Gitea Debain系安装记录。
This commit is contained in:
172
Service/Gitea.txt
Normal file
172
Service/Gitea.txt
Normal file
@@ -0,0 +1,172 @@
|
||||
gitea安装过程【Linux】:
|
||||
1.创建用户
|
||||
# On Ubuntu/Debian:
|
||||
adduser \
|
||||
--system \
|
||||
--shell /bin/bash \
|
||||
--gecos 'Git Version Control' \
|
||||
--group \
|
||||
--disabled-password \
|
||||
--home /home/git \
|
||||
git
|
||||
2.创建工作路径
|
||||
mkdir -p /var/lib/gitea/{custom,data,log}
|
||||
chown -R git:git /var/lib/gitea/
|
||||
chmod -R 750 /var/lib/gitea/
|
||||
mkdir /etc/gitea
|
||||
chown root:git /etc/gitea
|
||||
chmod 770 /etc/gitea
|
||||
3.export GITEA_WORK_DIR=/var/lib/gitea/配置工作目录,
|
||||
这里我们使用systemd的方式来指定目录。
|
||||
4.cp gitea /usr/local/bin/gitea
|
||||
5.sudo vim /etc/systemd/system/gitea.service
|
||||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=network.target
|
||||
###
|
||||
# Don't forget to add the database service dependencies
|
||||
###
|
||||
#
|
||||
#Wants=mysql.service
|
||||
#After=mysql.service
|
||||
#
|
||||
#Wants=mariadb.service
|
||||
#After=mariadb.service
|
||||
#
|
||||
#Wants=postgresql.service
|
||||
#After=postgresql.service
|
||||
#
|
||||
#Wants=memcached.service
|
||||
#After=memcached.service
|
||||
#
|
||||
#Wants=redis.service
|
||||
#After=redis.service
|
||||
#
|
||||
###
|
||||
# If using socket activation for main http/s
|
||||
###
|
||||
#
|
||||
#After=gitea.main.socket
|
||||
#Requires=gitea.main.socket
|
||||
#
|
||||
###
|
||||
# (You can also provide gitea an http fallback and/or ssh socket too)
|
||||
#
|
||||
# An example of /etc/systemd/system/gitea.main.socket
|
||||
###
|
||||
##
|
||||
## [Unit]
|
||||
## Description=Gitea Web Socket
|
||||
## PartOf=gitea.service
|
||||
##
|
||||
## [Socket]
|
||||
## Service=gitea.service
|
||||
## ListenStream=<some_port>
|
||||
## NoDelay=true
|
||||
##
|
||||
## [Install]
|
||||
## WantedBy=sockets.target
|
||||
##
|
||||
###
|
||||
|
||||
[Service]
|
||||
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
|
||||
# LimitNOFILE=524288:524288
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=git
|
||||
Group=git
|
||||
WorkingDirectory=/var/lib/gitea/
|
||||
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
|
||||
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
|
||||
#RuntimeDirectory=gitea
|
||||
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
|
||||
Restart=always
|
||||
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
||||
# If you install Git to directory prefix other than default PATH (which happens
|
||||
# for example if you install other versions of Git side-to-side with
|
||||
# distribution version), uncomment below line and add that prefix to PATH
|
||||
# Don't forget to place git-lfs binary on the PATH below if you want to enable
|
||||
# Git LFS support
|
||||
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
# If you want to bind Gitea to a port below 1024, uncomment
|
||||
# the two values below, or use socket activation to pass Gitea its ports as above
|
||||
###
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
###
|
||||
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
||||
# set the following value to false to allow capabilities to be applied on gitea process. The following
|
||||
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
|
||||
# in the host user namespace.
|
||||
###
|
||||
#PrivateUsers=false
|
||||
###
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
6.
|
||||
sudo systemctl enable gitea
|
||||
sudo systemctl start gitea
|
||||
|
||||
7(1).直接将gitea绑定到80端口(可选)
|
||||
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/gitea
|
||||
sudo:获取root权限执行
|
||||
setcap:Linux能力(Capability)管理工具
|
||||
cap_net_bind_service=+ep:
|
||||
cap_net_bind_service:具体的能力名称
|
||||
+:添加能力
|
||||
e:Effective(立即生效)
|
||||
p:Permitted(允许继承)
|
||||
/usr/local/bin/gitea:目标可执行文件路径
|
||||
【因为】Linux默认:只有root用户能绑定1024以下的特权端口(如80/443)
|
||||
普通服务(如Gitea)若需特权端口,必须:以root身份运行(安全隐患大)
|
||||
|
||||
或使用端口转发(额外配置)
|
||||
7(2).sudo apt install nginx
|
||||
创建 Nginx 配置文件(如/etc/nginx/conf.d/gitea.conf)
|
||||
# HTTP 重定向到 HTTPS
|
||||
server {
|
||||
listen 80;
|
||||
server_name www.sinxmiao.cn;
|
||||
|
||||
# 强制重定向到 HTTPS
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# HTTPS 主配置
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name www.sinxmiao.cn;
|
||||
|
||||
# SSL 证书路径 - 您需要根据实际路径修改
|
||||
ssl_certificate /etc/ssl/certs/www.sinxmiao.cn_public.crt;
|
||||
ssl_certificate_key /etc/ssl/certs/www.sinxmiao.cn.key;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
|
||||
# 传递必要的请求头
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
|
||||
# WebSocket 支持(用于实时功能)
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
# 超时设置
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
}
|
||||
# 日志配置
|
||||
access_log /var/log/nginx/gitea_access.log;
|
||||
error_log /var/log/nginx/gitea_error.log;
|
||||
}
|
||||
8.关闭注册。sudo vim /etc/gitea/app.ini
|
||||
DISABLE_REGISTRATION = true
|
||||
sudo systemctl restart gitea
|
||||
Reference in New Issue
Block a user