clone url: git://git.m455.casa/m455.casa
html/archive/2021/setting-up-a-git-forge-with-gitea.html
| 1 | <!DOCTYPE html> |
| 2 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> |
| 3 | <head> |
| 4 | <meta charset="utf-8" /> |
| 5 | <meta name="generator" content="pandoc" /> |
| 6 | <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> |
| 7 | <title>Setting up a Git forge with Gitea</title> |
| 8 | <style> |
| 9 | code{white-space: pre-wrap;} |
| 10 | span.smallcaps{font-variant: small-caps;} |
| 11 | span.underline{text-decoration: underline;} |
| 12 | div.column{display: inline-block; vertical-align: top; width: 50%;} |
| 13 | div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;} |
| 14 | ul.task-list{list-style: none;} |
| 15 | </style> |
| 16 | <style> |
| 17 | body { |
| 18 | line-height: 1.5; |
| 19 | font-family: sans-serif; |
| 20 | font-size: 18px; |
| 21 | margin: 20px auto; |
| 22 | max-width: 630px; |
| 23 | } |
| 24 | |
| 25 | a { |
| 26 | color: blue; |
| 27 | } |
| 28 | |
| 29 | code, pre { |
| 30 | background-color: #fddee3; |
| 31 | font-size: 14px; |
| 32 | } |
| 33 | |
| 34 | pre { |
| 35 | padding: 25px 25px; |
| 36 | overflow: auto; |
| 37 | } |
| 38 | |
| 39 | pre code { |
| 40 | white-space: pre; |
| 41 | } |
| 42 | |
| 43 | img { |
| 44 | max-width: 100%; |
| 45 | } |
| 46 | |
| 47 | table { |
| 48 | border-collapse: collapse; |
| 49 | } |
| 50 | |
| 51 | table caption { |
| 52 | font-weight: bold; |
| 53 | margin: 10px 0px; |
| 54 | text-align: left; |
| 55 | } |
| 56 | |
| 57 | th, td { |
| 58 | border: 1px solid #000; |
| 59 | padding: 4px; |
| 60 | } |
| 61 | |
| 62 | blockquote { |
| 63 | border-left: 3px solid #000; |
| 64 | padding-left: 10px; |
| 65 | } |
| 66 | |
| 67 | .border { |
| 68 | border: 1px solid #000; |
| 69 | margin: 25px 0px; |
| 70 | padding: 5px 25px; |
| 71 | } |
| 72 | |
| 73 | @media only screen and (max-width: 700px) { |
| 74 | body { |
| 75 | margin: 10px; |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | @media (prefers-color-scheme: dark) { |
| 80 | body { |
| 81 | background-color: #111; |
| 82 | color: #eee; |
| 83 | } |
| 84 | a { |
| 85 | color: #009fff; |
| 86 | } |
| 87 | code, pre { |
| 88 | background-color: #111; |
| 89 | color: #fd6363; |
| 90 | } |
| 91 | pre { |
| 92 | padding: 15px 25px; |
| 93 | } |
| 94 | blockquote { |
| 95 | border-left: 3px solid #666; |
| 96 | } |
| 97 | .border, th, td { |
| 98 | border: 1px solid #666; |
| 99 | } |
| 100 | } |
| 101 | </style> |
| 102 | </head> |
| 103 | <body> |
| 104 | <main> |
| 105 | <h2 id="setting-up-a-git-forge-with-gitea">Setting up a Git forge with Gitea</h2> |
| 106 | <p>2021-01-06 00:00</p> |
| 107 | <p>This page will guide you through setting up a Git forge using <a href="https://gitea.io/">Gitea</a>.</p> |
| 108 | <h3 id="page-overview">Page overview</h3> |
| 109 | <!-- vim-markdown-toc GFM --> |
| 110 | <ul> |
| 111 | <li><a href="#acknowledgements">Acknowledgements</a></li> |
| 112 | <li><a href="#reasoning-for-this-guide">Reasoning for this guide</a></li> |
| 113 | <li><a href="#page-conventions">Page conventions</a></li> |
| 114 | <li><a href="#assumptions">Assumptions</a></li> |
| 115 | <li><a href="#requirements">Requirements</a></li> |
| 116 | <li><a href="#preparing-your-system">Preparing your system</a> |
| 117 | <ul> |
| 118 | <li><a href="#setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</a> |
| 119 | <ul> |
| 120 | <li><a href="#to-setup-dns-records-on-digitalocean">To setup DNS records on DigitalOcean</a></li> |
