How to install Gitea code hosting service Fedora 34

Gitea is an open source code hosting solution based on the Git platform. It is written in Go language. It includes a repository file editor, issue tracking, pull requests, user management, notifications, built-in wiki, LFS support, Git hooks, and more.

It is a lightweight application. Therefore, it can be installed on low-power systems. If you are looking for a self-hosted Git platform with a smaller memory platform, you should check out Gitea.

This article will introduce how to install and configure Gitea Fedora 34 and how to set up your first Git repository. Gitea can be installed from source code, binaries, docker packages or packages. For our tutorial, we will install it from the binary.

prerequisites

• Running server Fedora 34.
• A non-root sudo user.
• SELinux is disabled.

• Make sure everything is updated.

  $ sudo dnf update
  

Step 1-Configure the firewall

The first step is to configure the firewall. Fedora Server comes with Firewall Firewall.

Check if the firewall is running.

$ sudo firewall-cmd --state

You should get the following output.

running

Check the currently allowed services/ports.

$ sudo firewall-cmd --permanent --list-services

It should display the following output.

dhcpv6-client mdns ssh

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https

Recheck the status of the firewall.

$ sudo firewall-cmd --permanent --list-services

You should see similar output.

dhcpv6-client http https mdns ssh

Reload the firewall.

$ sudo systemctl reload firewalld

Step 2-Install Git

The first step is to install Git.

$ sudo dnf install git

Verify the installation by checking the Git version.

$ git --version
git version 2.31.1

Configure Git

Git can be configured as git config Order. Set up your name and email address to use Git.

$ git config --global user.name "Your Name"
$ git config --global user.email "[email protected]"

You can use the following command to check the configuration.

$ git config --list
user.name=Your Name
[email protected]

Step 3-Install and configure PostgreSQL

Gitea supports SQLite, MySQL/Mariadb, MSSQL and PostgreSQL. For our tutorial, we will use PostgreSQL.

Install and initialize PostgreSQL.

$ sudo dnf module enable postgresql:13
$ sudo dnf install postgresql-server postgresql-contrib
$ sudo postgresql-setup --initdb --unit postgresql
$ sudo systemctl enable --now postgresql

PostgreSQL uses the md5 encryption scheme for password authentication by default, which is insecure.You need to switch to SCRAM-SHA-256 plan. If you want to connect to a remote PostgreSQL database, you need to configure it to listen on your IP address.Both of these can be edited by /var/lib/pgsql/data/postgresql.conf document. Open it for editing.

$ sudo nano /var/lib/pgsql/data/postgresql.conf

Edit the following variables as follows.

listen_addresses = 'localhost, 201.0.110.0'
password_encryption = scram-sha-256

Press save file Ctrl + X And enter Yes When prompted.

Restart PostgreSQL.

$ sudo systemctl restart postgresql

Log in to the PostgreSQL shell.

$ sudo -u postgres psql

Create a new SQL user and database for Gitea. Choose a strong password for your database user.

postgres-# CREATE ROLE gitea WITH LOGIN PASSWORD 'yourpassword';
postgres-# CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';

Replace the user name, database name, and password as needed.

Exit By typing shell q.

Allow database users to access the database created above by adding the following authentication rules /var/lib/pgsql/data/pg_hba.conf.

If the database is local, add this line.

local    giteadb    gitea    scram-sha-256

For remote databases, use the following code instead.

host    giteadb    gitea    192.0.2.10/32    scram-sha-256

You also need to edit the following line by adding replacement ident with scram-sha-256.

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident

They should look like the following.

# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256
# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

Press save file Ctrl + X And enter Yes When prompted.

Restart PostgreSQL.

$ sudo systemctl restart postgresql

If you want to enable remote connections, you also need to add the following rules in the firewall.

$ sudo firewall-cmd --permanent--add-service=postgresql
$ sudo firewall-cmd --reload

Step 4-Create Git User

Create a new system user to run the Gitea application.

$ sudo useradd 
   --system 
   --shell /bin/bash 
   --comment 'Git Version Control' 
   --create-home 
   --home /home/git 
   git

This command creates a new user and group named git And set the home directory to /home/git.

Step 5-Install Gitea

Open Gitea download page And check the version number of the latest binary file available. At the time of writing this tutorial, the latest version is 1.14.3.If there is a newer version, please VERSION Variables in the following commands.

use wget Utility to get the latest Gitea binaries.

