目录

本文使用Centos安装gitea

Require

  • go > 1.14
  • make
  • node 12.17 
    # install node on centos
dnf module list nodejs # list node stream
dnf module install nodejs:14 # install node via 14

Install

Download

git clone https://github.com/go-gitea/gitea gitea_source
cd gitea_source
# chose version
git branch -a
git checkout v1.14.2

Build

TAGS="bindata" make build

Test

./gitea web -p 8888

Run as Linux systemd

modify gitea.service

sudo cp contrib/systemd/gitea.service /etc/systemd/system/gitea.service
## modify gitea.service User Group WorkingDirectory ExecStart etc... 
vim /etc/systemd/system/gitea.service

enable service

sudo systemctl enable gitea --now

Conf

app.ini

APP_NAME = Git-68hub.com
RUN_USER = git
RUN_MODE = prod

[oauth2]
JWT_SECRET = xas2S_SECRET

[security]
INTERNAL_TOKEN     = thisis install token
INSTALL_LOCK       = true
SECRET_KEY         = thisis SECRET_KEY
PASSWORD_HASH_ALGO = pbkdf2
LOGIN_REMEMBER_DAYS = 30

[database]
DB_TYPE  = mysql
HOST     = host
NAME     = db_name
USER     = db_user
PASSWD   = db_password
SCHEMA   =
SSL_MODE = disable
CHARSET  = utf8
PATH     = /path/data/gitea.db
LOG_SQL  = false
MAX_IDLE_CONNS = 20
CONN_MAX_LIFETIME = 3s

[repository]
ROOT = /path/data/gitea-repositories

[server]
;PROTOCOL	 = https
SSH_DOMAIN       = xxx.cn
DOMAIN           = xxx.cn
HTTP_PORT        = 3000
ROOT_URL         = https://xxx.cn/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /path/data/data/lfs
LFS_JWT_SECRET   = fz-12-y1-
OFFLINE_MODE     = false
ENABLE_GZIP = true


[service]
ACTIVE_CODE_LIVE_MINUTES 	  = 180
RESET_PASSWD_CODE_LIVE_MINUTES 	  = 120
REGISTER_EMAIL_CONFIRM            = true
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = true
CAPTCHA_TYPE			  = image
SHOW_REGISTRATION_BUTTION 	  = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = true
REQUIRE_SIGNIN_VIEW               = false
SHOW_REGISTRATION_BUTTON 	  = false
DEFAULT_KEEP_EMAIL_PRIVATE        = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  =

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true

[ui]
DEFAULT_THEME = arc-green
THEMES =gitea,arc-green


[session]
PROVIDER = redis
GC_INTERVAL_TIME=86400
PROVIDER_CONFIG = network=tcp,addr=:63798,password=1,db=0,pool_size=50,idle_timeout=180

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /path/data/log
ROUTER    = ,

[log.file]
LOG_ROTATE = true
MAX_SIZE_SHIFT = 28
DAILY_ROTATE = true
MAX_DAYS = 15
COMPRESS = true
COMPRESSION_LEVEL = -1


[cache]
ENABLED = true
ADAPTER = redis
INTERVAL = 3600
HOST = network=tcp,addr=:63798,password=2,db=8,pool_size=100,idle_timeout=180
ITEM_TTL = 24h

[other]
SHOW_FOOTER_BRANDING = false
SHOW_FOOTER_VERSION = false

Nginx Config

如果使用https 可以参考使用acme.sh脚本部署HTTPS证书至nginx

server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/xxx.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/xxx.cn.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/xxx.cn.crt;
  server_name xxx.cn;
  access_log /data/wwwlogs/xxx.cn_nginx.log combined;
  index index.html index.htm index.php;
  root /data/wwwroot/xxx.cn;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  include /usr/local/nginx/conf/vhost/xxx.cn-webroot;
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://localhost:3000;
  }

  #error_page 404 /404.html;
  #error_page 502 /502.html;

  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
    deny all;
  }
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    proxy_pass http://localhost:3000;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    proxy_pass http://localhost:3000;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }

}