clone url: git://git.m455.casa/m455.casa
html/archive/2021/setting-up-a-git-forge-with-gitea.html
1 | <!DOCTYPE html> |
2 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> |
3 | <head> |
4 | <meta charset="utf-8" /> |
5 | <meta name="generator" content="pandoc" /> |
6 | <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> |
7 | <title>Setting up a Git forge with Gitea</title> |
8 | <style> |
9 | code{white-space: pre-wrap;} |
10 | span.smallcaps{font-variant: small-caps;} |
11 | span.underline{text-decoration: underline;} |
12 | div.column{display: inline-block; vertical-align: top; width: 50%;} |
13 | div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;} |
14 | ul.task-list{list-style: none;} |
15 | </style> |
16 | <style> |
17 | body { |
18 | line-height: 1.5; |
19 | font-family: sans-serif; |
20 | font-size: 18px; |
21 | margin: 20px auto; |
22 | max-width: 630px; |
23 | } |
24 |
|
25 | a { |
26 | color: blue; |
27 | } |
28 |
|
29 | code, pre { |
30 | background-color: #fddee3; |
31 | font-size: 14px; |
32 | } |
33 |
|
34 | pre { |
35 | padding: 25px 25px; |
36 | overflow: auto; |
37 | } |
38 |
|
39 | pre code { |
40 | white-space: pre; |
41 | } |
42 |
|
43 | img { |
44 | max-width: 100%; |
45 | } |
46 |
|
47 | table { |
48 | border-collapse: collapse; |
49 | } |
50 |
|
51 | table caption { |
52 | font-weight: bold; |
53 | margin: 10px 0px; |
54 | text-align: left; |
55 | } |
56 |
|
57 | th, td { |
58 | border: 1px solid #000; |
59 | padding: 4px; |
60 | } |
61 |
|
62 | blockquote { |
63 | border-left: 3px solid #000; |
64 | padding-left: 10px; |
65 | } |
66 |
|
67 | .border { |
68 | border: 1px solid #000; |
69 | margin: 25px 0px; |
70 | padding: 5px 25px; |
71 | } |
72 |
|
73 | @media only screen and (max-width: 700px) { |
74 | body { |
75 | margin: 10px; |
76 | } |
77 | } |
78 |
|
79 | @media (prefers-color-scheme: dark) { |
80 | body { |
81 | background-color: #111; |
82 | color: #eee; |
83 | } |
84 | a { |
85 | color: #009fff; |
86 | } |
87 | code, pre { |
88 | background-color: #111; |
89 | color: #fd6363; |
90 | } |
91 | pre { |
92 | padding: 15px 25px; |
93 | } |
94 | blockquote { |
95 | border-left: 3px solid #666; |
96 | } |
97 | .border, th, td { |
98 | border: 1px solid #666; |
99 | } |
100 | } |
101 | </style> |
102 | </head> |
103 | <body> |
104 | <main> |
105 | <h2 id="setting-up-a-git-forge-with-gitea">Setting up a Git forge with Gitea</h2> |
106 | <p>2021-01-06 00:00</p> |
107 | <p>This page will guide you through setting up a Git forge using <a href="https://gitea.io/">Gitea</a>.</p> |
108 | <h3 id="page-overview">Page overview</h3> |
109 | <!-- vim-markdown-toc GFM --> |
110 | <ul> |
111 | <li><a href="#acknowledgements">Acknowledgements</a></li> |
112 | <li><a href="#reasoning-for-this-guide">Reasoning for this guide</a></li> |
113 | <li><a href="#page-conventions">Page conventions</a></li> |
114 | <li><a href="#assumptions">Assumptions</a></li> |
115 | <li><a href="#requirements">Requirements</a></li> |
116 | <li><a href="#preparing-your-system">Preparing your system</a> |
117 | <ul> |
118 | <li><a href="#setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</a> |
119 | <ul> |
120 | <li><a href="#to-setup-dns-records-on-digitalocean">To setup DNS records on DigitalOcean</a></li> |
121 | </ul></li> |
122 | <li><a href="#creating-a-git-user">Creating a git user</a> |
123 | <ul> |
124 | <li><a href="#to-create-a-git-user">To create a git user</a></li> |
125 | </ul></li> |
126 | <li><a href="#adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</a> |
127 | <ul> |
128 | <li><a href="#to-add-the-git-user-to-your-ssh-servers-allowedusers-list">To add the git user to your SSH server’s AllowedUsers list</a></li> |
129 | </ul></li> |
130 | <li><a href="#creating-the-required-directories">Creating the required directories</a> |
131 | <ul> |
