¶ Gitea Docker
¶ Manually
参考gogs的配置
docker volume create giteadb
docker create --name=giteadb -e MYSQL_ROOT_PASSWORD=12345678 -e MYSQL_DATABASE=gitea -e MYSQL_USER=gitea -e MYSQL_PASSWORD=gitea -p 3306:3306 -v giteadb:/var/lib/mysql --restart=unless-stopped -h giteadb --network=wikinet mysql:latest
docker pull gitea/gitea:latest
docker volume create gitea
docker create --name=gitea -p 10022:22 -p 9000:3000 -v giteadata:/data -h gitea --restart=unless-stopped gitea/gitea
or
docker create --name=gitea -p 10022:22 -p 9000:3000 -v giteadata:/data -e GITEA_CUSTOM=/data/gitea/custom -h gitea --restart=unless-stopped gitea/gitea首次配置与gogs相似的,请参考/home/athand/self-hosted/gogs;
-e GITEA_CUSTOM=/data/gitea/custom
用于定制化主页、页面等,同时需要把/data/gitea/conf/app.ini复制到/data/gitea/custom/conf/app.ini,不然原有的仓库、用户数据将无法感知。
¶ compose.ymal配置
services:
gitea:
container_name: gitea
image: gitea/gitea:latest
restart: unless-stopped
hostname: gitea
ports:
- 29422:22
- 9000:3000
volumes:
- gitea_vol:/data
networks:
- default
environment:
- GITEA_CUSTOM=/data/gitea/custom
depends_on:
- mysql
mysql:
container_name: giteadb
image: mysql:latest
restart: unless-stopped
hostname: mysql
# ports:
# - 3306:3306
volumes:
- mysql_vol:/var/lib/mysql
- gitea_secrets:/opt/crets
networks:
- default
environment:
- MYSQL_DATABASE=gitea
- MYSQL_USER=gitea
- MYSQL_ROOT_PASSWORD_FILE=/opt/crets/mysql_root_password
- MYSQL_PASSWORD_FILE=/opt/crets/mysql_gitea_password
volumes:
gitea_vol:
name: giteadata
external: true
mysql_vol:
name: giteadb
external: true
gitea_secrets:
name: gitea_secrets
external: true
networks:
default:
name: gitea
external: true
¶ gitea vs gogs
- gitea功能更多,社区合入feature更积极
- gitea是从gogs fork出来的,但很多功能与github相似,更适合
- gogs有的功能,gitea也有
- gitea中文支持更好
- 通过试用对比,选择gitea作为个人的代码托管服务
¶ LDAP配置
参考下面对各个字段的配置解释:
https://docs.gitea.com/zh-cn/usage/authentication
¶ Minio存储配置
使用兼容S3的对象存储服务minio,将LFS等数据存储到minio gitea bucket里面
为了安全,我们不直接使用 MINIO_ROOT_USER。我们将创建一个新用户gitea 并授予其仅能访问 gitea bucket的权限
创建一个名为gitea-policy.json 策略文件 ,内容如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::gitea/*",
"arn:aws:s3:::gitea"
]
}
]
}
执行如下命令(在宿主机上运行,替换密码为强密码):
# 复制策略文件到容器
docker cp gitea-policy.json minio-client:/root/
# 在 mc 中创建策略(alias 假设为 minio)
docker exec minio-client mc admin policy create minio gitea-policy /root/gitea-policy.json
# (可选)创建 gitea 存储桶
docker exec minio-client mc mb minio/gitea
# 创建新用户 gitea(替换为强密码)
docker exec minio-client mc admin user add minio gitea "your-strong-password"
# 将 gitea-policy 附加到用户 gitea
docker exec minio-client mc admin policy attach minio gitea-policy --user=gitea
快速校验:
docker exec minio-client mc admin user info minio gitea
docker exec minio-client mc admin policy info minio gitea-policy
docker exec minio-client mc ls minio/gitea注意:your-strong-password替换成你自己的密码token
在gitea app.ini配置的minio生效前,先把local存储的数据同步到minio gitea桶里面,同步方法:
docker cp gitea:/data/git/lfs /tmp/gitea-lfs
docker run --rm -it -v /tmp/gitea-lfs:/data/git/lfs:ro --entrypoint /bin/sh minio/mc:latest -c "mc alias set myminio http://MINIO_HOST:9040 MINIO_ACCESS_KEY_ID MINIO_SECRET_ACCESS_KEY && mc mirror --overwrite /data/git/lfs myminio/gitea/lfs"把 MINIO_HOST、MINIO_ACCESS_KEY_ID、MINIO_SECRET_ACCESS_KEY替换成你的值
¶ References
- gitea Configuration Cheat Sheet
- 使用 Docker 安装
- 使用Gitea代替Github托管代码
