gilles/docker-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docker-configs/linkwarden/data/archives/2/93_readability.json

1 line
35 KiB
JSON
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{"title":"","byline":null,"dir":null,"lang":null,"content":"<div id=\"readability-page-1\" class=\"page\"><div>\n <article>\n <h2>Gitea</h2>\n <p><span><svg>\n \n</svg></span>\n <span>\n Jan 3, 2023</span>\n <span> · 5 min read</span><span>&nbsp;· <a title=\"git\" href=\"https://blog.levassb.ovh/tags/git\">git\n </a><a title=\"docker\" href=\"https://blog.levassb.ovh/tags/docker\">docker\n </a>\n </span>\n <span>&nbsp;·\n \n </span>\n </p>\n\n \n <figure><img data-scale=\"1.1879350348027842\" data-pos=\"1\" loading=\"lazy\" alt=\"Gitea\" src=\"https://blog.levassb.ovh/images/gitea.jpg\"></figure>\n \n <p>Gitea est une forge logicielle GIT écrite en Go dérivée de Gogs.</p>\n<p>Comme souvent, au moment de choisir une solution logicielle, je regarde :</p>\n<ul>\n<li>la couverture fonctionnelle</li>\n<li>la vitalité du projet</li>\n<li>les ressources nécessaires (mon VPS est un peu limité)</li>\n<li>la qualité de la documentation</li>\n</ul>\n<p>Gitea coche toutes ces cases avec une version Docker pour la facilité de maintenance, SQLite pour limiter les ressources (un seul conteneur) et des fonctionnalités à mi-chemin entre un Gitolite un peu trop “roots” et lusine à gaz GitLab.\nLe développement communautaire semble dynamique et la documentation est plutôt bien faite.</p>\n<p>Gitea propose un <a rel=\"noopener\" href=\"https://docs.gitea.io/en-us/comparison/\">comparatif des fonctionnalités</a> avec les principales alternatives.</p>\n<h2 id=\"installation\">Installation</h2>\n<p>Une fois de plus, je vais partir de <a href=\"https://blog.levassb.ovh/post/traefik-new-conf/\">ma plateforme</a> déjà en place avec Traefik pour gérer les accés HTTPS (reverse-proxy) et SSH (routeur TCP) et Docker pour lexécution des conteneurs.\nJe commence par modifier la configuration de Traefik pour ajouter un point dentrée pour les connexions TCP vers le service SSH du conteneur Gitea:</p>\n<ul>\n<li><code>--entrypoints.ssh.address=:2222</code> : pour créer un point dentrée <code>ssh</code> dans Traefik</li>\n<li><code>2222:2222/tcp</code> : pour ouvrir le port 2222 (le port 22 standard est déjà utilisé sur lhôte)</li>\n</ul>\n<div><div><pre tabindex=\"0\"><code data-lang=\"yaml\"><span data-height=\"454px\"><span> <span>1</span></span><span><span><span>version</span></span><span><span>:</span></span><span> </span><span><span>'3'</span></span><span>\n</span></span></span><span><span> <span>2</span></span><span><span></span><span><span>services</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>3</span></span><span><span><span> </span></span><span><span>traefik</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>4</span></span><span><span><span> </span></span><span><span>container_name</span></span><span><span>:</span></span><span> </span><span><span>traefik</span></span><span>\n</span></span></span><span><span> <span>5</span></span><span><span><span> </span></span><span><span>image</span></span><span><span>:</span></span><span> </span><span><span>traefik:v2.9.6</span></span><span>\n</span></span></span><span><span> <span>6</span></span><span><span><span> </span></span><span><span>restart</span></span><span><span>:</span></span><span> </span><span><span>unless-stopped</span></span><span>\n</span></span></span><span><span> <span>7</span></span><span><span><span> </span></span><span><span>command</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>8</span></span><span><span> </span><span>-</span> <span><span>\"--providers.docker=true\"</span></span><span>\n</span></span></span><span><span> <span>9</span></span><span><span> </span><span>-</span> <span><span>\"--providers.docker.exposedbydefault=false\"</span></span><span>\n</span></span></span><span><span><span>10</span></span><span><span> </span><span>-</span> <span><span>\"--providers.file.directory=/etc/traefik/dynamic-conf\"</span></span><span>\n</span></span></span><span><span><span>11</span></span><span><span> </span><span>-</span> <span><span>\"--providers.file.watch=true