132 | <li><a href="#to-create-the-required-directories">To create the required directories</a></li> |
133 | </ul></li> |
134 | </ul></li> |
135 | <li><a href="#setting-up-gitea">Setting up Gitea</a> |
136 | <ul> |
137 | <li><a href="#downloading-gitea">Downloading Gitea</a> |
138 | <ul> |
139 | <li><a href="#to-download-gitea">To download Gitea</a></li> |
140 | </ul></li> |
141 | <li><a href="#installing-gitea">Installing Gitea</a> |
142 | <ul> |
143 | <li><a href="#to-install-gitea">To install Gitea</a></li> |
144 | </ul></li> |
145 | <li><a href="#auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</a> |
146 | <ul> |
147 | <li><a href="#to-auto-start-gitea-on-system-boot">To auto-start Gitea on system boot</a></li> |
148 | </ul></li> |
149 | </ul></li> |
150 | <li><a href="#setting-up-nginx">Setting up nginx</a> |
151 | <ul> |
152 | <li><a href="#adding-a-reverse-proxy">Adding a reverse proxy</a> |
153 | <ul> |
154 | <li><a href="#to-add-a-reverse-proxy">To add a reverse proxy</a></li> |
155 | </ul></li> |
156 | <li><a href="#setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</a> |
157 | <ul> |
158 | <li><a href="#to-setup-up-your-git-domain-with-certbot">To setup up your git domain with certbot</a></li> |
159 | </ul></li> |
160 | </ul></li> |
161 | <li><a href="#finalizing-your-gitea-setup">Finalizing your Gitea setup</a> |
162 | <ul> |
163 | <li><a href="#accessing-the-web-interface">Accessing the web interface</a> |
164 | <ul> |
165 | <li><a href="#to-access-the-web-interface">To access the web interface</a></li> |
166 | </ul></li> |
167 | <li><a href="#removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</a> |
168 | <ul> |
169 | <li><a href="#to-remove-the-write-permission-for-the-git-user">To remove the write permission for the git user</a></li> |
170 | </ul></li> |
171 | <li><a href="#setting-up-fail2ban">Setting up fail2ban</a> |
172 | <ul> |
173 | <li><a href="#to-setup-fail2ban">To setup fail2ban</a></li> |
174 | </ul></li> |
175 | </ul></li> |
176 | <li><a href="#tweaking-gitea">Tweaking Gitea</a> |
177 | <ul> |
178 | <li><a href="#disabling-registrations">Disabling registrations</a> |
179 | <ul> |
180 | <li><a href="#to-disable-registrations">To disable registrations</a></li> |
181 | </ul></li> |
182 | <li><a href="#changing-the-default-branch-name">Changing the default branch name</a> |
183 | <ul> |
184 | <li><a href="#to-change-the-default-branch-name">To change the default branch name</a></li> |
185 | </ul></li> |
186 | <li><a href="#setting-up-garbage-collection">Setting up garbage collection</a> |
187 | <ul> |
188 | <li><a href="#to-setup-garbage-collection">To setup garbage collection</a></li> |
189 | </ul></li> |
190 | </ul></li> |
191 | </ul> |
192 | <!-- vim-markdown-toc --> |
193 | <h3 id="acknowledgements">Acknowledgements</h3> |
194 | <p>Most of the documentation found here was referenced from <a href="https://docs.gitea.io/en-us/">Gitea’s documentation</a>.</p> |
195 | <h3 id="reasoning-for-this-guide">Reasoning for this guide</h3> |
196 | <p>As someone who is learning how to maintain servers and online services, I had a bit of trouble following the documentation, because the documentation for setting up Gitea wasn’t as linear as I was used to. I found myself jumping back and forth between the navigation sidebar, so I decided to create a more linear set of instructions for setting up Gitea for other people who had trouble with setting up Gitea.</p> |
197 | <h3 id="page-conventions">Page conventions</h3> |
198 | <ul> |
199 | <li><strong>Note</strong>: Signifies additional information</li> |
200 | <li><strong>Tip</strong>: Signifies an alternative procedure for completing a step</li> |
201 | <li><strong>Warning</strong>: Signifies that damage, such as data loss, may occur</li> |
202 | <li><strong>Example</strong>: Shows how a procedure would be performed in a real scenario</li> |
