Add git user, secure ssh, setup sudoers
- Switch host ssh port to 222 to allow Gitea to offer port 22.
ssh root@<host>
groupadd -r -g 1001 git && useradd -r -u 1001 -g 1001 -m -s /bin/bash git
nano -cw /etc/ssh/sshd_config
Port 222
PermitRootLogin prohibit-password
PasswordAuthentication no
systemctl restart ssh
exit
ssh -p 222 root@<host>
mkdir /home/git/.ssh
chown git.git /home/git/.ssh
chown -R 700 /home/git/.ssh
cp /root/.ssh/authorized_keys /home/git/.ssh
chown git.git /home/git/.ssh/authorized_keys
chmod 644 /home/git/.ssh/authorized_keys
echo "%git ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/git
chmod 0440 /etc/sudoers.d/git
exit
Install docker/docker-compose
ssh -p 222 git@<host>
sudo su -
apt-get update
apt-get upgrade
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt-cache policy docker-ce
apt install docker-ce
systemctl status docker
wget -O /usr/bin/docker-compose https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-x86_64
chmod +x /usr/bin/docker-compose
exit
sudo docker ps -a
sudo docker-compose ls
Write compose file
sudo su -
mkdir -p /opt/containers/gitea/data /opt/containers/compose/gitea
chown -R git.git /opt/containers/gitea/data
chmod 775 /opt/containers/gitea/data
nano -cw /opt/containers/compose/gitea/docker-compose.yaml
Custom ENV vars to ensure instant deployment and ACME ssl
- INSTALL_LOCK is used to bypass the install screen, as most env vars are populated there should be no need to run manual setup.
nano -cw /opt/containers/compose/gitea/docker-compose.yaml
version: "3.9"
networks:
gitea:
name: gitea
driver: bridge
driver_opts:
parent: eth0
ipam:
config:
- subnet: 172.16.10.0/24
ip_range: 172.16.10.0/24
gateway: 172.16.10.1
services:
server:
image: gitea/gitea:1.20.3
container_name: gitea
environment:
- USER_UID=1001
- USER_GID=1001
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__SHOW_REGISTRATION_BUTTON=false
- GITEA__service__ENABLE_USER_HEATMAP=false
- GITEA__service__ENABLE_TIMETRACKING=false
- GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE=false
- GITEA__picture__DISABLE_GRAVATAR=true
- GITEA__server__LANDING_PAGE=explore
- GITEA__openid__ENABLE_OPENID_SIGNIN=false
- GITEA__ui__SHOW_USER_EMAIL=false
- GITEA__ui__DEFAULT_SHOW_FULL_NAME=false
- GITEA__database__DB_TYPE=sqlite3
- GITEA__mailer__ENABLED=false
- GITEA__time__DEFAULT_UI_LOCATION=Europe/London
- GITEA__security__INSTALL_LOCK=true
- GITEA__server__PROTOCOL=https
- GITEA__server__DOMAIN=static.6.234.217.95.clients.your-server.de
- GITEA__server__ROOT_URL=https://static.6.234.217.95.clients.your-server.de/
- GITEA__server__ENABLE_ACME=true
- GITEA__server__ACME_ACCEPTTOS=true
- GITEA__server__ACME_DIRECTORY=https
- GITEA__server__ACME_EMAIL=toby.n.seed@gmail.com
- GITEA__server__ACME_URL=https://acme-staging-v02.api.letsencrypt.org/directory
restart: unless-stopped
volumes:
- type: bind
source: /opt/containers/gitea/data
target: /data
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
ports:
- "443:3000"
- "22:22"
networks:
gitea:
ipv4_address: 172.16.10.3
Deploy Gitea
cd /opt/containers/compose/gitea
docker-compose up
Enter container to create admin user
user: <user>
email: user@example.com
password: <password>
docker exec -it -u git gitea /bin/bash
cat /data/gitea/conf/app.ini
gitea admin user create --username <user> --email user@example.com --password "<password>" --admin
tseed
e8486eaf60