\"</span></span><span>\n</span></span></span><span><span><span>12</span></span><span><span> </span><span>-</span> <span><span>\"--api.dashboard=true\"</span></span><span>\n</span></span></span><span><span><span>13</span></span><span><span> </span><span>-</span> <span><span>\"--entrypoints.web.address=:80\"</span></span><span>\n</span></span></span><span><span><span>14</span></span><span><span> </span><span>-</span> <span><span>\"--entrypoints.websecure.address=:443\"</span></span><span>\n</span></span></span><span><span><span>15</span></span><span><span> </span><span>-</span> <span><span>\"--entrypoints.ssh.address=:2222\"</span></span><span> \n</span></span></span><span><span><span>16</span></span><span><span> </span><span>-</span> <span><span>\"--entrypoints.web.http.redirections.entrypoint.to=websecure\"</span></span><span>\n</span></span></span><span><span><span>17</span></span><span><span> </span><span>-</span> <span><span>\"--entrypoints.web.http.redirections.entrypoint.scheme=https\"</span></span><span>\n</span></span></span><span><span><span>18</span></span><span><span> </span><span>-</span> <span><span>\"--certificatesResolvers.letsencrypt.acme.email=admin@domaine.tld\"</span></span><span>\n</span></span></span><span><span><span>19</span></span><span><span> </span><span>-</span> <span><span>\"--certificatesResolvers.letsencrypt.acme.storage=acme.json\"</span></span><span>\n</span></span></span><span><span><span>20</span></span><span><span> </span><span>-</span> <span><span>\"--certificatesResolvers.letsencrypt.acme.tlsChallenge=true\"</span></span><span>\n</span></span></span><span><span><span>21</span></span><span><span> </span><span>-</span> <span><span>\"--log=true\"</span></span><span>\n</span></span></span><span><span><span>22</span></span><span><span> </span><span>-</span> <span><span>\"--log.level=INFO\"</span></span><span>\n</span></span></span><span><span><span>23</span></span><span><span> </span><span>-</span> <span><span>\"--log.filepath=/var/log/traefik.log\"</span></span><span>\n</span></span></span><span><span><span>24</span></span><span><span> </span><span>-</span> <span><span>\"--accesslog.filepath=/var/log/traefix-access.log\"</span></span><span>\n</span></span></span><span><span><span>25</span></span><span><span><span> </span></span><span><span>labels</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>26</span></span><span><span> </span><span>-</span> <span><span>\"traefik.enable=true\"</span></span><span>\n</span></span></span><span><span><span>27</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.rule=Host(`traefik.domaine.tld`)\"</span></span><span>\n</span></span></span><span><span><span>28</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.service=api@internal\"</span></span><span>\n</span></span></span><span><span><span>29</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.entrypoints=websecure\"</span></span><span>\n</span></span></span><span><span><span>30</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.middlewares=auth-dashboard\"</span></span><span>\n</span></span></span><span><span><span>31</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.middlewares.auth-dashboard.basicauth.users=admin:#########################\"</span></span><span>\n</span></span></span><span><span><span>32</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.tls=true\"</span></span><span>\n</span></span></span><span><span><span>33</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.dashboard.tls.certresolver=letsencrypt\"</span></span><span>\n</span></span></span><span><span><span>34</span></span><span><span><span> </span></span><span><span>networks</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>35</span></span><span><span> </span><span>-</span> <span><span>traefik_lan</span></span><span>\n</span></span></span><span><span><span>36</span></span><span><span><span> </span></span><span><span>ports</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>37</span></span><span><span> </span><span>-</span> <span><span>80</span></span><span><span>:</span></span><span><span>80</span></span><span>\n</span></span></span><span><span><span>38</span></span><span><span> </