203 | <li><code>Inline code and code blocks</code>: Signify package names, filenames, file contents, or commands</li> |
204 | <li><code>yourdomain.com</code>: Signifies that you should replace <code>yourdomain.com</code> with your own domain name.</li> |
205 | </ul> |
206 | <h3 id="assumptions">Assumptions</h3> |
207 | <p>This guide assumes:</p> |
208 | <ul> |
209 | <li>You are using a Ubuntu server on a DigialOcean droplet</li> |
210 | <li>You are using nginx to serve your web content</li> |
211 | <li>You manage your SSL/TLS certificates with certbot</li> |
212 | <li>You have your domain name setup with DigitalOcean’s name servers</li> |
213 | <li>You have your SSH keys setup with your server</li> |
214 | <li>You have root access to your server</li> |
215 | </ul> |
216 | <h3 id="requirements">Requirements</h3> |
217 | <ul> |
218 | <li>git</li> |
219 | <li>sqlite3</li> |
220 | <li>fail2ban</li> |
221 | </ul> |
222 | <h3 id="preparing-your-system">Preparing your system</h3> |
223 | <p>Before using Gitea, you will need to prepare DNS records and create a git user.</p> |
224 | <p>This section consists of the following topics:</p> |
225 | <ul> |
226 | <li><a href="#setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</a></li> |
227 | <li><a href="#creating-a-git-user">Creating a git user</a></li> |
228 | <li><a href="#adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</a></li> |
229 | <li><a href="#creating-the-required-directories">Creating the required directories</a></li> |
230 | </ul> |
231 | <h4 id="setting-up-dns-records-on-digitalocean">Setting up DNS records on DigitalOcean</h4> |
232 | <p>Setting up DNS records for a <code>git.yourdomain.com</code> allows you to redirect users back to your server, so nginx can redirect users to specific paths or ports on your server.</p> |
233 | <h5 id="to-setup-dns-records-on-digitalocean">To setup DNS records on DigitalOcean</h5> |
234 | <ol type="1"> |
235 | <li>Add an A record for <code>git.yourdomain.com</code> to your DigitalOcean droplet</li> |
236 | <li>Add an AAAA record for <code>git.yourdomain.com</code> to your DigitalOcean droplet</li> |
237 | </ol> |
238 | <h4 id="creating-a-git-user">Creating a git user</h4> |
239 | <p>Creating a git user allows you to run Gitea as a different user from root. This is a safer option, especially if you intend to push to your repositories using SSH or have multiple users on your Gitea instance.</p> |
240 | <h5 id="to-create-a-git-user">To create a git user</h5> |
241 | <ol type="1"> |
242 | <li><p>Run the following command:</p> |
243 | <pre><code> sudo adduser \ |
244 | --system \ |
245 | --shell /bin/bash \ |
246 | --gecos 'Git Version Control' \ |
247 | --group \ |
248 | --disabled-password \ |
249 | --home /home/git \ |
250 | git</code></pre></li> |
251 | </ol> |
252 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#prepare-environment">Prepare environment</a> section.</p> |
253 | <h4 id="adding-the-git-user-to-your-ssh-servers-allowedusers-list">Adding the git user to your SSH server’s AllowedUsers list</h4> |
254 | <p>Pushing Git commits over SSH is convenient because you don’t need to enter a username and password like you would over HTTPS. You will need to add the git user to your SSH server’s <code>AllowedUsers</code> list to use Git over SSH.</p> |
255 | <h5 id="to-add-the-git-user-to-your-ssh-servers-allowedusers-list">To add the git user to your SSH server’s AllowedUsers list</h5> |
256 | <ol type="1"> |
257 | <li>Open <code>/etc/ssh/sshd_config</code></li> |
258 | <li>Find <code>AllowUsers</code></li> |
259 | <li>Add <code>git</code> to list of users</li> |
260 | </ol> |
261 | <h4 id="creating-the-required-directories">Creating the required directories</h4> |
262 | <p>Gitea doesn’t have the permissions to create directories in root directories, so you will have to do this yourself.</p> |
263 | <h5 id="to-create-the-required-directories">To create the required directories</h5> |