| 121 | </ul></li> |
| 122 | <li><a href="#creating-a-git-user">Creating a git user</a> |
| 123 | <ul> |
| 124 | <li><a href="#to-create-a-git-user">To create a git user</a></li> |
| 125 | </ul></li> |
| 126 | <li><a href="#adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</a> |
| 127 | <ul> |
| 128 | <li><a href="#to-add-the-git-user-to-your-ssh-servers-allowedusers-list">To add the git user to your SSH server’s AllowedUsers list</a></li> |
| 129 | </ul></li> |
| 130 | <li><a href="#creating-the-required-directories">Creating the required directories</a> |
| 131 | <ul> |
| 132 | <li><a href="#to-create-the-required-directories">To create the required directories</a></li> |
| 133 | </ul></li> |
| 134 | </ul></li> |
| 135 | <li><a href="#setting-up-gitea">Setting up Gitea</a> |
| 136 | <ul> |
| 137 | <li><a href="#downloading-gitea">Downloading Gitea</a> |
| 138 | <ul> |
| 139 | <li><a href="#to-download-gitea">To download Gitea</a></li> |
| 140 | </ul></li> |
| 141 | <li><a href="#installing-gitea">Installing Gitea</a> |
| 142 | <ul> |
| 143 | <li><a href="#to-install-gitea">To install Gitea</a></li> |
| 144 | </ul></li> |
| 145 | <li><a href="#auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</a> |
| 146 | <ul> |
| 147 | <li><a href="#to-auto-start-gitea-on-system-boot">To auto-start Gitea on system boot</a></li> |
| 148 | </ul></li> |
| 149 | </ul></li> |
| 150 | <li><a href="#setting-up-nginx">Setting up nginx</a> |
| 151 | <ul> |
| 152 | <li><a href="#adding-a-reverse-proxy">Adding a reverse proxy</a> |
| 153 | <ul> |
| 154 | <li><a href="#to-add-a-reverse-proxy">To add a reverse proxy</a></li> |
| 155 | </ul></li> |
| 156 | <li><a href="#setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</a> |
| 157 | <ul> |
| 158 | <li><a href="#to-setup-up-your-git-domain-with-certbot">To setup up your git domain with certbot</a></li> |
| 159 | </ul></li> |
| 160 | </ul></li> |
| 161 | <li><a href="#finalizing-your-gitea-setup">Finalizing your Gitea setup</a> |
| 162 | <ul> |
| 163 | <li><a href="#accessing-the-web-interface">Accessing the web interface</a> |
| 164 | <ul> |
| 165 | <li><a href="#to-access-the-web-interface">To access the web interface</a></li> |
| 166 | </ul></li> |
| 167 | <li><a href="#removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</a> |
| 168 | <ul> |
| 169 | <li><a href="#to-remove-the-write-permission-for-the-git-user">To remove the write permission for the git user</a></li> |
| 170 | </ul></li> |
| 171 | <li><a href="#setting-up-fail2ban">Setting up fail2ban</a> |
| 172 | <ul> |
| 173 | <li><a href="#to-setup-fail2ban">To setup fail2ban</a></li> |
| 174 | </ul></li> |
| 175 | </ul></li> |
| 176 | <li><a href="#tweaking-gitea">Tweaking Gitea</a> |
| 177 | <ul> |
| 178 | <li><a href="#disabling-registrations">Disabling registrations</a> |
| 179 | <ul> |
| 180 | <li><a href="#to-disable-registrations">To disable registrations</a></li> |
| 181 | </ul></li> |
| 182 | <li><a href="#changing-the-default-branch-name">Changing the default branch name</a> |
| 183 | <ul> |
| 184 | <li><a href="#to-change-the-default-branch-name">To change the default branch name</a></li> |
| 185 | </ul></li> |
| 186 | <li><a href="#setting-up-garbage-collection">Setting up garbage collection</a> |
| 187 | <ul> |
| 188 | <li><a href="#to-setup-garbage-collection">To setup garbage collection</a></li> |
| 189 | </ul></li> |
| 190 | </ul></li> |
| 191 | </ul> |
| 192 | <!-- vim-markdown-toc --> |