span><span>-</span> <span><span>443</span></span><span><span>:</span></span><span><span>443</span></span><span>\n</span></span></span><span><span><span>39</span></span><span><span> </span><span>-</span> <span><span>2222</span></span><span><span>:</span></span><span><span>2222</span></span><span><span>/tcp</span></span><span>\n</span></span></span><span><span><span>40</span></span><span><span><span> </span></span><span><span>volumes</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>41</span></span><span><span> </span><span>-</span> <span><span>/var/run/docker.sock:/var/run/docker.sock:ro</span></span><span>\n</span></span></span><span><span><span>42</span></span><span><span> </span><span>-</span> <span><span>./config/acme.json:/acme.json</span></span><span>\n</span></span></span><span><span><span>43</span></span><span><span> </span><span>-</span> <span><span>./config:/etc/traefik:ro</span></span><span>\n</span></span></span><span><span><span>44</span></span><span><span> </span><span>-</span> <span><span>logs:/var/log/</span></span><span>\n</span></span></span><span><span><span>45</span></span><span><span>\n</span></span></span><span><span><span>46</span></span><span><span></span><span><span>networks</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>47</span></span><span><span><span> </span></span><span><span>traefik_lan</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>48</span></span><span><span><span> </span></span><span><span>external</span></span><span><span>:</span></span><span> </span><span><span>true</span></span><span>\n</span></span></span><span><span><span>49</span></span><span><span>\n</span></span></span><span><span><span>50</span></span><span><span></span><span><span>volumes</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>51</span></span><span><span><span> </span></span><span><span>logs</span></span><span><span>:</span></span><span>\n</span></span></span></code></pre><p>...</p></div><p>yaml</p></div><blockquote>\n<p>Pour les autres paramètres, je vous laisse jeter un coup dœil à mon <a href=\"https://blog.levassb.ovh/post/traefik-new-conf/\">précédent article.</a>.</p>\n</blockquote>\n<p>Je crée un compte local <code>git</code> qui sera utilisé pour lexécution des processus du conteneur Gitea :</p>\n<div><div><pre tabindex=\"0\"><code data-lang=\"bash\"><span><span>1</span><span>$ sudo adduser --system --shell /usr/sbin/nologin --group --disabled-password --home /home/git git\n</span></span><span><span>2</span><span>$ id git\n</span></span><span><span>3</span><span><span>uid</span><span>=</span>110<span>(</span>git<span>)</span> <span>gid</span><span>=</span>118<span>(</span>git<span>)</span> <span>groups</span><span>=</span>118<span>(</span>git<span>)</span>\n</span></span></code></pre></div><p>bash</p></div><blockquote>\n<p>lIUD: 110 et le GID: 118 seront utilisés dans le docker-compose de Gitea</p>\n</blockquote>\n<p>Jajoute un dossier pour contenir le fichier docker-compose de Gitea:</p>\n<div><div><pre tabindex=\"0\"><code data-lang=\"bash\"><span><span>1</span><span>$ sudo mkdir /opt/gitea <span>&amp;&amp;</span> <span><span>cd</span></span> <span><span>\"</span></span><span><span><span>$_</span></span></span><span><span>\"</span></span>\n</span></span><span><span>2</span><span>$ touch docker-compose.yaml\n</span></span></code></pre></div><p>bash</p></div><p>Jédite le fichier <code>docker-compose.yaml</code></p>\n<div><div><pre tabindex=\"0\"><code data-lang=\"yaml\"><span data-height=\"454px\"><span> <span>1</span></span><span><span><span>version</span></span><span><span>:</span></span><span> </span><span><span>'3'</span></span><span>\n</span></span></span><span><span> <span>2</span></span><span><span></span><span><span>services</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>3</span></span><span><span><span> </span></span><span><span>gitea</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>4</span></span><span><span><span> </span></span><span><span>container_name</span></span><span><span>:</span></span><span> </span><span><span>gitea</span></span><span>\n</span></span></span><span><span> <span>5</span></span><span><span><span> </span></span><span><span>image