264 | <ol type="1"> |
265 | <li>Run <code>sudo mkdir -p /var/lib/gitea/{custom,data,log}</code></li> |
266 | <li>Run <code>sudo chown -R git:git /var/lib/gitea/</code></li> |
267 | <li>Run <code>sudo chmod -R 750 /var/lib/gitea/</code></li> |
268 | <li>Run <code>sudo mkdir /etc/gitea</code></li> |
269 | <li>Run <code>sudo chown root:git /etc/gitea</code></li> |
270 | <li>Run <code>sudo chmod 770 /etc/gitea</code></li> |
271 | </ol> |
272 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#create-required-directory-structure">Create required directory structure</a> section.</p> |
273 | <h3 id="setting-up-gitea">Setting up Gitea</h3> |
274 | <p>Gitea simplifies installation by providing a binary. You can download this binary and move it to a globally-accessible directory.</p> |
275 | <p>This section contains the following topics:</p> |
276 | <ul> |
277 | <li><a href="#downloading-gitea">Downloading Gitea</a></li> |
278 | <li><a href="#installing-gitea">Installing Gitea</a></li> |
279 | <li><a href="#auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</a></li> |
280 | </ul> |
281 | <h4 id="downloading-gitea">Downloading Gitea</h4> |
282 | <p>Downloading Gitea will provide you with the proper resources for running Gitea.</p> |
283 | <h5 id="to-download-gitea">To download Gitea</h5> |
284 | <ol type="1"> |
285 | <li>Run <code>sudo su git</code></li> |
286 | <li>Run <code>cd</code></li> |
287 | <li>Run <code>wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64</code></li> |
288 | <li>Run <code>chmod +x gitea</code></li> |
289 | </ol> |
290 | <aside class="border"> |
291 | <p> |
292 | <strong>Note</strong>: In this section, we are downloading Gitea version 1.13.1. This guide will quickly become outdated. For the latest version, check out Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#download">Install from binary</a> section. |
293 | </p> |
294 | </aside> |
295 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#download">Download</a> section.</p> |
296 | <h4 id="installing-gitea">Installing Gitea</h4> |
297 | <p>Installing Gitea will make the Gitea binary globally accessible on your system.</p> |
298 | <h5 id="to-install-gitea">To install Gitea</h5> |
299 | <ol type="1"> |
300 | <li>Run <code>cp gitea /usr/local/bin/gitea</code></li> |
301 | </ol> |
302 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#copy-gitea-binary-to-global-location">Copy Gitea binary to global location</a> section.</p> |
303 | <h4 id="auto-starting-gitea-on-system-boot">Auto-starting Gitea on system boot</h4> |
304 | <p>Auto-starting Gitea can be convenient if you need to restart your server after updates or changes, and have several other services that you need to auto-start.</p> |
305 | <h5 id="to-auto-start-gitea-on-system-boot">To auto-start Gitea on system boot</h5> |
306 | <ol type="1"> |
307 | <li><p>Add the following in <code>/etc/systemd/system/gitea.service</code>:</p> |
308 | <pre><code> [Unit] |
309 | Description=Gitea (Git with a cup of tea) |
310 | After=syslog.target |
311 | After=network.target |
312 | ### |
313 | # Don't forget to add the database service requirements |
314 | ### |
315 | # |
316 | #Requires=mysql.service |
317 | #Requires=mariadb.service |
318 | #Requires=postgresql.service |
319 | #Requires=memcached.service |
320 | #Requires=redis.service |
321 | # |
322 | ### |
323 | # If using socket activation for main http/s |
324 | ### |
325 | # |
326 | #After=gitea.main.socket |
327 | #Requires=gitea.main.socket |
328 | # |
329 | ### |
330 | # (You can also provide gitea an http fallback and/or ssh socket too) |
331 | # |
332 | # An example of /etc/systemd/system/gitea.main.socket |
333 | ### |
334 | ## |
335 | ## [Unit] |
336 | ## Description=Gitea Web Socket |
337 | ## PartOf=gitea.service |
338 | ## |
339 | ## [Socket] |
340 | ## Service=gitea.service |
