# Installing gitlab on your local ssh with SSH This guide showcases my experience with installing gitea within a docker compose. ## Step 1: The traefik service If you use rootful podman, make sure that the container has access to a few DNS servers. (configure it in the corresponding DNS provider.) If you use podman, make sure to map the corresponding podman socket into the container, instead of "/var/run/docker.sock". Otherwise you should not change the config. ```yaml services: traefik: image: traefik:latest container_name: traefik command: - --providers.docker=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.letsencrypt.acme.httpchallenge=true - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web - --certificatesresolvers.letsencrypt.acme.email= - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json restart: unless-stopped ports: - "80:80" - "443:443" volumes: - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:rw networks: - traefik-net - proxy dns: - 1.1.1.1 ``` ## Step 2: The gitea service You should add the script "/usr/local/bin/gitea-ssh.sh". ```bash #!/bin/sh exec /usr/bin/docker exec -e SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" --user git -i gitea /usr/local/bin/gitea $@ ``` Otherwise you can simply change `GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE` option to include the docker command. If you would use rootful podman you should also add the `-c` parameter and corresponding value for specifiying the connection. As you can see command uses the git user. It is necessary to set the "USER_UID" and "USER_GID" to the ones of your git local git user/group. That is because the "authorized_keys" file is mapped into a directory which does outside of the container and is used for external ssh connections. In theory you could use another user for ssh, but I don't know how that would translate into another gitea config. For the ssh config you would simply replace the user in the snippet below. Add the following config snippet to your sshd config. It can be in a separate file or at the end of your "sshd_config" file. ```sshd Match User git AllowTcpForwarding no PermitTTY yes X11Forwarding no PasswordAuthentication no AuthorizedKeysFile /srv/gitea/git/.ssh/authorized_keys ``` For the database you can use any database inside the docker compose file you just have to specify the options "host", "name", "user" and "type". To change the domain, you have to add under "gitea.rule" the domain. ```yaml gitea: image: gitea/gitea:1.22 container_name: gitea restart: unless-stopped environment: USER_UID: 999 USER_GID: 989 GITEA__server__DOMAIN: gitea.${DOMAIN} GITEA__server__ROOT_URL: https://gitea.${DOMAIN}/ GITEA__server__PROTOCOL: http GITEA__server__SSH_AUTHORIZED_KEYS_FILE: /git/.ssh/authorized_keys GITEA__server__SSH_DOMAIN: gitea.${DOMAIN} GITEA__server__SSH_LISTEN_PORT: 2223 GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: /usr/local/bin/gitea-ssh.sh --config={{.CustomConf}} serv key-{{.Key.ID}} GITEA__server__START_SSH_SERVER: "false" GITEA__security__INSTALL_LOCK: "true" GITEA__database__DB_TYPE: postgres GITEA__database__HOST: db:5432 GITEA__database__NAME: gitea GITEA__database__USER: gitea GITEA__database__PASSWD: NOPE volumes: - gitea-data:/data - /srv/gitea/git/.ssh:/data/git/.ssh labels: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.routers.gitea.tls=true" - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" - "traefik.http.services.gitea.loadbalancer.server.port=3000" networks: - proxy depends_on: - db ``` ## Step 3. Include a postgres database. Simply add this service with the corresponding password. ```yaml db: image: docker.io/library/postgres:14 restart: always environment: - POSTGRES_USER=gitea - POSTGRES_DB=gitea - POSTGRES_PASSWORD=NOPE volumes: - ./postgres:/var/lib/postgresql/data networks: - proxy ```