</span></span><span><span>:</span></span><span> </span><span><span>gitea/gitea:1.18.0</span></span><span>\n</span></span></span><span><span> <span>6</span></span><span><span><span> </span></span><span><span>restart</span></span><span><span>:</span></span><span> </span><span><span>unless-stopped</span></span><span>\n</span></span></span><span><span> <span>7</span></span><span><span><span> </span></span><span><span>environment</span></span><span><span>:</span></span><span>\n</span></span></span><span><span> <span>8</span></span><span><span> </span><span>-</span> <span><span>USER_UID=110</span></span><span>\n</span></span></span><span><span> <span>9</span></span><span><span> </span><span>-</span> <span><span>USER_GID=118</span></span><span>\n</span></span></span><span><span><span>10</span></span><span><span> </span><span>-</span> <span><span>RUN_MODE=prod</span></span><span>\n</span></span></span><span><span><span>11</span></span><span><span> </span><span>-</span> <span><span>APP_NAME=\"My</span> <span>forge!\"</span></span><span>\n</span></span></span><span><span><span>12</span></span><span><span> </span><span>-</span> <span><span>GITEA__server__SSH_PORT=2222</span></span><span>\n</span></span></span><span><span><span>13</span></span><span><span> </span><span>-</span> <span><span>GITEA__server__SSH_LISTEN_PORT=22</span></span><span>\n</span></span></span><span><span><span>14</span></span><span><span> </span><span>-</span> <span><span>GITEA__server__HTTP_PORT=3000</span></span><span>\n</span></span></span><span><span><span>15</span></span><span><span> </span><span>-</span> <span><span>GITEA__server__ROOT_URL=https://git.domain.tld</span></span><span>\n</span></span></span><span><span><span>16</span></span><span><span> </span><span>-</span> <span><span>GITEA__database__DB_TYPE=sqlite3</span></span><span>\n</span></span></span><span><span><span>17</span></span><span><span> </span><span>-</span> <span><span>GITEA__service__DISABLE_REGISTRATION=true</span></span><span>\n</span></span></span><span><span><span>18</span></span><span><span> </span><span>-</span> <span><span>GITEA__service__REQUIRE_SIGNIN_VIEW=true</span></span><span>\n</span></span></span><span><span><span>19</span></span><span><span> </span><span>-</span> <span><span>GITEA__service__REGISTER_EMAIL_CONFIRM=true</span> </span><span>\n</span></span></span><span><span><span>20</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__ENABLED=true</span></span><span>\n</span></span></span><span><span><span>21</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__SMTP_ADDR=smtp.domain.tld</span></span><span>\n</span></span></span><span><span><span>22</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__SMTP_PORT=587</span></span><span>\n</span></span></span><span><span><span>23</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__PROTOCOL=smtp+starttls</span></span><span>\n</span></span></span><span><span><span>24</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__USER=admin@domain.tld</span></span><span>\n</span></span></span><span><span><span>25</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__PASSWD=V3ryS3cur3</span></span><span>\n</span></span></span><span><span><span>26</span></span><span><span> </span><span>-</span> <span><span>GITEA__mailer__FROM=noreply-gitea@domain.tld</span></span><span>\n</span></span></span><span><span><span>27</span></span><span><span><span> </span></span><span><span>expose</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>28</span></span><span><span> </span><span>-</span> <span><span>\"3000\"</span></span><span>\n</span></span></span><span><span><span>29</span></span><span><span> </span><span>-</span> <span><span>\"22\"</span></span><span>\n</span></span></span><span><span><span>30</span></span><span><span><span> </span></span><span><span>networks</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>31</span></span><span><span> </span><span>-</span> <span><span>traefik_lan</span></span><span>\n</span></span></span><span><span><span>32</span></span><span><span><span> </span></span><span><span>volumes</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>33</span></span><span><span> </span><span>-