341 | ## ListenStream=<some_port> |
342 | ## NoDelay=true |
343 | ## |
344 | ## [Install] |
345 | ## WantedBy=sockets.target |
346 | ## |
347 | ### |
348 |
|
349 | [Service] |
350 | # Modify these two values and uncomment them if you have |
351 | # repos with lots of files and get an HTTP error 500 because |
352 | # of that |
353 | ### |
354 | #LimitMEMLOCK=infinity |
355 | #LimitNOFILE=65535 |
356 | RestartSec=2s |
357 | Type=simple |
358 | User=git |
359 | Group=git |
360 | WorkingDirectory=/var/lib/gitea/ |
361 | # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file |
362 | # (manually creating /run/gitea doesn't work, because it would not persist across reboots) |
363 | #RuntimeDirectory=gitea |
364 | ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini |
365 | Restart=always |
366 | Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea |
367 | # If you install Git to directory prefix other than default PATH (which happens |
368 | # for example if you install other versions of Git side-to-side with |
369 | # distribution version), uncomment below line and add that prefix to PATH |
370 | # Don't forget to place git-lfs binary on the PATH below if you want to enable |
371 | # Git LFS support |
372 | #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin |
373 | # If you want to bind Gitea to a port below 1024, uncomment |
374 | # the two values below, or use socket activation to pass Gitea its ports as above |
375 | ### |
376 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
377 | #AmbientCapabilities=CAP_NET_BIND_SERVICE |
378 | ### |
379 |
|
380 | [Install] |
381 | WantedBy=multi-user.target</code></pre></li> |
382 | <li><p>Run <code>sudo systemctl enable gitea</code></p></li> |
383 | <li><p>Run <code>sudo systemctl start gitea</code></p></li> |
384 | </ol> |
385 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/linux-service/#using-systemd">Using systemd</a> section.</p> |
386 | <h3 id="setting-up-nginx">Setting up nginx</h3> |
387 | <p>Gitea is a web application, so you will need to setup nginx to serve the interface.</p> |
388 | <p>This section consists of the following topics:</p> |
389 | <ul> |
390 | <li><a href="#adding-a-reverse-proxy">Adding a reverse proxy</a></li> |
391 | <li><a href="#setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</a></li> |
392 | </ul> |
393 | <h4 id="adding-a-reverse-proxy">Adding a reverse proxy</h4> |
394 | <p>Gitea runs on port 3000 by default, so you will need to configure nginx to redirect users to port 3000 on your server when they visit git.yourdomain.com.</p> |
395 | <h5 id="to-add-a-reverse-proxy">To add a reverse proxy</h5> |
396 | <ol type="1"> |
397 | <li><p>Add the following in <code>/etc/nginx/sites-available/git.yourdomain.com</code> as root:</p> |
398 | <pre><code> server { |
399 | listen 80; |
400 | server_name git.yourdomain.com; |
401 |
|
402 | location / { |
403 | proxy_pass http://localhost:3000; |
404 | } |
405 | }</code></pre></li> |
406 | <li><p>Run the following command:</p> |
407 | <pre><code> sudo ln -s /etc/nginx/sites-available/git.yourdomain.com /etc/nginx/sites-enabled/git.yourdomain.com</code></pre></li> |
408 | <li><p>Run <code>sudo systemctl restart nginx</code></p></li> |
409 | </ol> |
410 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/reverse-proxies/#nginx">Nginx</a> section.</p> |
411 | <h4 id="setting-up-your-git-domain-with-certbot">Setting up your git domain with certbot</h4> |
412 | <p>Before you can access your website, you will want to allow a secure connection before you sign up for the initial Gitea account, which will optionally be used as an administrator account as well as a regular user account.</p> |
413 | <h5 id="to-setup-up-your-git-domain-with-certbot">To setup up your git domain with certbot</h5> |
414 | <ol type="1"> |
415 | <li>Run <code>sudo certbot</code></li> |
416 | <li>Follow the prompts</li> |