| 193 | <h3 id="acknowledgements">Acknowledgements</h3> |
| 194 | <p>Most of the documentation found here was referenced from <a href="https://docs.gitea.io/en-us/">Gitea’s documentation</a>.</p> |
| 195 | <h3 id="reasoning-for-this-guide">Reasoning for this guide</h3> |
| 196 | <p>As someone who is learning how to maintain servers and online services, I had a bit of trouble following the documentation, because the documentation for setting up Gitea wasn’t as linear as I was used to. I found myself jumping back and forth between the navigation sidebar, so I decided to create a more linear set of instructions for setting up Gitea for other people who had trouble with setting up Gitea.</p> |
| 197 | <h3 id="page-conventions">Page conventions</h3> |
| 198 | <ul> |
| 199 | <li><strong>Note</strong>: Signifies additional information</li> |
| 200 | <li><strong>Tip</strong>: Signifies an alternative procedure for completing a step</li> |
| 201 | <li><strong>Warning</strong>: Signifies that damage, such as data loss, may occur</li> |
| 202 | <li><strong>Example</strong>: Shows how a procedure would be performed in a real scenario</li> |
| 203 | <li><code>Inline code and code blocks</code>: Signify package names, filenames, file contents, or commands</li> |
| 204 | <li><code>yourdomain.com</code>: Signifies that you should replace <code>yourdomain.com</code> with your own domain name.</li> |
| 205 | </ul> |
| 206 | <h3 id="assumptions">Assumptions</h3> |
| 207 | <p>This guide assumes:</p> |
| 208 | <ul> |
| 209 | <li>You are using a Ubuntu server on a DigialOcean droplet</li> |
| 210 | <li>You are using nginx to serve your web content</li> |
| 211 | <li>You manage your SSL/TLS certificates with certbot</li> |
| 212 | <li>You have your domain name setup with DigitalOcean’s name servers</li> |
| 213 | <li>You have your SSH keys setup with your server</li> |
| 214 | <li>You have root access to your server</li> |
| 215 | </ul> |
| 216 | <h3 id="requirements">Requirements</h3> |
| 217 | <ul> |
| 218 | <li>git</li> |
| 219 | <li>sqlite3</li> |
| 220 | <li>fail2ban</li> |
| 221 | </ul> |
| 222 | <h3 id="preparing-your-system">Preparing your system</h3> |
| 223 | <p>Before using Gitea, you will need to prepare DNS records and create a git user.</p> |
| 224 | <p>This section consists of the following topics:</p> |
| 225 | <ul> |
| 226 | <li><a href="#setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</a></li> |
| 227 | <li><a href="#creating-a-git-user">Creating a git user</a></li> |
| 228 | <li><a href="#adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</a></li> |
| 229 | <li><a href="#creating-the-required-directories">Creating the required directories</a></li> |
| 230 | </ul> |
| 231 | <h4 id="setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</h4> |
| 232 | <p>Setting up DNS records for a <code>git.yourdomain.com</code> allows you to redirect users back to your server, so nginx can redirect users to specific paths or ports on your server.</p> |
| 233 | <h5 id="to-setup-dns-records-on-digitalocean">To setup DNS records on DigitalOcean</h5> |
| 234 | <ol type="1"> |
| 235 | <li>Add an A record for <code>git.yourdomain.com</code> to your DigitalOcean droplet</li> |
| 236 | <li>Add an AAAA record for <code>git.yourdomain.com</code> to your DigitalOcean droplet</li> |
| 237 | </ol> |
| 238 | <h4 id="creating-a-git-user">Creating a git user</h4> |
| 239 | <p>Creating a git user allows you to run Gitea as a different user from root. This is a safer option, especially if you intend to push to your repositories using SSH or have multiple users on your Gitea instance.</p> |
