How to install Gitea code hosting service Fedora 34
Gitea is an open source code hosting solution based on the Git platform. It is written in Go language. It includes a repository file editor, issue tracking, pull requests, user management, notifications, built-in wiki, LFS support, Git hooks, and more.
It is a lightweight application. Therefore, it can be installed on low-power systems. If you are looking for a self-hosted Git platform with a smaller memory platform, you should check out Gitea.
This article will introduce how to install and configure Gitea Fedora 34 and how to set up your first Git repository. Gitea can be installed from source code, binaries, docker packages or packages. For our tutorial, we will install it from the binary.
prerequisites
- Running server Fedora 34.
- A non-root sudo user.
- SELinux is disabled.
-
Make sure everything is updated.
$ sudo dnf update
Step 1-Configure the firewall
The first step is to configure the firewall. Fedora Server comes with Firewall Firewall.
Check if the firewall is running.
$ sudo firewall-cmd --state
You should get the following output.
running
Check the currently allowed services/ports.
$ sudo firewall-cmd --permanent --list-services
It should display the following output.
dhcpv6-client mdns ssh
Allow HTTP and HTTPS ports.
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
Recheck the status of the firewall.
$ sudo firewall-cmd --permanent --list-services
You should see similar output.
dhcpv6-client http https mdns ssh
Reload the firewall.
$ sudo systemctl reload firewalld
Step 2-Install Git
The first step is to install Git.
$ sudo dnf install git
Verify the installation by checking the Git version.
$ git --version
git version 2.31.1
Configure Git
Git can be configured as git config
Order. Set up your name and email address to use Git.
$ git config --global user.name "Your Name"
$ git config --global user.email "[email protected]"
You can use the following command to check the configuration.
$ git config --list
user.name=Your Name
[email protected]
Step 3-Install and configure PostgreSQL
Gitea supports SQLite, MySQL/Mariadb, MSSQL and PostgreSQL. For our tutorial, we will use PostgreSQL.
Install and initialize PostgreSQL.
$ sudo dnf module enable postgresql:13
$ sudo dnf install postgresql-server postgresql-contrib
$ sudo postgresql-setup --initdb --unit postgresql
$ sudo systemctl enable --now postgresql
PostgreSQL uses the md5 encryption scheme for password authentication by default, which is insecure.You need to switch to SCRAM-SHA-256
plan. If you want to connect to a remote PostgreSQL database, you need to configure it to listen on your IP address.Both of these can be edited by /var/lib/pgsql/data/postgresql.conf
document. Open it for editing.
$ sudo nano /var/lib/pgsql/data/postgresql.conf
Edit the following variables as follows.
listen_addresses = 'localhost, 201.0.110.0'
password_encryption = scram-sha-256
Press save file Ctrl + X And enter Yes When prompted.
Restart PostgreSQL.
$ sudo systemctl restart postgresql
Log in to the PostgreSQL shell.
$ sudo -u postgres psql
Create a new SQL user and database for Gitea. Choose a strong password for your database user.
postgres-# CREATE ROLE gitea WITH LOGIN PASSWORD 'yourpassword';
postgres-# CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
Replace the user name, database name, and password as needed.
Exit By typing shell q
.
Allow database users to access the database created above by adding the following authentication rules /var/lib/pgsql/data/pg_hba.conf
.
If the database is local, add this line.
local giteadb gitea scram-sha-256
For remote databases, use the following code instead.
host giteadb gitea 192.0.2.10/32 scram-sha-256
You also need to edit the following line by adding replacement ident
with scram-sha-256
.
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
They should look like the following.
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
Press save file Ctrl + X And enter Yes When prompted.
Restart PostgreSQL.
$ sudo systemctl restart postgresql
If you want to enable remote connections, you also need to add the following rules in the firewall.
$ sudo firewall-cmd --permanent--add-service=postgresql
$ sudo firewall-cmd --reload
Step 4-Create Git User
Create a new system user to run the Gitea application.
$ sudo useradd
--system
--shell /bin/bash
--comment 'Git Version Control'
--create-home
--home /home/git
git
This command creates a new user and group named git
And set the home directory to /home/git
.
Step 5-Install Gitea
Open Gitea download page And check the version number of the latest binary file available. At the time of writing this tutorial, the latest version is 1.14.3.If there is a newer version, please VERSION
Variables in the following commands.
use wget
Utility to get the latest Gitea binaries.
$ GITEAVERSION=1.14.3
$ wget -O gitea https://dl.gitea.io/gitea/${GITEAVERSION}/gitea-${GITEAVERSION}-linux-amd64
Move the downloaded binary file to /usr/local/bin
contents.
$ sudo mv gitea /usr/local/bin
Make the binary executable.
$ sudo chmod +x /usr/local/bin/gitea
Run the following commands to create the directory and set the permissions required for Gitea to work properly.
$ sudo mkdir -p /var/lib/gitea/{custom,data,log}
$ sudo chown -R git:git /var/lib/gitea/
$ sudo chmod -R 750 /var/lib/gitea/
$ sudo mkdir /etc/gitea
$ sudo chown root:git /etc/gitea
$ sudo chmod 770 /etc/gitea
Permission of /etc/gitea
The directory is set to 770 so that the installation wizard can create configuration files. After the installation is complete, we will set stricter permissions.
Create Systemd service file
We run Gitea as a systemd service. To do this, create a new systemd entry file for Gitea.