$ GITEAVERSION=1.14.3
$ wget -O gitea https://dl.gitea.io/gitea/${GITEAVERSION}/gitea-${GITEAVERSION}-linux-amd64

Move the downloaded binary file to /usr/local/bin contents.

$ sudo mv gitea /usr/local/bin

Make the binary executable.

$ sudo chmod +x /usr/local/bin/gitea

Run the following commands to create the directory and set the permissions required for Gitea to work properly.

$ sudo mkdir -p /var/lib/gitea/{custom,data,log}
$ sudo chown -R git:git /var/lib/gitea/
$ sudo chmod -R 750 /var/lib/gitea/
$ sudo mkdir /etc/gitea
$ sudo chown root:git /etc/gitea
$ sudo chmod 770 /etc/gitea

Permission of /etc/gitea The directory is set to 770 so that the installation wizard can create configuration files. After the installation is complete, we will set stricter permissions.

Create Systemd service file

We run Gitea as a systemd service. To do this, create a new systemd entry file for Gitea.

$ sudo nano /etc/systemd/system/gitea.service

Paste the following code into it.

[Unit]
Description=Gitea
After=syslog.target
After=network.target
After=postgresql.service

[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea

[Install]
WantedBy=multi-user.target

Press save file Ctrl + X And enter Yes When prompted.

For reference, you can view the example Systemd files are available from the Gitea repository.

Reload the systemd daemon to enable the file we just created.

$ sudo systemctl daemon-reload

Enable and start the Gitea service.

$ sudo systemctl enable --now gitea

Verify that Gitea is running.

$ sudo systemctl status gitea
  gitea.service - Gitea
     Loaded: loaded (/etc/systemd/system/gitea.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2021-07-04 20:33:38 EDT; 1 day 8h ago
   Main PID: 46404 (gitea)
      Tasks: 7 (limit: 2328)
     Memory: 115.5M        CPU: 9min 12.061s
     CGroup: /system.slice/gitea.service
             ---46404 /usr/local/bin/gitea web -c /etc/gitea/app.ini
...

Step 6-Configure Gitea

By default, Gitea listens on port 3000. You can use another port or stick to the default port. Therefore, we also need to open port 3000.

$ sudo firewall-cmd --permanent --add-port=3000/tcp
$ sudo firewall-cmd --reload

Open the browser and enter https://YOURIPADDRESS:3000 You will see the Gitea installer. Use the following values ​​to configure.

Database settings

• Database type: Select PostgreSQL from the drop-down list
• host: 127.0.0.1:5432
• username: Giteya
• password: Your password
• Name database: Giteya

General settings

• Website title: Enter Your organization name
• Repository root path: Keep the default path
• Git LFS root path: Keep the default path
• Run as user name: Jerk
• SSH server domain: Enter Your IP address
• HTTP listening port: 3000 (You can change the port here, but you need to access it through the firewall.)
• Gitea base website: https://your address: 3000
• Log path: Keep the default value

You can configure email and server settings at this time, or you can change them later. However, you should fill in the administrator account settings.

To start the installation, click Install Gitea* Button. Once completed, you will be automatically logged in and redirected to the account dashboard.

The installation will create a Gitea configuration file. Change its permissions to read-only.

$ sudo chmod 750 /etc/gitea
$ sudo chmod 640 /etc/gitea/app.ini

That’s it. Gitea is now installed on your server.

Step 7-Install SSL using Let’s Encrypt

To install the SSL certificate using Let’s Encrypt, we need to download the Certbot tool using the Snapd package installer included in Ubuntu 20.04.

Run the following command to install Certbot.

$ sudo dnf install certbot

Generate an SSL certificate.

$ sudo certbot certonly --standalone --preferred-challenges http -d example.com

The above command will download a certificate to /etc/letsencrypt/live/example.com The directory on the server.

Create a challenge webroot directory for Let’s Encrypt automatic renewal.

$ sudo mkdir -p /var/lib/letsencrypt

Create a cron job to update SSL. It will run every day to check the certificate and update it when needed.To do this, first, create a file /etc/cron.daily/certbot-renew And open it for editing.

$ sudo nano /etc/cron.daily/certbot-renew

Paste the following code.

#!/bin/sh
certbot renew --cert-name example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"

Press save file Ctrl + X And enter Yes When prompted.

Change the permissions of the task file to make it executable.

$ sudo chmod +x /etc/cron.daily/certbot-renew

Step 8-Install and configure Nginx

The next step is to install the Nginx server.

