books/book-git-commands
books
/
book-git-commands
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Add Gitea installation and upgrade instructions

This commit is contained in:
James Skemp 2022-09-21 17:08:25 -05:00
parent c48fb32792
commit d1660f0376
1 changed files with 187 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

187
src/hosting/gitea.md
View File

@ -17,3 +17,190 @@ The following is example configuration for a low-cost Vultr instance that can ea
- [Referral link](https://www.vultr.com/?ref=9110044)
- Non-referral link: [Cloud Compute](https://www.vultr.com/products/cloud-compute/)
### Initial setups
1. Create a new non-root user
- `adduser <new-user>`
- `usermod -aG sudo <new-user>`
- `exit`
2. Initial updates
1. `sudo apt update`
2. `sudo apt upgrade` if needed (wasn't required)
3. `sudo apt autoremove` to remove ~310 MB of packages
3. Install required packages
1. `sudo apt install postgresql` (version 13)
2. `sudo apt install git` (version 2.30.2)
3. `sudo systemctl start postgresql`
4. `sudo systemctl enable postgresql`
5. `sudo systemctl status postgresql`
### PostgreSQL Setup
1. `sudo vim /etc/postgresql/13/main/postgresql.conf`
- Under Connections and Authentication, update `password_encryption` from `md5` to `scram-sha-256` and uncomment.
2. `sudo vim /etc/postgresql/13/main/pg_hba.conf`
- Update all `md5` instances to `scram-sha-256`.
3. `sudo service postgresql restart` (restart service / reload config)
4. `sudo -i -u postgres`
5. `psql`
6. `CREATE ROLE gitea WITH LOGIN PASSWORD 'TODO-SET-PASSWORD';`
- Alter it: `ALTER ROLE gitea WITH PASSWORD 'TODO-SET-NEW-PASSWORD';`
7. `CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';`
8. `quit` (psql)
9. `exit` (postgres user)
10. `sudo vim /etc/postgresql/13/main/pg_hba.conf`
- Add a new line with `local giteadb gitea scram-sha-256` for local access.
11. `sudo service postgresql restart`
12. `psql -U gitea -d giteadb` to verify access.
### Install Gitea (1.16.8 at the time of writing)
1. `uname -mrs` to confirm amd64.
2. Get link from https://dl.gitea.io/gitea/
- https://dl.gitea.io/gitea/1.16.8/gitea-1.16.8-linux-amd64
3. `wget -O gitea https://dl.gitea.io/gitea/1.16.8/gitea-1.16.8-linux-amd64`
4. `chmod +x gitea`
5. `sudo mv gitea /usr/local/bin/gitea`
6. `sudo adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git`
7. Setup directory structure:
- `sudo mkdir -p /var/lib/gitea/{custom,data,log}`
- `sudo chown -R git:git /var/lib/gitea/`
- `sudo chmod -R 750 /var/lib/gitea/`
- `sudo mkdir /etc/gitea`
- `sudo chown root:git /etc/gitea`
- `sudo chmod 770 /etc/gitea`
8. `sudo wget https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service -P /etc/systemd/system/`
9. `sudo nano /etc/systemd/system/gitea.service`
- Uncomment `Wants=postgresql.service` and `After=postgresql.service` lines.
10. `sudo systemctl daemon-reload`
11. `sudo systemctl enable --now gitea`
12. `sudo systemctl status gitea`
13. `sudo ufw allow 3000/tcp`
### Configure Gitea
1. http://<ip>:3000
2. Select PostgreSQL as Database Type
3. Set Password.
4. Change Database Name to giteadb
5. Update Gitea Base URL to http://<ip>:3000/
6. Create a new administrator account.
7. Once setup, logout and log back in with new account.
8. `sudo vim /etc/gitea/app.ini` if you want to update after the fact.
### Lockdown Gitea
This locks down Gitea so that only signed in users can access the site, and registration isn't available.
1. `sudo vim /etc/gitea/app.ini`
2. `[service]`
- DISABLE_REGISTRATION = true
- REQUIRE_SIGNIN_VIEW = true
3. `sudo service gitea restart`
4. `sudo chmod 750 /etc/gitea`
