使用Gitea搭建私有Git服务#
总有不适合放到别人服务器上的代码,那就自己搭一个Git服务。本教程使用Docker,部署方便,迁移简单,且支持https。
1. 准备工作#
找一个喜欢的路径,新建一个文件夹用来存放之后所有的文件,这里我推荐命名为Gitea
。
然后新建./docker-compose.yml
,用于快速部署容器。
2. 编辑docker-compose.yml
#
docker-compose.yml
基于官方文档修改而来,采用PostgreSQL 数据库一节给出的配置。
此处,我除了gitea
和postgres
镜像外,还添加了nginx
镜像用于开启https。
内容如下,可根据需求自行修改:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
# - "3000:3000"
# - "222:22"
depends_on:
- db
- reverse_proxy
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- ./postgres:/var/lib/postgresql/data
reverse_proxy:
image: nginx:latest
restart: always
networks:
- gitea
ports:
- "443:443"
volumes:
- ./nginx/conf.d/gitea.conf:/etc/nginx/conf.d/gitea.conf
- ./nginx/gitea.crt:/etc/nginx/gitea.crt
- ./nginx/gitea.key:/etc/nginx/gitea.key
|
3. 配置https#
新建目录./nginx/conf.d
,新建文件./nginx/conf.d/gitea.conf
、./nginx/gitea.crt
、./nginx/gitea.key
:
1
2
|
mkdir -p ./nginx/conf.d
touch ./nginx/conf.d/gitea.conf ./nginx/gitea.crt ./nginx/gitea.key
|
编辑gitea.conf
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
server {
# SSL访问端口号为443
listen 443 ssl;
# 填写绑定证书的域名
server_name gitea.com;
# If they come here using HTTP, bounce them to the correct scheme
error_page 497 https://$server_name:$server_port$request_uri;
# 上传大小限制
client_max_body_size 1000M;
# 日志
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
# 证书文件
ssl_certificate /etc/nginx/gitea.crt;
# 证书密钥文件
ssl_certificate_key /etc/nginx/gitea.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://gitea:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
}
}
|
将ssl证书内容复制到gitea.crt
、gitea.key
中。
4. 启动容器#
1
2
|
# -d: 后台运行
docker-compose up -d
|
然后访问网站即可使用。