not valid for "localhost" so we need to patch the config file to not validate this certificate.</p>
<pre>sudo sed -i.bak '/mailer/a\
SKIP_VERIFY = true' /etc/gitea/app.ini</pre>
<p>Then we need to make gitea a service that will start when we start the server.</p>
<pre>cat << EOF | sudo tee -a /etc/systemd/system/gitea.service > /dev/null
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable gitea
sudo systemctl start gitea</pre>
<p>And finally we are using fail2ban to block IP addresses that are making too many failed logins over SSH from being able to brut force passwords, but now we have set up a server that allows logins over HTTPS, so we should block those too.</p>
<pre>cat << EOF | sudo tee -a /etc/fail2ban/filter.d/gitea.conf > /dev/null
# gitea.conf
[Definition]
failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex =
EOF
cat << EOF | sudo tee -a /etc/fail2ban/jail.d/jail.local > /dev/null
[gitea]
enabled = true
port = http,https
filter = gitea
logpath = /var/lib/gitea/log/gitea.log
maxretry = 10
findtime = 3600
bantime = 900
action = iptables-allports
EOF
sudo service fail2ban restart</pre>
<p>We should now have a working git server. If you set up an Admin user when configuring gitea in the previous steps then we are set. If not you should register a user now, as the first registered user will become admin. Once that is done your Git Server is ready to use.</p>
<p style="text-align:center;"><a href="/guides/building-a-git-repo/installgitea.html" title="Installing Gitea">Installing Gitea</a>|<a href="/guides/building-a-git-repo/" title="Building A git Repository Server">Main Page</a>|<a href="/guides/building-a-git-repo/other-considerations.html" title="Other Considerations">Other Considerations</a></p>
</div>
</div>
</div>
</body>
</html>