417 | <li>Run <code>sudo systemctl restart nginx</code></li> |
418 | </ol> |
419 | <h3 id="finalizing-your-gitea-setup">Finalizing your Gitea setup</h3> |
420 | <p>Before you can use Gitea, you will need to access the web installer. The web installer will guide you through a setup process, and user registration. The first user who signs up has the option to become an administrator user who can also use Gitea as a regular user.</p> |
421 | <p>This section consists of the following topics:</p> |
422 | <ul> |
423 | <li><a href="#accessing-the-web-interface">Accessing the web interface</a></li> |
424 | <li><a href="#removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</a></li> |
425 | <li><a href="#setting-up-fail2ban">Setting up fail2ban</a></li> |
426 | </ul> |
427 | <h4 id="accessing-the-web-interface">Accessing the web interface</h4> |
428 | <p>Gitea provides a web interface for configuring and installing Gitea. You can access the web interface using a web browser.</p> |
429 | <h5 id="to-access-the-web-interface">To access the web interface</h5> |
430 | <ol type="1"> |
431 | <li><p>Navigate to <code>git.yourdomain.com/install</code> in your browser</p> |
432 | <aside class="border"> |
433 | <p> |
434 | <p><strong>Tip</strong>: If this doesn’t work, try navigating to <code>git.yourdomain.com</code>.</p> |
435 | </p> |
436 | </aside></li> |
437 | <li><p>Choose SQLite</p></li> |
438 | <li><p>Change “SSH Server Domain” to <code>git.yourdomain.com</code></p></li> |
439 | <li><p>Change “Gitea Base URL” to <code>https://git.yourdomain.com</code></p></li> |
440 | <li><p>Choose your desired settings for the remaining configuration options</p></li> |
441 | <li><p>Click “Install Gitea”</p></li> |
442 | </ol> |
443 | <h4 id="removing-the-write-permission-for-the-git-user">Removing the write permission for the git user</h4> |
444 | <p>In previous sections, <code>/etc/gitea</code> has write permissions for the git user, so the web installer could write to the configuration file. You should change the permissions back to read-only for security purposes.</p> |
445 | <h5 id="to-remove-the-write-permission-for-the-git-user">To remove the write permission for the git user</h5> |
446 | <ol type="1"> |
447 | <li>Run <code>sudo chmod 750 /etc/gitea</code></li> |
448 | <li>Run <code>sudo chmod 640 /etc/gitea/app.ini</code></li> |
449 | </ol> |
450 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/install-from-binary/#create-required-directory-structure">Create required directory structure</a> section.</p> |
451 | <h4 id="setting-up-fail2ban">Setting up fail2ban</h4> |
452 | <p>fail2ban protects your server against repeated attacks if you have a publicly-facing authentication system, such as a sign-in page or a register page.</p> |
453 | <p>In this guide, although we will be disabling the registration page, there will still be a sign-in page that we need to protect.</p> |
454 | <h5 id="to-setup-fail2ban">To setup fail2ban</h5> |
455 | <ol type="1"> |
456 | <li><p>Add the following to <code>/etc/fail2ban/filter.d/gitea.conf</code> as root:</p> |
457 | <pre><code> [Definition] |
458 | failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST> |
459 | ignoreregex =</code></pre></li> |
460 | <li><p>Add the following to <code>/etc/fail2ban/jail.d/gitea.conf</code> as root:</p> |
461 | <pre><code> [gitea] |
462 | enabled = true |
463 | filter = gitea |
464 | logpath = /var/lib/gitea/log/gitea.log |
465 | maxretry = 10 |
466 | findtime = 3600 |
467 | bantime = 900 |
468 | action = iptables-allports</code></pre></li> |
469 | <li><p>Run <code>touch /var/lib/gitea/log/gitea.log</code> as root</p></li> |
470 | <li><p>Run <code>systemctl restart fail2ban</code></p></li> |
471 | </ol> |
472 | <p><strong>Source</strong>: Gitea’s <a href="https://docs.gitea.io/en-us/fail2ban-setup/">Fail2ban setup to block users after failed login attempts</a> page.</p> |