</span> <span><span>data:/data</span></span><span>\n</span></span></span><span><span><span>34</span></span><span><span> </span><span>-</span> <span><span>/etc/timezone:/etc/timezone:ro</span></span><span>\n</span></span></span><span><span><span>35</span></span><span><span> </span><span>-</span> <span><span>/etc/localtime:/etc/localtime:ro</span></span><span>\n</span></span></span><span><span><span>36</span></span><span><span><span> </span></span><span><span>labels</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>37</span></span><span><span> </span><span>-</span> <span><span>\"traefik.enable=true\"</span></span><span>\n</span></span></span><span><span><span>38</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.services.gitea.loadbalancer.server.port=3000\"</span></span><span>\n</span></span></span><span><span><span>39</span></span><span><span> </span><span>-</span> <span><span>\"traefik.docker.network=traefik_lan\"</span></span><span>\n</span></span></span><span><span><span>40</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.gitea.rule=Host(`git.domain.tld`)\"</span></span><span>\n</span></span></span><span><span><span>41</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.gitea.entrypoints=websecure\"</span></span><span>\n</span></span></span><span><span><span>42</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.gitea.middlewares=secured@file\"</span></span><span>\n</span></span></span><span><span><span>43</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.gitea.tls=true\"</span></span><span>\n</span></span></span><span><span><span>44</span></span><span><span> </span><span>-</span> <span><span>\"traefik.http.routers.gitea.tls.certresolver=letsencrypt\"</span></span><span>\n</span></span></span><span><span><span>45</span></span><span><span> </span><span>-</span> <span><span>\"traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)\"</span></span><span>\n</span></span></span><span><span><span>46</span></span><span><span> </span><span>-</span> <span><span>\"traefik.tcp.routers.gitea-ssh.entrypoints=ssh\"</span></span><span>\n</span></span></span><span><span><span>47</span></span><span><span> </span><span>-</span> <span><span>\"traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc\"</span></span><span>\n</span></span></span><span><span><span>48</span></span><span><span> </span><span>-</span> <span><span>\"traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22\"</span></span><span>\n</span></span></span><span><span><span>49</span></span><span><span></span><span><span>networks</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>50</span></span><span><span><span> </span></span><span><span>traefik_lan</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>51</span></span><span><span><span> </span></span><span><span>external</span></span><span><span>:</span></span><span> </span><span><span>true</span></span><span>\n</span></span></span><span><span><span>52</span></span><span><span></span><span><span>volumes</span></span><span><span>:</span></span><span>\n</span></span></span><span><span><span>53</span></span><span><span><span> </span></span><span><span>data</span></span><span><span>:</span></span><span>\n</span></span></span></code></pre><p>...</p></div><p>yaml</p></div><p>Dans cette configuration:</p>\n<ul>\n<li>les inscriptions sont désactivées (ladministrateur doit créer les comptes)</li>\n<li>laccès est soumis à une authentification systématique (pas daccès libre à un dépôt public)</li>\n<li>le courriel denregistrement doit être validé pour accéder à la forge</li>\n<li>les données sont persistées dans un volume nommé Docker (<code>/var/lib/docker/volume/gitea_data/</code>)</li>\n<li>la redirection HTTP vers HTTPS est gérée en amont directement dans Traefik</li>\n<li>les connexions TCP sont redirigées du point dentrée <code>ssh</code> de Traefik vers le port TCP 22 du conteneur</li>\n</ul>\n<blockquote>\n<p>Gitea propose de nombreux paramètres de configurations. Vous devriez trouver votre bonheur dans <a rel=\"noopener\" href=\"https://docs.gitea.io/fr-fr/config-cheat-sheet/\">la documentation</a> en respectant la convention de nommage des variables denvironnement : <a