5. `sudo chmod 640 /etc/gitea/app.ini`
### Nginx
1. Setup a new (sub)domain to point to the server.
2. Should be able to access http://<domain>:3000.
3. `sudo apt install nginx`
4. `sudo ufw allow 'Nginx HTTP'`
5. `sudo ufw status`
6. `systemctl status nginx`
7. `sudo nano /etc/nginx/nginx.conf`
```
server {
listen 80;
server_name git.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
8. `sudo nginx -t` to verify configuration changes
9. `sudo systemctl restart nginx`
10. Custom domain, port 80, should now work.
## Certbot / SSL
1. `sudo apt install certbot python3-certbot-nginx`
2. `sudo ufw allow 'Nginx Full'`
3. `sudo ufw delete allow 'Nginx HTTP'`
4. `sudo ufw status`
5. `sudo certbot --nginx -d git.ebacher-skemp.com` (or whatever custom domain was setup)
6. `sudo systemctl status certbot.timer` (verify Certbot will run again automatically)
7. `sudo certbot renew --dry-run` (fake a cert renewal to make sure it picks it up)
8. https://<custom-domain> should work for Gitea access, and http should redirect
9. `sudo nano /etc/gitea/app.ini`
- Update server > ROOT_URL
- Also needed to add a repository > DEFAULT_BRANCH = main
10. `sudo service gitea restart`
11. `sudo ufw delete allow 3000/tcp` (no longer allow external access via 3000)
### Other Customizations
- In my.vultr.com, add the following tags to the server instance (so I know core functionality):
- gitea
- postgresql
- nginx
- certbot
- `sudo apt install htop` (prettier top)
- `sudo vim /etc/gitea/app.ini`
- repository > ENABLE_PUSH_CREATE_USER = true
- repository > ENABLE_PUSH_CREATE_ORG = true
- `sudo nano /etc/nginx/nginx.conf`
- Add `client_max_body_size 100M;` to gitea server section (to allow for larger files)
- `sudo nginx -t`
- `sudo systemctl restart nginx`
### Update Gitea
See https://docs.gitea.io/en-us/install-from-binary/#updating-to-a-new-version for more information.
#### Create a backup
1. `sudo systemctl stop gitea`
2. `sudo su - git`
3. `gitea dump -c /etc/gitea/app.ini -w /var/lib/gitea -t /tmp`
4. `ls -l --block-size=M`
5. `exit`
#### Update 1.16.8 to 1.16.9
1. `VERSION=1.16.9`
2. `sudo wget -O gitea https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64`
3. `sudo systemctl status gitea`
- Stop if needed/didn't backup.
4. `sudo mv gitea /usr/local/bin/gitea`
5. `sudo chmod +x /usr/local/bin/gitea`
6. `sudo systemctl restart gitea`
7. `sudo systemctl status gitea`
8. After some period of time, delete the backup file.
#### Updating 1.16.9 to 1.17.1
1. `sudo systemctl stop gitea`
2. `sudo su - git`
3. `gitea dump -c /etc/gitea/app.ini -w /var/lib/gitea -t /tmp`
4. `ls -l --block-size=M`
- `rm <old-backup-file>`
5. `exit`
6. `VERSION=1.17.1`
7. `sudo wget -O gitea https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64`
8. `sudo systemctl status gitea`
9. `sudo mv gitea /usr/local/bin/gitea`
10. `sudo chmod +x /usr/local/bin/gitea`
11. `sudo systemctl restart gitea`
12. `sudo systemctl status gitea`
13. After some period of time, delete the backup file.
#### Updating 1.17.1 to 1.17.2
1. `sudo systemctl stop gitea`
2. `sudo su - git`
3. `gitea dump -c /etc/gitea/app.ini -w /var/lib/gitea -t /tmp`
4. `ls -l --block-size=M`
- `rm <old-backup-file>`
5. `exit`
6. `VERSION=1.17.2`
7. `sudo wget -O gitea https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64`
8. `sudo systemctl status gitea`
- Should be inactive/dead.
9. `sudo mv gitea /usr/local/bin/gitea`
10. `sudo chmod +x /usr/local/bin/gitea`
11. `sudo systemctl restart gitea`
12. `sudo systemctl status gitea`
- Should be active (running).
13. After some period of time, delete the backup file.