473 | <h3 id="tweaking-gitea">Tweaking Gitea</h3> |
474 | <p>Gitea provides an <code>app.ini</code> file that allows you to modify Gitea to your liking.</p> |
475 | <p>This section consists of the following topics:</p> |
476 | <ul> |
477 | <li><a href="#disabling-registrations">Disabling registrations</a></li> |
478 | <li><a href="#changing-the-default-branch-name">Changing the default branch name</a></li> |
479 | <li><a href="#setting-up-garbage-collection">Setting up garbage collection</a></li> |
480 | </ul> |
481 | <h4 id="disabling-registrations">Disabling registrations</h4> |
482 | <p>After you created the first user, you can disable registrations to prevent unknown users from registering on your Gitea.</p> |
483 | <aside class="border"> |
484 | <p> |
485 | <strong>Note</strong>: If you wish to add a user in the future, you can use Gitea’s built-in “Create User Account” button found in “Site Administration” > “User Accounts”. |
486 | </p> |
487 | </aside> |
488 | <h5 id="to-disable-registrations">To disable registrations</h5> |
489 | <ol type="1"> |
490 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
491 | <li>Find the <code>[service]</code> section</li> |
492 | <li>Change <code>DISABLE_REGISTRATION</code>’s value to <code>true</code></li> |
493 | </ol> |
494 | <aside class="border"> |
495 | <p> |
496 | <strong>Example</strong>: Your <code>[service]</code> section might look like the one below: |
497 | </p> |
498 | <pre> |
499 | [service] |
500 | REGISTER_EMAIL_CONFIRM = false |
501 | ENABLE_NOTIFY_MAIL = false |
502 | DISABLE_REGISTRATION = true |
503 | ALLOW_ONLY_EXTERNAL_REGISTRATION = false |
504 | ENABLE_CAPTCHA = false |
505 | REQUIRE_SIGNIN_VIEW = false |
506 | DEFAULT_KEEP_EMAIL_PRIVATE = false |
507 | DEFAULT_ALLOW_CREATE_ORGANIZATION = false |
508 | DEFAULT_ENABLE_TIMETRACKING = false |
509 | NO_REPLY_ADDRESS = noreply.localhost |
510 | </pre> |
511 | </aside> |
512 | <h4 id="changing-the-default-branch-name">Changing the default branch name</h4> |
513 | <p>Gitea allows you to set a default branch name when creating new repositories.</p> |
514 | <h5 id="to-change-the-default-branch-name">To change the default branch name</h5> |
515 | <ol type="1"> |
516 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
517 | <li>Find the <code>[repository]</code> section</li> |
518 | <li>Change <code>DEFAULT_BRANCH</code>’s value to <code>main</code></li> |
519 | </ol> |
520 | <aside class="border"> |
521 | <p> |
522 | <strong>Example</strong>: Your <code>[repository]</code> section might look like the one below: |
523 | </p> |
524 | <pre> |
525 | [repository] |
526 | ROOT = /home/git/gitea-repositories |
527 | DEFAULT_BRANCH = main |
528 | </pre> |
529 | </aside> |
530 | <aside class="border"> |
531 | <p> |
532 | <strong>Note</strong>: Other common default branch names could be <code>trunk</code> or <code>default</code> |
533 | </p> |
534 | </aside> |
535 | <h4 id="setting-up-garbage-collection">Setting up garbage collection</h4> |
536 | <p>Setting a garbage collection value will prevent incremental memory consumption over time. Setting this keeps CPU usage at a constant level. Without this set, the CPU usage rises over time.</p> |
537 | <h5 id="to-setup-garbage-collection">To setup garbage collection</h5> |
538 | <ol type="1"> |
539 | <li>Edit <code>/etc/gitea/app.ini</code> as root</li> |
540 | <li>Find the <code>[session]</code> section</li> |
541 | <li>Add <code>GC_INTERVAL_TIME = 86400</code> under <code>PROVIDER = file</code></li> |
542 | </ol> |
543 | <aside class="border"> |
544 | <p> |
545 | <strong>Example</strong>: Your <code>[session]</code> section might look like the one below: |
546 | </p> |
547 | <pre> |
548 | [session] |
549 | PROVIDER = file |
550 | GC_INTERVAL_TIME = 86400 |
551 | </pre> |
552 | </aside> |
553 | </main> |
554 | </body> |
555 | </html> |