| 240 | <h5 id="to-create-a-git-user">To create a git user</h5> |
| 241 | <ol type="1"> |
| 242 | <li><p>Run the following command:</p> |
| 243 | <pre><code> sudo adduser \ |
| 244 | --system \ |
| 245 | --shell /bin/bash \ |
| 246 | --gecos 'Git Version Control' \ |
| 247 | --group \ |
| 248 | --disabled-password \ |
| 249 | --home /home/git \ |
| 250 | git</code></pre></li> |
| 251 | </ol> |
| 252 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#prepare-environment">Prepare environment</a> section.</p> |
| 253 | <h4 id="adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</h4> |
| 254 | <p>Pushing Git commits over SSH is convenient because you don’t need to enter a username and password like you would over HTTPS. You will need to add the git user to your SSH server’s <code>AllowedUsers</code> list to use Git over SSH.</p> |
| 255 | <h5 id="to-add-the-git-user-to-your-ssh-servers-allowedusers-list">To add the git user to your SSH server’s AllowedUsers list</h5> |
| 256 | <ol type="1"> |
| 257 | <li>Open <code>/etc/ssh/sshd_config</code></li> |
| 258 | <li>Find <code>AllowUsers</code></li> |
| 259 | <li>Add <code>git</code> to list of users</li> |
| 260 | </ol> |
| 261 | <h4 id="creating-the-required-directories">Creating the required directories</h4> |
| 262 | <p>Gitea doesn’t have the permissions to create directories in root directories, so you will have to do this yourself.</p> |
| 263 | <h5 id="to-create-the-required-directories">To create the required directories</h5> |
| 264 | <ol type="1"> |
| 265 | <li>Run <code>sudo mkdir -p /var/lib/gitea/{custom,data,log}</code></li> |
| 266 | <li>Run <code>sudo chown -R git:git /var/lib/gitea/</code></li> |
| 267 | <li>Run <code>sudo chmod -R 750 /var/lib/gitea/</code></li> |
| 268 | <li>Run <code>sudo mkdir /etc/gitea</code></li> |
| 269 | <li>Run <code>sudo chown root:git /etc/gitea</code></li> |
| 270 | <li>Run <code>sudo chmod 770 /etc/gitea</code></li> |
| 271 | </ol> |
| 272 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#create-required-directory-structure">Create required directory structure</a> section.</p> |
| 273 | <h3 id="setting-up-gitea">Setting up Gitea</h3> |
| 274 | <p>Gitea simplifies installation by providing a binary. You can download this binary and move it to a globally-accessible directory.</p> |
| 275 | <p>This section contains the following topics:</p> |
| 276 | <ul> |
| 277 | <li><a href="#downloading-gitea">Downloading Gitea</a></li> |
| 278 | <li><a href="#installing-gitea">Installing Gitea</a></li> |
| 279 | <li><a href="#auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</a></li> |
| 280 | </ul> |
| 281 | <h4 id="downloading-gitea">Downloading Gitea</h4> |
| 282 | <p>Downloading Gitea will provide you with the proper resources for running Gitea.</p> |
| 283 | <h5 id="to-download-gitea">To download Gitea</h5> |
| 284 | <ol type="1"> |
| 285 | <li>Run <code>sudo su git</code></li> |
| 286 | <li>Run <code>cd</code></li> |
| 287 | <li>Run <code>wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64</code></li> |
| 288 | <li>Run <code>chmod +x gitea</code></li> |
| 289 | </ol> |
| 290 | <aside class="border"> |
| 291 | <p> |
| 292 | <strong>Note</strong>: In this section, we are downloading Gitea version 1.13.1. This guide will quickly become outdated. For the latest version, check out Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#download">Install from binary</a> section. |
