قالب وردپرس درنا توس
Home / How To / How to install Gitea Code Hosting Platform with HTTPS on CentOS 8

How to install Gitea Code Hosting Platform with HTTPS on CentOS 8



Gitea is a web host for code written in Go. As the name suggests, it is designed to be used with the popular Git source control program, similar to Gitlab and Github. This guide will explain the installation of Gitea on CentOS 8 with a Nginx HTTPS reverse proxy.

Requirements

  • A CentOS 8 system on which you have root privileges.
  • A registered domain name that points to your server. [19659004] The environment variable $ EDITOR should be set to your text editor.
  • Access to an SMTP server for e-mail messages (optional).

Make sure your (sub) domain points to the IPv4 address of your server with a Entry . Optionally, create a AAAA record that points to the server's IPv6 address.

NOTE: This guide assumes that SELinux is set to either disabled or allowed.

Step 1
: Prepare the system

Start by installing available updates and restart:

  dnf update -y
reboot

This program requires several software components:

  • Git, a Gitea dependency.
  • PostgreSQL, since Gitea requires a database.
  • Nginx, which will be used as a reverse proxy. [19659004] Sudo, to run commands as postgres system users.
  • Wget
  • Certbot, a tool for obtaining Let & # 39; s Encrypt SSL certificate. Certbot will be installed separately as it is not available in CentOS software stores.

Install them as follows:

  dnf install -y git postgresql postgresql server nginx sudo wget

Certbot-auto is a script that handles certbot's installation. Download it:

  wget https://dl.eff.org/certbot-auto -O / usr / local / bin / certbot-auto

Make sure the correct permissions are set:

  chmod 0755 / usr / local / bin / certbot-auto

Run the following to install certbot. You are prompted by the package manager to confirm the installation of dependencies, answer & # 39; y & # 39 ;.

  certbot-auto - install-only

Then create a user to run Gitea:

  useradd - system - shell / bin / bash - create-home - home-dir / home / gitea gitea

Then create the directory structure for Gitea:

  mkdir -p / var / lib / gitea / {data, log} / etc / gitea / run / gitea

And set ownership and permissions as follows:

  chown -R gitea: gitea / var / lib / gitea
chown -R gitea: gitea / var / run / gitea
chown -R root: gitea / etc / gitea
chmod-R 750 / var / lib / gitea
chmod 770 / etc / gitea

The permissions for / etc / gitea are temporary and will be sharpened after installing the web installer.

Permanently enable traffic to ports 80 and 443:

  firewall-cmd --add-port 80 / tcp --add-port 443 / tcp --permanent
firewall cmd - reload

Access to port 3000 is only temporarily required for the first installation because we configure gitea to use a Unix socket instead.

  firewall-cmd --add-port 3000 / tcp 

Step 2: Database Setup [19659010] Initiate Postgres:

  postgresql-setup --initdb --unit postgresql

Make sure it is enabled and running:

  systemctl enable - now postgresql.service

Login to Postgres:

  sudo -u postgres psql

Then create a user role and database to use by Gitea:

  postgres = # CREATE ROLE gitea LOGIN ENCRYPTED PASSWORD & # 39; your_password & # 39 ;;
postgres = # CREATE DATABASE gitea;
postgres = # GIVE ALL PRIVILEGES ON DATABASE gitea TO gitea;
postgres = #  q

Open Postgres Client Authentication Configuration File:

  $ EDITOR /var/lib/pgsql/data/pg_hba.conf

Add the following line immediately after # IPv4 local connections :

  # IPv4 local connections:
host gitea gitea 127.0.0.1/32 md5

Save file and restart Postgres:

  systemctl restart postgresql.service 

Step 3: Install Gitea

Download linux-amd64 binary version of Gitea from Gitea's download page. For example:

  wget https://dl.gitea.io/gitea/master/gitea-master-linux-amd64 -O / usr / local / bin / gitea

Set the correct permissions on the downloaded binary:

  chmod 755 / usr / local / bin / gitea

Then create a systemd device file:

  $ EDITOR /etc/systemd/system/gitea.service

And enter the following:

  [Unit]
Description = Gitea (Git with a cup of tea)
After = syslog.target
After = network.target
Requires = postgresql.service
[Service]
Type = simple
User = gitea
The group = gitea
WorkingDirectory = / var / lib / gitea /
RuntimeDirectory = gitea
ExecStart = / usr / local / bin / gitea web -c /etc/gitea/app.ini
Restart = always
Environment = USER = gitea HOME = / home / gitea GITEA_WORK_DIR = / var / lib / gitea
[Install]
WantedBy = multi-user.target