rel=\"noopener\" href=\"https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini\">GITEA__SECTION__KEY-NAME</a></p>\n</blockquote>\n<p>Il ne reste plus quà démarrer le conteneur :</p>\n<div><div><pre tabindex=\"0\"><code data-lang=\"bash\"><span><span>1</span><span>$ docker-compose -f /opt/gitea/docker-compose.yaml up -d\n</span></span></code></pre></div><p>bash</p></div><p>et à finaliser linstallation dans linterface web :</p>\n<figure><img data-scale=\"1.1879350348027842\" data-pos=\"2\" loading=\"lazy\" alt=\"Gitea Install\" src=\"https://blog.levassb.ovh/images/gitea-install-sc.png\"></figure><p>Figure 2: Gitea Install</p>\n<blockquote>\n<p>Il faut impérativement créer le compte administrateur puisque les inscriptions sont fermées dans cette configuration.</p>\n</blockquote>\n<p>A ce stade, Gitea est opérationnel. Vous pouvez maintenant:</p>\n<ul>\n<li>créer un compte utilisateur</li>\n<li>ajouter une clé publique SSH</li>\n<li>créer un premier dépôt</li>\n</ul>\n<p>et tester les connexions SSH :</p>\n<div><div><pre tabindex=\"0\"><code data-lang=\"bash\"><span><span> 1</span><span>$ mkdir ~/projet <span>&amp;&amp;</span> <span><span>cd</span></span> <span><span>\"</span></span><span><span><span>$_</span></span></span><span><span>\"</span></span>\n</span></span><span><span> 2</span><span>$ touch README.md\n</span></span><span><span> 3</span><span>$ git init\n</span></span><span><span> 4</span><span>$ git checkout -b main\n</span></span><span><span> 5</span><span>$ git add README.md\n</span></span><span><span> 6</span><span>$ git commit -m <span><span>\"first commit\"</span></span>\n</span></span><span><span> 7</span><span>$ git remote add origin ssh://git@git.domain.tld:2222/johndoe/demo.git\n</span></span><span><span> 8</span><span>$ git push -u origin main\n</span></span><span><span> 9</span><span>$ git push origin main\n</span></span><span><span>10</span><span>Énumération des objets: 3, fait.\n</span></span><span><span>11</span><span>Décompte des objets: 100% <span>(</span>3/3<span>)</span>, fait.\n</span></span><span><span>12</span><span>Écriture des objets: 100% <span>(</span>3/3<span>)</span>, <span>219</span> octets <span>|</span> 219.00 Kio/s, fait.\n</span></span><span><span>13</span><span>Total <span>3</span> <span>(</span>delta 0<span>)</span>, réutilisés <span>0</span> <span>(</span>delta 0<span>)</span>, réutilisés du pack <span>0</span>\n</span></span><span><span>14</span><span>remote: . Processing <span>1</span> references\n</span></span><span><span>15</span><span>remote: Processed <span>1</span> references <span>in</span> total\n</span></span><span><span>16</span><span>To ssh://git.domain.tld:2222/johndoe/demo.git\n</span></span><span><span>17</span><span> * <span>[</span>new branch<span>]</span> main -&gt; main\n</span></span></code></pre></div><p>bash</p></div><figure><img data-scale=\"1.1879350348027842\" data-pos=\"3\" loading=\"lazy\" alt=\"Gitea repo\" src=\"https://blog.levassb.ovh/images/gitea-repo.png\"></figure><p>Figure 3: Gitea repo</p>\n<h2 id=\"conclusion\">Conclusion</h2>\n<p>Gitea offre une solution clé en main élégante et facile à mettre en oeuvre. Peu gourmande en ressources (moins de 200Mo de RAM et une image à 257Mo), elle est particulièrement bien adaptée aux contraites de lauto-hébergement.</p>\n<h2 id=\"ressources\">Ressources</h2>\n<ul>\n<li><a rel=\"noopener\" href=\"https://docs.gitea.io/fr-fr/\">documentation Gitea</a></li>\n<li><a rel=\"noopener\" href=\"https://docs.gitea.io/fr-fr/config-cheat-sheet/\">config Cheat Sheet (en)</a></li>\n<li><a rel=\"noopener\" href=\"https://community.traefik.io/t/ssh-gitea-with-traefik-v2/14525\">forum Traefik</a></li>\n<li><a rel=\"noopener\" href=\"https://www.digitalocean.com/community/tutorials/how-to-install-gitea-on-ubuntu-using-docker\">tutorial DigitalOcean (en)</a></li>\n<li><a rel=\"noopener\" href=\"https://www.richard-dern.fr/blog/2021/09/12/deployer-hugo-via-gitea-et-drone-ci/\">blog de Richard Dern</a></li>\n<li><a rel=\"noopener\" href=\"https://blog.filador.fr/gitea-le-gestionnaire-de-code-source-leger-et-simple-a-mettre-en-oeuvre-pour-votre-raspberry/\">blog de Romain Boulanger</a></li>\n</ul>\n<p>Photo by <a rel=\"noopener\" href=\"https://unsplash.com/fr/@mlightbody\">Malcolm Lightbody</a> on <a rel=\"noopener\" href=\"https://unsplash.com/photos/gPRvTP0sZ2M\">Unsplash</a></p>\n\n\n </article>\n\n\n \n</div></div>","textContent":"\n \n Gitea\n \n \n\n \n Jan 3, 2023\n · 5 min read · git\n docker\n \n \n  ·\n \n \n \n\n \n \n \n Gitea est une forge logicielle GIT écrite en Go dérivée de Gogs.