rto/docker-gitea-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e8e6f97435
docker-gitea-config/guide.md
rto e8e6f97435 Adding gitea config guide.
2026-03-15 13:34:22 +01:00

133 lines
4.3 KiB
Markdown
Raw Blame History

# Installing gitlab on your local ssh with SSH
This guide showcases my experience with installing gitea
within a docker compose.
## Step 1: The traefik service
If you use rootful podman, make sure that the container has access to a few
DNS servers. (configure it in the corresponding DNS provider.)
If you use podman, make sure to map the corresponding podman socket into the
container, instead of "/var/run/docker.sock".
Otherwise you should not change the config.
```yaml
services:
traefik:
image: traefik:latest
container_name: traefik
command:
- --providers.docker=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=<your-email>
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:rw
networks:
- traefik-net
- proxy
dns:
- 1.1.1.1
```
## Step 2: The gitea service
You should add the script "/usr/local/bin/gitea-ssh.sh".
```bash
#!/bin/sh
exec /usr/bin/docker exec -e SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" --user git -i gitea
/usr/local/bin/gitea $@
```
Otherwise you can simply change
`GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE` option to include the
docker command. If you would use rootful podman you should also add the `-c`
parameter and corresponding value for specifiying the connection.
As you can see command uses the git user.
It is necessary to set the "USER_UID" and "USER_GID" to the ones of your git
local git user/group. That is because the "authorized_keys" file is mapped into
a directory which does outside of the container and is used for external ssh
connections.
In theory you could use another user for ssh, but I don't know how that would
translate into another gitea config. For the ssh config you would simply replace
the user in the snippet below.
Add the following config snippet to your sshd config. It can be in a separate
file or at the end of your "sshd_config" file.
```sshd
Match User git
AllowTcpForwarding no
PermitTTY yes
X11Forwarding no
PasswordAuthentication no
AuthorizedKeysFile /srv/gitea/git/.ssh/authorized_keys
```
For the database you can use any database inside the docker compose
file you just have to specify the options "host", "name", "user" and "type".
To change the domain, you have to add under "gitea.rule" the domain.
```yaml
gitea:
image: gitea/gitea:1.22
container_name: gitea
restart: unless-stopped
environment:
USER_UID: 999
USER_GID: 989
GITEA__server__DOMAIN: gitea.${DOMAIN}
GITEA__server__ROOT_URL: https://gitea.${DOMAIN}/
GITEA__server__PROTOCOL: http
GITEA__server__SSH_AUTHORIZED_KEYS_FILE: /git/.ssh/authorized_keys
GITEA__server__SSH_DOMAIN: gitea.${DOMAIN}
GITEA__server__SSH_LISTEN_PORT: 2223
GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: /usr/local/bin/gitea-ssh.sh --config={{.CustomConf}} serv key-{{.Key.ID}}
GITEA__server__START_SSH_SERVER: "false"
GITEA__security__INSTALL_LOCK: "true"
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: db:5432
GITEA__database__NAME: gitea
GITEA__database__USER: gitea
GITEA__database__PASSWD: NOPE
volumes:
- gitea-data:/data
- /srv/gitea/git/.ssh:/data/git/.ssh
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
networks:
- proxy
depends_on:
- db
```
## Step 3. Include a postgres database.
Simply add this service with the corresponding password.
```yaml
db:
image: docker.io/library/postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_DB=gitea
- POSTGRES_PASSWORD=NOPE
volumes:
- ./postgres:/var/lib/postgresql/data
networks:
- proxy
```
Reference in New Issue View Git Blame Copy Permalink