Make sure the new device is charging:

  systemctl daemon-reload

Then instruct systemd to start Gitea at startup:

  systemctl enable gitea.service 

Step 4: Configure Gitea

For the initial configuration, we use the included web installer. First start Gitea:

  systemctl start gitea.service

Then navigate to http: // your_domain: 3000 / install and fill in the required parameters as follows:

  • Data type: PostgreSQL
  • Host: 127.0.0.1:5432 Chapter19659004] Username: gitea
  • Password: Enter the password you chose during Postgres role creation.
  • Database name: gitea
  • SSL: Disable
  • Website title: Title of your choice.
  • Store Root Path: / var / lib / gitea / data / repositories
  • Git LFS Root Path: / var / lib / gitea / data / lfs
  • Run as username: gitea
  • SSH Server Domain: your_domain
  • SSH Server Port: 22
  • Gitea HTTP Listen record: 3000
  • Gitea Base URL: https: // your_domain /
  • Log Path: / var / lib / gitea / log

Configure Email Messages and the remaining settings deemed appropriate, then click "Install Gitea". You will be redirected to an incorrect URL. This is normal since we have not configured Nginx or HTTPS yet. For performance reasons, we will now configure Gitea to listen to a unix socket instead of the standard TCP port.

Stop Gitea before continuing:

  systemctl stop gitea.service

Tighten state on / etc / gitea as shown below. This prevents anyone who is not in the gitea group from reading app.ini that contains sensitive information, including database references.

  chmod 750 / etc / gitea
chown root: gitea /etc/gitea/app.ini
chmod 640 /etc/gitea/app.ini

Open their configuration file:

  $ EDITOR /etc/gitea/app.ini

Remove the following line from the server section:

  HTTP_PORT = 3000

And add the following lines to the server section:

  HTTP_ADDR = /run/gitea/gitea.sock
PROTOCOL = unix
UNIX_SOCKET_PERMISSION = 666 

Step 5: Reverse Proxy Setup

Stop Nginx if running so that certbot can listen on port 80:

  systemctl stop nginx.service

Use the following command to obtain a certificate for your domain:

  certbot-auto certonly - standalone --agree-tos -m [email protected] -d your_domain

Let & # 39; s Encrypt will verify domain owners before the certificate is issued. Your certificate, chain and private key will be stored in / etc / letsencrypt / live / your_domain / .

We can now configure Nginx. Create a new configuration file:

  $ EDITOR /etc/nginx/conf.d/gitea.conf

And enter the following server blocks:

  server {
listen 80;
listen [::]: 80;
server_name your_domain;
return 301 https: // $ server_name $ request_uri;
access_log /var/log/nginx/gitea-proxy_access.log;
error_log /var/log/nginx/gitea-proxy_error.log;
}
server {
listen 443 ssl;
listen [::]: 443 ssl;
server_name your_domain;
ssl på;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
location / {
proxy_pass http: // unix: /var/run/gitea/gitea.sock;
}
access_log /var/log/nginx/gitea-proxy_access.log;
error_log /var/log/nginx/gitea-proxy_error.log;
} 

The first server block simply serves to redirect all HTTP requests to HTTPS. The second block listens to HTTPS connections and adds them to the Unix socket that we have configured Gitea to listen to.

After saving the above configuration, check for any syntax errors and edit your configuration if needed:

  nginx -t

Finally, start Nginx and Gitea:

  systemctl start nginx.service gitea.service

Your Gitea instance should now be run. Access it at https: // your_domain

Optional Step

Logging Configuration

By default, Gitea's log messages with severity level log information and higher. You will probably change it to Warn or Error . To do so, open /etc/gitea/app.ini and change the parameter LEVEL in section [log] to one of: tracking, troubleshooting, info, warning, error, critical , deadly, nobody. To log messages with severity Warn and later use:

  [log]
MODE = file
LEVEL = warn
ROOT_PATH = / var / lib / gitea / log

Restart Gitea for the changes to take effect:

  systemctl restart gitea.service

Separate SSH server

Alternatively, Gitea can use its own SSH server. To enable it, add the following line to the configuration section [server] :

  START_SSH_SERVER = true

And change the SSH port to any number above 1024, for example:

  SSH_PORT = 2222

Then restart Gitea to apply the changes and enable traffic to the selected port:

  firewall-cmd --add-port 2222 / tcp --permanent
firewall cmd - reload

Source link