\nComme souvent, au moment de choisir une solution logicielle, je regarde :\n\nla couverture fonctionnelle\nla vitalité du projet\nles ressources nécessaires (mon VPS est un peu limité)\nla qualité de la documentation\n\nGitea coche toutes ces cases avec une version Docker pour la facilité de maintenance, SQLite pour limiter les ressources (un seul conteneur) et des fonctionnalités à mi-chemin entre un Gitolite un peu trop “roots” et lusine à gaz GitLab.\nLe développement communautaire semble dynamique et la documentation est plutôt bien faite.\nGitea propose un comparatif des fonctionnalités avec les principales alternatives.\nInstallation\nUne fois de plus, je vais partir de ma plateforme déjà en place avec Traefik pour gérer les accés HTTPS (reverse-proxy) et SSH (routeur TCP) et Docker pour lexécution des conteneurs.\nJe commence par modifier la configuration de Traefik pour ajouter un point dentrée pour les connexions TCP vers le service SSH du conteneur Gitea:\n\n--entrypoints.ssh.address=:2222 : pour créer un point dentrée ssh dans Traefik\n2222:2222/tcp : pour ouvrir le port 2222 (le port 22 standard est déjà utilisé sur lhôte)\n\n 1version: '3'\n 2services:\n 3 traefik:\n 4 container_name: traefik\n 5 image: traefik:v2.9.6\n 6 restart: unless-stopped\n 7 command:\n 8 - \"--providers.docker=true\"\n 9 - \"--providers.docker.exposedbydefault=false\"\n10 - \"--providers.file.directory=/etc/traefik/dynamic-conf\"\n11 - \"--providers.file.watch=true\"\n12 - \"--api.dashboard=true\"\n13 - \"--entrypoints.web.address=:80\"\n14 - \"--entrypoints.websecure.address=:443\"\n15 - \"--entrypoints.ssh.address=:2222\" \n16 - \"--entrypoints.web.http.redirections.entrypoint.to=websecure\"\n17 - \"--entrypoints.web.http.redirections.entrypoint.scheme=https\"\n18 - \"--certificatesResolvers.letsencrypt.acme.email=admin@domaine.tld\"\n19 - \"--certificatesResolvers.letsencrypt.acme.storage=acme.json\"\n20 - \"--certificatesResolvers.letsencrypt.acme.tlsChallenge=true\"\n21 - \"--log=true\"\n22 - \"--log.level=INFO\"\n23 - \"--log.filepath=/var/log/traefik.log\"\n24 - \"--accesslog.filepath=/var/log/traefix-access.log\"\n25 labels:\n26 - \"traefik.enable=true\"\n27 - \"traefik.http.routers.dashboard.rule=Host(`traefik.domaine.tld`)\"\n28 - \"traefik.http.routers.dashboard.service=api@internal\"\n29 - \"traefik.http.routers.dashboard.entrypoints=websecure\"\n30 - \"traefik.http.routers.dashboard.middlewares=auth-dashboard\"\n31 - \"traefik.http.middlewares.auth-dashboard.basicauth.users=admin:#########################\"\n32 - \"traefik.http.routers.dashboard.tls=true\"\n33 - \"traefik.http.routers.dashboard.tls.certresolver=letsencrypt\"\n34 networks:\n35 - traefik_lan\n36 ports:\n37 - 80:80\n38 - 443:443\n39 - 2222:2222/tcp\n40 volumes:\n41 - /var/run/docker.sock:/var/run/docker.sock:ro\n42 - ./config/acme.json:/acme.json\n43 - ./config:/etc/traefik:ro\n44 - logs:/var/log/\n45\n46networks:\n47 traefik_lan:\n48 external: true\n49\n50volumes:\n51 logs:\n...yaml\nPour les autres paramètres, je vous laisse jeter un coup dœil à mon précédent article..\n\nJe crée un compte local git qui sera utilisé pour lexécution des processus du conteneur Gitea :\n1$ sudo adduser --system --shell /usr/sbin/nologin --group --disabled-password --home /home/git git\n2$ id git\n3uid=110(git) gid=118(git) groups=118(git)\nbash\nlIUD: 110 et le GID: 118 seront utilisés dans le docker-compose de Gitea\n\nJajoute un dossier pour contenir le fichier docker-compose de Gitea:\n1$ sudo mkdir /opt/gitea && cd \"$_\"\n2$ touch docker-compose.yaml\nbashJédite le fichier docker-compose.yaml\n 1version: '3'\n 2services:\n 3 gitea:\n 4 container_name: gitea\n 5 image: gitea/gitea:1.18.0\n 6 restart: unless-stopped\n 7 environment:\n 8 - USER_UID=110\n 9 - USER_GID=118\n10 - RUN_MODE=prod\n11 - APP_NAME=\"My forge!