172 lines
5.0 KiB
Plaintext
172 lines
5.0 KiB
Plaintext
gitea安装过程【Linux】:
|
|
1.创建用户
|
|
# On Ubuntu/Debian:
|
|
adduser \
|
|
--system \
|
|
--shell /bin/bash \
|
|
--gecos 'Git Version Control' \
|
|
--group \
|
|
--disabled-password \
|
|
--home /home/git \
|
|
git
|
|
2.创建工作路径
|
|
mkdir -p /var/lib/gitea/{custom,data,log}
|
|
chown -R git:git /var/lib/gitea/
|
|
chmod -R 750 /var/lib/gitea/
|
|
mkdir /etc/gitea
|
|
chown root:git /etc/gitea
|
|
chmod 770 /etc/gitea
|
|
3.export GITEA_WORK_DIR=/var/lib/gitea/配置工作目录,
|
|
这里我们使用systemd的方式来指定目录。
|
|
4.cp gitea /usr/local/bin/gitea
|
|
5.sudo vim /etc/systemd/system/gitea.service
|
|
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=network.target
|
|
###
|
|
# Don't forget to add the database service dependencies
|
|
###
|
|
#
|
|
#Wants=mysql.service
|
|
#After=mysql.service
|
|
#
|
|
#Wants=mariadb.service
|
|
#After=mariadb.service
|
|
#
|
|
#Wants=postgresql.service
|
|
#After=postgresql.service
|
|
#
|
|
#Wants=memcached.service
|
|
#After=memcached.service
|
|
#
|
|
#Wants=redis.service
|
|
#After=redis.service
|
|
#
|
|
###
|
|
# If using socket activation for main http/s
|
|
###
|
|
#
|
|
#After=gitea.main.socket
|
|
#Requires=gitea.main.socket
|
|
#
|
|
###
|
|
# (You can also provide gitea an http fallback and/or ssh socket too)
|
|
#
|
|
# An example of /etc/systemd/system/gitea.main.socket
|
|
###
|
|
##
|
|
## [Unit]
|
|
## Description=Gitea Web Socket
|
|
## PartOf=gitea.service
|
|
##
|
|
## [Socket]
|
|
## Service=gitea.service
|
|
## ListenStream=<some_port>
|
|
## NoDelay=true
|
|
##
|
|
## [Install]
|
|
## WantedBy=sockets.target
|
|
##
|
|
###
|
|
|
|
[Service]
|
|
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
|
|
# LimitNOFILE=524288:524288
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=git
|
|
Group=git
|
|
WorkingDirectory=/var/lib/gitea/
|
|
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
|
|
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
|
|
#RuntimeDirectory=gitea
|
|
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
|
|
Restart=always
|
|
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
|
# If you install Git to directory prefix other than default PATH (which happens
|
|
# for example if you install other versions of Git side-to-side with
|
|
# distribution version), uncomment below line and add that prefix to PATH
|
|
# Don't forget to place git-lfs binary on the PATH below if you want to enable
|
|
# Git LFS support
|
|
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
|
# If you want to bind Gitea to a port below 1024, uncomment
|
|
# the two values below, or use socket activation to pass Gitea its ports as above
|
|
###
|
|
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
###
|
|
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
|
# set the following value to false to allow capabilities to be applied on gitea process. The following
|
|
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
|
|
# in the host user namespace.
|
|
###
|
|
#PrivateUsers=false
|
|
###
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
6.
|
|
sudo systemctl enable gitea
|
|
sudo systemctl start gitea
|
|
|
|
7(1).直接将gitea绑定到80端口(可选)
|
|
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/gitea
|
|
sudo:获取root权限执行
|
|
setcap:Linux能力(Capability)管理工具
|
|
cap_net_bind_service=+ep:
|
|
cap_net_bind_service:具体的能力名称
|
|
+:添加能力
|
|
e:Effective(立即生效)
|
|
p:Permitted(允许继承)
|
|
/usr/local/bin/gitea:目标可执行文件路径
|
|
【因为】Linux默认:只有root用户能绑定1024以下的特权端口(如80/443)
|
|
普通服务(如Gitea)若需特权端口,必须:以root身份运行(安全隐患大)
|
|
|
|
或使用端口转发(额外配置)
|
|
7(2).sudo apt install nginx
|
|
创建 Nginx 配置文件(如/etc/nginx/conf.d/gitea.conf)
|
|
# HTTP 重定向到 HTTPS
|
|
server {
|
|
listen 80;
|
|
server_name www.sinxmiao.cn;
|
|
|
|
# 强制重定向到 HTTPS
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
# HTTPS 主配置
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name www.sinxmiao.cn;
|
|
|
|
# SSL 证书路径 - 您需要根据实际路径修改
|
|
ssl_certificate /etc/ssl/certs/www.sinxmiao.cn_public.crt;
|
|
ssl_certificate_key /etc/ssl/certs/www.sinxmiao.cn.key;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
# 传递必要的请求头
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
|
|
# WebSocket 支持(用于实时功能)
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
# 超时设置
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
proxy_read_timeout 60s;
|
|
}
|
|
# 日志配置
|
|
access_log /var/log/nginx/gitea_access.log;
|
|
error_log /var/log/nginx/gitea_error.log;
|
|
}
|
|
8.关闭注册。sudo vim /etc/gitea/app.ini
|
|
DISABLE_REGISTRATION = true
|
|
sudo systemctl restart gitea |