| 293 | </p> |
| 294 | </aside> |
| 295 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#download">Download</a> section.</p> |
| 296 | <h4 id="installing-gitea">Installing Gitea</h4> |
| 297 | <p>Installing Gitea will make the Gitea binary globally accessible on your system.</p> |
| 298 | <h5 id="to-install-gitea">To install Gitea</h5> |
| 299 | <ol type="1"> |
| 300 | <li>Run <code>cp gitea /usr/local/bin/gitea</code></li> |
| 301 | </ol> |
| 302 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#copy-gitea-binary-to-global-location">Copy Gitea binary to global location</a> section.</p> |
| 303 | <h4 id="auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</h4> |
| 304 | <p>Auto-starting Gitea can be convenient if you need to restart your server after updates or changes, and have several other services that you need to auto-start.</p> |
| 305 | <h5 id="to-auto-start-gitea-on-system-boot">To auto-start Gitea on system boot</h5> |
| 306 | <ol type="1"> |
| 307 | <li><p>Add the following in <code>/etc/systemd/system/gitea.service</code>:</p> |
| 308 | <pre><code> [Unit] |
| 309 | Description=Gitea (Git with a cup of tea) |
| 310 | After=syslog.target |
| 311 | After=network.target |
| 312 | ### |
| 313 | # Don't forget to add the database service requirements |
| 314 | ### |
| 315 | # |
| 316 | #Requires=mysql.service |
| 317 | #Requires=mariadb.service |
| 318 | #Requires=postgresql.service |
| 319 | #Requires=memcached.service |
| 320 | #Requires=redis.service |
| 321 | # |
| 322 | ### |
| 323 | # If using socket activation for main http/s |
| 324 | ### |
| 325 | # |
| 326 | #After=gitea.main.socket |
| 327 | #Requires=gitea.main.socket |
| 328 | # |
| 329 | ### |
| 330 | # (You can also provide gitea an http fallback and/or ssh socket too) |
| 331 | # |
| 332 | # An example of /etc/systemd/system/gitea.main.socket |
| 333 | ### |
| 334 | ## |
| 335 | ## [Unit] |
| 336 | ## Description=Gitea Web Socket |
| 337 | ## PartOf=gitea.service |
| 338 | ## |
| 339 | ## [Socket] |
| 340 | ## Service=gitea.service |
| 341 | ## ListenStream=<some_port> |
| 342 | ## NoDelay=true |
| 343 | ## |
| 344 | ## [Install] |
| 345 | ## WantedBy=sockets.target |
| 346 | ## |
| 347 | ### |
| 348 | |
| 349 | [Service] |
| 350 | # Modify these two values and uncomment them if you have |
| 351 | # repos with lots of files and get an HTTP error 500 because |
| 352 | # of that |
| 353 | ### |
| 354 | #LimitMEMLOCK=infinity |
| 355 | #LimitNOFILE=65535 |
| 356 | RestartSec=2s |
| 357 | Type=simple |
| 358 | User=git |
| 359 | Group=git |
| 360 | WorkingDirectory=/var/lib/gitea/ |
| 361 | # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file |
| 362 | # (manually creating /run/gitea doesn't work, because it would not persist across reboots) |
| 363 | #RuntimeDirectory=gitea |
| 364 | ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini |
| 365 | Restart=always |
| 366 | Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea |
| 367 | # If you install Git to directory prefix other than default PATH (which happens |
| 368 | # for example if you install other versions of Git side-to-side with |
| 369 | # distribution version), uncomment below line and add that prefix to PATH |
| 370 | # Don't forget to place git-lfs binary on the PATH below if you want to enable |
| 371 | # Git LFS support |
| 372 | #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin |
| 373 | # If you want to bind Gitea to a port below 1024, uncomment |