\"\n12 - GITEA__server__SSH_PORT=2222\n13 - GITEA__server__SSH_LISTEN_PORT=22\n14 - GITEA__server__HTTP_PORT=3000\n15 - GITEA__server__ROOT_URL=https://git.domain.tld\n16 - GITEA__database__DB_TYPE=sqlite3\n17 - GITEA__service__DISABLE_REGISTRATION=true\n18 - GITEA__service__REQUIRE_SIGNIN_VIEW=true\n19 - GITEA__service__REGISTER_EMAIL_CONFIRM=true \n20 - GITEA__mailer__ENABLED=true\n21 - GITEA__mailer__SMTP_ADDR=smtp.domain.tld\n22 - GITEA__mailer__SMTP_PORT=587\n23 - GITEA__mailer__PROTOCOL=smtp+starttls\n24 - GITEA__mailer__USER=admin@domain.tld\n25 - GITEA__mailer__PASSWD=V3ryS3cur3\n26 - GITEA__mailer__FROM=noreply-gitea@domain.tld\n27 expose:\n28 - \"3000\"\n29 - \"22\"\n30 networks:\n31 - traefik_lan\n32 volumes:\n33 - data:/data\n34 - /etc/timezone:/etc/timezone:ro\n35 - /etc/localtime:/etc/localtime:ro\n36 labels:\n37 - \"traefik.enable=true\"\n38 - \"traefik.http.services.gitea.loadbalancer.server.port=3000\"\n39 - \"traefik.docker.network=traefik_lan\"\n40 - \"traefik.http.routers.gitea.rule=Host(`git.domain.tld`)\"\n41 - \"traefik.http.routers.gitea.entrypoints=websecure\"\n42 - \"traefik.http.routers.gitea.middlewares=secured@file\"\n43 - \"traefik.http.routers.gitea.tls=true\"\n44 - \"traefik.http.routers.gitea.tls.certresolver=letsencrypt\"\n45 - \"traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)\"\n46 - \"traefik.tcp.routers.gitea-ssh.entrypoints=ssh\"\n47 - \"traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc\"\n48 - \"traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22\"\n49networks:\n50 traefik_lan:\n51 external: true\n52volumes:\n53 data:\n...yamlDans cette configuration:\n\nles inscriptions sont désactivées (ladministrateur doit créer les comptes)\nlaccès est soumis à une authentification systématique (pas daccès libre à un dépôt public)\nle courriel denregistrement doit être validé pour accéder à la forge\nles données sont persistées dans un volume nommé Docker (/var/lib/docker/volume/gitea_data/)\nla redirection HTTP vers HTTPS est gérée en amont directement dans Traefik\nles connexions TCP sont redirigées du point dentrée ssh de Traefik vers le port TCP 22 du conteneur\n\n\nGitea propose de nombreux paramètres de configurations. Vous devriez trouver votre bonheur dans la documentation en respectant la convention de nommage des variables denvironnement : GITEA__SECTION__KEY-NAME\n\nIl ne reste plus quà démarrer le conteneur :\n1$ docker-compose -f /opt/gitea/docker-compose.yaml up -d\nbashet à finaliser linstallation dans linterface web :\nFigure 2: Gitea Install\n\nIl faut impérativement créer le compte administrateur puisque les inscriptions sont fermées dans cette configuration.\n\nA ce stade, Gitea est opérationnel. Vous pouvez maintenant:\n\ncréer un compte utilisateur\najouter une clé publique SSH\ncréer un premier dépôt\n\net tester les connexions SSH :\n 1$ mkdir ~/projet && cd \"$_\"\n 2$ touch README.md\n 3$ git init\n 4$ git checkout -b main\n 5$ git add README.md\n 6$ git commit -m \"first commit\"\n 7$ git remote add origin ssh://git@git.domain.tld:2222/johndoe/demo.git\n 8$ git push -u origin main\n 9$ git push origin main\n10Énumération des objets: 3, fait.\n11Décompte des objets: 100% (3/3), fait.\n12Écriture des objets: 100% (3/3), 219 octets | 219.00 Kio/s, fait.\n13Total 3 (delta 0), réutilisés 0 (delta 0), réutilisés du pack 0\n14remote: . Processing 1 references\n15remote: Processed 1 references in total\n16To ssh://git.domain.tld:2222/johndoe/demo.git\n17 * [new branch] main -> main\nbashFigure 3: Gitea repo\nConclusion\nGitea offre une solution clé en main élégante et facile à mettre en oeuvre. Peu gourmande en ressources (moins de 200Mo de RAM et une image à 257Mo), elle est particulièrement bien adaptée aux contraites de lauto-hébergement.\nRessources\n\ndocumentation Gitea\nconfig Cheat Sheet (en)\nforum Traefik\ntutorial DigitalOcean (en)\nblog de Richard Dern\nblog de Romain Boulanger\n\nPhoto by Malcolm Lightbody on Unsplash\n\n\n \n\n\n \n","length":8163,"excerpt":"Jan 3, 2023\n · 5 min read · git\n docker\n \n \n  ·","siteName":null}
Reference in New Issue View Git Blame Copy Permalink