$ sudo dnf install nginx

Create an Nginx configuration file for Gitea.

$ sudo nano /etc/nginx/conf.d/gitea.conf

Paste the following code into it.

server {
        listen 80;
    
        location ~ /.well-known/acme-challenge {
                root /var/lib/letsencrypt/;
        }
    
        server_name yourdomain.com;
        return 301 https://$server_name$request_uri;
}
server {
        listen 443 ssl http2;
        server_name your_domain;
    
        client_max_body_size 50m;
    
        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20- POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_prefer_server_ciphers off;
        ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem;
    
        proxy_read_timeout 720s;
        proxy_connect_timeout 720s;
        proxy_send_timeout 720s;
        
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
    
        location / {
                proxy_redirect off;
                proxy_pass https://127.0.0.1:3000;
     	}
        access_log /var/log/nginx/gitea.access.log;
        error_log /var/log/nginx/gitea.error.log;
}

Press save file Ctrl + X And enter Yes When prompted.

Verify that the configuration file is working properly.

$ sudo nginx -t

Restart the Nginx server.

$ sudo systemctl restart nginx

Next, change the Gitea domain and root URL.To do this, open the configuration file /etc/gitea/app.ini.

$ sudo nano /etc/gitea/app.ini

Change the following values.

[server]
SSH_DOMAIN       = git.example.com
DOMAIN           = git.example.com
ROOT_URL         = https://git.example.com/

Press save file Ctrl + X And enter Yes When prompted.

Restart the Gitea service.

$ sudo systemctl restart gitea

Step 9-set up email notifications

If you want to receive email notifications, you can enable them through Sendmail or a third-party email transaction service (such as Amazon SES, Postmark, Mailgun, or Sendgrid).

To enable notifications, open the configuration file /etc/gitea/app.ini.

$ sudo nano /etc/gitea/app.ini

Edit the following part in the file and add the following code.

[mailer]
ENABLED = true
FROM           = [email protected]
MAILER_TYPE    = smtp
HOST           = mail.mydomain.com:587
IS_TLS_ENABLED = true
USER           = [email protected]
PASSWD         = `password`

Press save file Ctrl + X And enter Yes When prompted.

Restart the Gitea service.

$ sudo systemctl restart gitea

Step 10-Update Gitea

Upgrading Gitea includes downloading and replacing Gitea binaries.

First, stop the Gitea service.

$ sudo systemctl stop gitea

Download and install the Gitea binaries.

$ GITEAVERSION=LATESTVERSION
$ wget -O gitea https://dl.gitea.io/gitea/${GITEAVERSION}/gitea-${GITEAVERSION}-linux-amd64
$ sudo mv gitea /usr/local/bin
$ sudo chmod +x /usr/local/bin/gitea

Restart the Gitea service.

$ sudo systemctl start gitea

Step 11-How to use SSH

To use SSH, we need to add our own SSH key to Gitea. If not, you can use the following command to create one on your local system.

$ ssh-keygen -N "yourpassphrase" -t ed25519 -C "gitea_key"

This will create a key named id_ed25519 inside ~/.ssh contents.To add this key, copy the contents of the file ~/.ssh/id_ed25519.pub To your clipboard.Then add this key to the Gitea settings page under the tab SSH/GPG key. Click Add key Button and name the key and paste it into the box.

If there is a list of allowed users in the sshd configuration file, you need to add git To it.

Open the SSHD configuration file.

$ sudo nano /etc/ssh/sshd_config

Find the line that should look like the following.

AllowUsers myuser myotheruser git

Press save file Ctrl + X And enter Yes When prompted.

Restart the SSHD service.

$ sudo systemctl restart ssh

You need to add a passphrase for the key we created ssh-agent Tools on your local system so you won’t be asked repeatedly. Run the following command to do this.

$ eval $(ssh-agent)
Agent pid 46436
$ ssh-add ~/.ssh/id_ed25519

You can clone your repository to test the SSH connection.

$ git clone ssh://[email protected]/username/repo.git
Cloning into 'repo'...
The authenticity of host 'example.com (201.110.80.160)' can't be established.
ECDSA key fingerprint is SHA256:Kx9l19zpGhHfbb2wHtmWeC7/WWv8e5/T3Tcws2qwVEw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'example.com,201.110.80.160' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (5/5), 4.77 KiB | 977.00 KiB/s, done.

in conclusion

This concludes the tutorial on installing and configuring the Gitea code hosting service Fedora 34. If you have any questions, please raise them in the comments below.