| 374 | # the two values below, or use socket activation to pass Gitea its ports as above |
| 375 | ### |
| 376 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
| 377 | #AmbientCapabilities=CAP_NET_BIND_SERVICE |
| 378 | ### |
| 379 | |
| 380 | [Install] |
| 381 | WantedBy=multi-user.target</code></pre></li> |
| 382 | <li><p>Run <code>sudo systemctl enable gitea</code></p></li> |
| 383 | <li><p>Run <code>sudo systemctl start gitea</code></p></li> |
| 384 | </ol> |
| 385 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/linux-service/#using-systemd">Using systemd</a> section.</p> |
| 386 | <h3 id="setting-up-nginx">Setting up nginx</h3> |
| 387 | <p>Gitea is a web application, so you will need to setup nginx to serve the interface.</p> |
| 388 | <p>This section consists of the following topics:</p> |
| 389 | <ul> |
| 390 | <li><a href="#adding-a-reverse-proxy">Adding a reverse proxy</a></li> |
| 391 | <li><a href="#setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</a></li> |
| 392 | </ul> |
| 393 | <h4 id="adding-a-reverse-proxy">Adding a reverse proxy</h4> |
| 394 | <p>Gitea runs on port 3000 by default, so you will need to configure nginx to redirect users to port 3000 on your server when they visit git.yourdomain.com.</p> |
| 395 | <h5 id="to-add-a-reverse-proxy">To add a reverse proxy</h5> |
| 396 | <ol type="1"> |
| 397 | <li><p>Add the following in <code>/etc/nginx/sites-available/git.yourdomain.com</code> as root:</p> |
| 398 | <pre><code> server { |
| 399 | listen 80; |
| 400 | server_name git.yourdomain.com; |
| 401 | |
| 402 | location / { |
| 403 | proxy_pass http://localhost:3000; |
| 404 | } |
| 405 | }</code></pre></li> |
| 406 | <li><p>Run the following command:</p> |
| 407 | <pre><code> sudo ln -s /etc/nginx/sites-available/git.yourdomain.com /etc/nginx/sites-enabled/git.yourdomain.com</code></pre></li> |
| 408 | <li><p>Run <code>sudo systemctl restart nginx</code></p></li> |
| 409 | </ol> |
| 410 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/reverse-proxies/#nginx">Nginx</a> section.</p> |
| 411 | <h4 id="setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</h4> |
| 412 | <p>Before you can access your website, you will want to allow a secure connection before you sign up for the initial Gitea account, which will optionally be used as an administrator account as well as a regular user account.</p> |
| 413 | <h5 id="to-setup-up-your-git-domain-with-certbot">To setup up your git domain with certbot</h5> |
| 414 | <ol type="1"> |
| 415 | <li>Run <code>sudo certbot</code></li> |
| 416 | <li>Follow the prompts</li> |
| 417 | <li>Run <code>sudo systemctl restart nginx</code></li> |
| 418 | </ol> |
| 419 | <h3 id="finalizing-your-gitea-setup">Finalizing your Gitea setup</h3> |
| 420 | <p>Before you can use Gitea, you will need to access the web installer. The web installer will guide you through a setup process, and user registration. The first user who signs up has the option to become an administrator user who can also use Gitea as a regular user.</p> |
| 421 | <p>This section consists of the following topics:</p> |
| 422 | <ul> |
| 423 | <li><a href="#accessing-the-web-interface">Accessing the web interface</a></li> |
| 424 | <li><a href="#removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</a></li> |
| 425 | <li><a href="#setting-up-fail2ban">Setting up fail2ban</a></li> |
| 426 | </ul> |
| 427 | <h4 id="accessing-the-web-interface">Accessing the web interface</h4> |
