Gitea

From charlesreid1

What is it?

Gitea is a self-hosted github-like web service, written in Go.

(insert screenshot here)

Main link: https://try.gitea.io/

Github project: https://github.com/go-gitea/gitea


Installing

To install it, you can use the binary.

I kept the gitea directory organized by putting the binary in its own folder, then separating out the certificates (for https/ssl), data (gitea's sqlite database), repositories (data for git repositories), and log (logging for gitea). 

/path/to/www/gitea/
+--------- bin/
+--------- certs/
+--------- data/
+--------- repositories/
+--------- log/

To install it, you just navigate to the binary and run 

$ ./gitea web

This runs a setup page on port 3000. Alternatively, you can use the admin command line interface to set things up securely, without exposing the (sensitive) setup page to anyone.

That's about it.

Gitea with HTTPS

You can run gitea over HTTPS. The gitea binary can generate self-signed certificates, or you can use an existing HTTPS certificate.

Using existing HTTPS certificate

I needed to have gitea over HTTPS using an existing certificate. I already had an HTTPS certificate, in the form of a private .key and a public .cert, but it was set up to be restricted to root only, and nginx and Apache are perfectly okay running as www-data and not being able to read the private key file (which is only readable by root). We're fine there.

But when I pointed to these files with soft links, 

$ ln -fs /sslkeys/key.pem /www/gitea/cert/key.pem
$ ln -fs /sslkeys/cert.pem /www/gitea/cert/key.pem

I was having some problems getting gitea to run. Gitea was raising a permissions error: 

$ ./gitea web
2017/03/21 15:21:12 [T] Custom path: /www/gitea/bin/custom
2017/03/21 15:21:12 [T] Log path: /www/gitea/log
2017/03/21 15:21:12 [I] Gitea v1.0.1
2017/03/21 15:21:12 [I] Log Mode: File(Info)
2017/03/21 15:21:12 [I] Cache Service Enabled
2017/03/21 15:21:12 [I] Session Service Enabled
2017/03/21 15:21:12 [I] Git Version: 2.5.0
2017/03/21 15:21:12 [I] SQLite3 Supported
2017/03/21 15:21:12 [I] Run Mode: Production
2017/03/21 15:21:12 [I] Listen: https://0.0.0.0:3000
2017/03/21 15:21:12 [....io/gitea/cmd/web.go:632 runWeb()] [E] Fail to start server: open /www/gitea/certs/key.pem: permission denied

The solution was, the user that runs the Gitea web command also has to be able to read the private key file. Can just make the /sslkeys folder and contents group-readable to a new group ssl-group, and add any users that need access to the keys. Then add a git or gitea user, and run everything as the git user.

Add SSL group: 

groupadd ssl-certs

Make a git user to run gitea: 

useradd git

Add git user to ssl-certs group: 

usermod -G ssl-certs git

Change permissions of SSL certs to be group-readable: 

chgrp ssl-certs /sslcerts/{cert,key}.pem
chmod g+r /sslcerts/{cert,key}.pem

Now the keys are group-readable, and git is added to the group who can read SSL keys.

One more hurdle: we have to run gitea as the git user we just created. But we'll cover that below.

Using Self-Signed Cert

Using a self-signed HTTPS certificate is basically the equivalent to saying "Trust me!" at the end of every sentence. Any decent web browser raising an annoying warning or not loading the page at all. To use gitea to do it: 

$ ./gitea cert --host mysite.com

This will create a key and certificate in the same directory, with pretty loose permissions.

References

Main site: https://github.com/go-gitea/gitea

Config cheat sheet: https://docs.gitea.io/en-us/config-cheat-sheet/

Binary installation: https://docs.gitea.io/en-us/install-from-binary/

Can use Docker

Retrieved from "https://charlesreid1.com/w/index.php?title=Gitea&oldid=15250"