| 428 | <p>Gitea provides a web interface for configuring and installing Gitea. You can access the web interface using a web browser.</p> |
| 429 | <h5 id="to-access-the-web-interface">To access the web interface</h5> |
| 430 | <ol type="1"> |
| 431 | <li><p>Navigate to <code>git.yourdomain.com/install</code> in your browser</p> |
| 432 | <aside class="border"> |
| 433 | <p> |
| 434 | <p><strong>Tip</strong>: If this doesn’t work, try navigating to <code>git.yourdomain.com</code>.</p> |
| 435 | </p> |
| 436 | </aside></li> |
| 437 | <li><p>Choose SQLite</p></li> |
| 438 | <li><p>Change “SSH Server Domain” to <code>git.yourdomain.com</code></p></li> |
| 439 | <li><p>Change “Gitea Base URL” to <code>https://git.yourdomain.com</code></p></li> |
| 440 | <li><p>Choose your desired settings for the remaining configuration options</p></li> |
| 441 | <li><p>Click “Install Gitea”</p></li> |
| 442 | </ol> |
| 443 | <h4 id="removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</h4> |
| 444 | <p>In previous sections, <code>/etc/gitea</code> has write permissions for the git user, so the web installer could write to the configuration file. You should change the permissions back to read-only for security purposes.</p> |
| 445 | <h5 id="to-remove-the-write-permission-for-the-git-user">To remove the write permission for the git user</h5> |
| 446 | <ol type="1"> |
| 447 | <li>Run <code>sudo chmod 750 /etc/gitea</code></li> |
| 448 | <li>Run <code>sudo chmod 640 /etc/gitea/app.ini</code></li> |
| 449 | </ol> |
| 450 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#create-required-directory-structure">Create required directory structure</a> section.</p> |
| 451 | <h4 id="setting-up-fail2ban">Setting up fail2ban</h4> |
| 452 | <p>fail2ban protects your server against repeated attacks if you have a publicly-facing authentication system, such as a sign-in page or a register page.</p> |
| 453 | <p>In this guide, although we will be disabling the registration page, there will still be a sign-in page that we need to protect.</p> |
| 454 | <h5 id="to-setup-fail2ban">To setup fail2ban</h5> |
| 455 | <ol type="1"> |
| 456 | <li><p>Add the following to <code>/etc/fail2ban/filter.d/gitea.conf</code> as root:</p> |
| 457 | <pre><code> [Definition] |
| 458 | failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST> |
| 459 | ignoreregex =</code></pre></li> |
| 460 | <li><p>Add the following to <code>/etc/fail2ban/jail.d/gitea.conf</code> as root:</p> |
| 461 | <pre><code> [gitea] |
| 462 | enabled = true |
| 463 | filter = gitea |
| 464 | logpath = /var/lib/gitea/log/gitea.log |
| 465 | maxretry = 10 |
| 466 | findtime = 3600 |
| 467 | bantime = 900 |
| 468 | action = iptables-allports</code></pre></li> |
| 469 | <li><p>Run <code>touch /var/lib/gitea/log/gitea.log</code> as root</p></li> |
| 470 | <li><p>Run <code>systemctl restart fail2ban</code></p></li> |
| 471 | </ol> |
| 472 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/fail2ban-setup/">Fail2ban setup to block users after failed login attempts</a> page.</p> |
| 473 | <h3 id="tweaking-gitea">Tweaking Gitea</h3> |
| 474 | <p>Gitea provides an <code>app.ini</code> file that allows you to modify Gitea to your liking.</p> |
| 475 | <p>This section consists of the following topics:</p> |
| 476 | <ul> |
| 477 | <li><a href="#disabling-registrations">Disabling registrations</a></li> |
| 478 | <li><a href="#changing-the-default-branch-name">Changing the default branch name</a></li> |
| 479 | <li><a href="#setting-up-garbage-collection">Setting up garbage collection</a></li> |
| 480 | </ul> |
| 481 | <h4 id="disabling-registrations">Disabling registrations</h4> |
| 482 | <p>After you created the first user, you can disable registrations to prevent unknown users from registering on your Gitea.</p> |
| 483 | <aside class="border"> |
| 484 | <p> |
| 485 | <strong>Note</strong>: If you wish to add a user in the future, you can use Gitea’s built-in “Create User Account” button found in “Site Administration” > “User Accounts”. |
| 486 | </p> |
| 487 | </aside> |
| 488 | <h5 id="to-disable-registrations">To disable registrations</h5> |
| 489 | <ol type="1"> |
| 490 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
| 491 | <li>Find the <code>[service]</code> section</li> |
| 492 | <li>Change <code>DISABLE_REGISTRATION</code>’s value to <code>true</code></li> |
| 493 | </ol> |
| 494 | <aside class="border"> |
| 495 | <p> |
| 496 | <strong>Example</strong>: Your <code>[service]</code> section might look like the one below: |
| 497 | </p> |
| 498 | <pre> |
| 499 | [service] |
| 500 | REGISTER_EMAIL_CONFIRM = false |
| 501 | ENABLE_NOTIFY_MAIL = false |
| 502 | DISABLE_REGISTRATION = true |
| 503 | ALLOW_ONLY_EXTERNAL_REGISTRATION = false |
| 504 | ENABLE_CAPTCHA = false |
| 505 | REQUIRE_SIGNIN_VIEW = false |
| 506 | DEFAULT_KEEP_EMAIL_PRIVATE = false |
| 507 | DEFAULT_ALLOW_CREATE_ORGANIZATION = false |
| 508 | DEFAULT_ENABLE_TIMETRACKING = false |
| 509 | NO_REPLY_ADDRESS = noreply.localhost |
| 510 | </pre> |
| 511 | </aside> |
| 512 | <h4 id="changing-the-default-branch-name">Changing the default branch name</h4> |
| 513 | <p>Gitea allows you to set a default branch name when creating new repositories.</p> |
| 514 | <h5 id="to-change-the-default-branch-name">To change the default branch name</h5> |
| 515 | <ol type="1"> |
| 516 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
| 517 | <li>Find the <code>[repository]</code> section</li> |
| 518 | <li>Change <code>DEFAULT_BRANCH</code>’s value to <code>main</code></li> |
| 519 | </ol> |
| 520 | <aside class="border"> |
| 521 | <p> |
| 522 | <strong>Example</strong>: Your <code>[repository]</code> section might look like the one below: |
| 523 | </p> |
| 524 | <pre> |
| 525 | [repository] |
| 526 | ROOT = /home/git/gitea-repositories |
| 527 | DEFAULT_BRANCH = main |
| 528 | </pre> |
| 529 | </aside> |
| 530 | <aside class="border"> |
| 531 | <p> |
| 532 | <strong>Note</strong>: Other common default branch names could be <code>trunk</code> or <code>default</code> |
| 533 | </p> |
| 534 | </aside> |
| 535 | <h4 id="setting-up-garbage-collection">Setting up garbage collection</h4> |
| 536 | <p>Setting a garbage collection value will prevent incremental memory consumption over time. Setting this keeps CPU usage at a constant level. Without this set, the CPU usage rises over time.</p> |
| 537 | <h5 id="to-setup-garbage-collection">To setup garbage collection</h5> |
| 538 | <ol type="1"> |
| 539 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
| 540 | <li>Find the <code>[session]</code> section</li> |
| 541 | <li>Add <code>GC_INTERVAL_TIME = 86400</code> under <code>PROVIDER = file</code></li> |
| 542 | </ol> |
| 543 | <aside class="border"> |
| 544 | <p> |
| 545 | <strong>Example</strong>: Your <code>[session]</code> section might look like the one below: |
| 546 | </p> |
| 547 | <pre> |
| 548 | [session] |
| 549 | PROVIDER = file |
| 550 | GC_INTERVAL_TIME = 86400 |
| 551 | </pre> |
| 552 | </aside> |
| 553 | </main> |
| 554 | </body> |
| 555 | </html> |