$ sudo nano /etc/systemd/system/gitea.service
Paste the following code into it.
[Unit]
Description=Gitea
After=syslog.target
After=network.target
After=postgresql.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target
Press save file Ctrl + X And enter Yes When prompted.
For reference, you can view the example Systemd files are available from the Gitea repository .
Reload the systemd daemon to enable the file we just created.
$ sudo systemctl daemon-reload
Enable and start the Gitea service.
$ sudo systemctl enable --now gitea
Verify that Gitea is running.
$ sudo systemctl status gitea
gitea.service - Gitea
Loaded: loaded (/etc/systemd/system/gitea.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-07-04 20:33:38 EDT; 1 day 8h ago
Main PID: 46404 (gitea)
Tasks: 7 (limit: 2328)
Memory: 115.5M CPU: 9min 12.061s
CGroup: /system.slice/gitea.service
---46404 /usr/local/bin/gitea web -c /etc/gitea/app.ini
...
Step 6-Configure Gitea
By default, Gitea listens on port 3000. You can use another port or stick to the default port. Therefore, we also need to open port 3000.
$ sudo firewall-cmd --permanent --add-port=3000/tcp
$ sudo firewall-cmd --reload
Open the browser and enter https://YOURIPADDRESS:3000
You will see the Gitea installer. Use the following values to configure.
Database settings
- Database type: Select PostgreSQL from the drop-down list
- host: 127.0.0.1:5432
- username: Giteya
- password: Your password
- Name database: Giteya
General settings
- Website title: Enter Your organization name
- Repository root path: Keep the default path
- Git LFS root path: Keep the default path
- Run as user name: Jerk
- SSH server domain: Enter Your IP address
- HTTP listening port: 3000 (You can change the port here, but you need to access it through the firewall.)
- Gitea base website: https://your address: 3000
- Log path: Keep the default value
You can configure email and server settings at this time, or you can change them later. However, you should fill in the administrator account settings.
To start the installation, click Install Gitea* Button. Once completed, you will be automatically logged in and redirected to the account dashboard.
The installation will create a Gitea configuration file. Change its permissions to read-only.
$ sudo chmod 750 /etc/gitea
$ sudo chmod 640 /etc/gitea/app.ini
That’s it. Gitea is now installed on your server.
Step 7-Install SSL using Let’s Encrypt
To install the SSL certificate using Let’s Encrypt, we need to download the Certbot tool using the Snapd package installer included in Ubuntu 20.04.
Run the following command to install Certbot.
$ sudo dnf install certbot
Generate an SSL certificate.
$ sudo certbot certonly --standalone --preferred-challenges http -d googlesyndication.com
The above command will download a certificate to /etc/letsencrypt/live/googlesyndication.com
The directory on the server.
Create a challenge webroot directory for Let’s Encrypt automatic renewal.
$ sudo mkdir -p /var/lib/letsencrypt
Create a cron job to update SSL. It will run every day to check the certificate and update it when needed.To do this, first, create a file /etc/cron.daily/certbot-renew
And open it for editing.
$ sudo nano /etc/cron.daily/certbot-renew
Paste the following code.
#!/bin/sh
certbot renew --cert-name googlesyndication.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
Press save file Ctrl + X And enter Yes When prompted.
Change the permissions of the task file to make it executable.
$ sudo chmod +x /etc/cron.daily/certbot-renew
Step 8-Install and configure Nginx
The next step is to install the Nginx server.
$ sudo dnf install nginx
Create an Nginx configuration file for Gitea.
$ sudo nano /etc/nginx/conf.d/gitea.conf
Paste the following code into it.
server {
listen 80;
location ~ /.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
server_name yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your_domain;
client_max_body_size 50m;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20- POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers off;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_redirect off;
proxy_pass https://127.0.0.1:3000;
}
access_log /var/log/nginx/gitea.access.log;
error_log /var/log/nginx/gitea.error.log;
}
Press save file Ctrl + X And enter Yes When prompted.
Verify that the configuration file is working properly.
$ sudo nginx -t
Restart the Nginx server.
$ sudo systemctl restart nginx
Next, change the Gitea domain and root URL.To do this, open the configuration file /etc/gitea/app.ini
.
$ sudo nano /etc/gitea/app.ini
Change the following values.
[server]
SSH_DOMAIN = git.googlesyndication.com
DOMAIN = git.googlesyndication.com
ROOT_URL = https://git.googlesyndication.com/
Press save file Ctrl + X And enter Yes When prompted.
Restart the Gitea service.
$ sudo systemctl restart gitea
Step 9-set up email notifications
If you want to receive email notifications, you can enable them through Sendmail or a third-party email transaction service (such as Amazon SES, Postmark, Mailgun, or Sendgrid).
To enable notifications, open the configuration file /etc/gitea/app.ini
.
$ sudo nano /etc/gitea/app.ini
Edit the following part in the file and add the following code.
[mailer]
ENABLED = true
FROM = [email protected]
MAILER_TYPE = smtp
HOST = mail.mydomain.com:587
IS_TLS_ENABLED = true
USER = [email protected]
PASSWD = `password`
Press save file Ctrl + X And enter Yes When prompted.
Restart the Gitea service.
$ sudo systemctl restart gitea
Step 10-Update Gitea
Upgrading Gitea includes downloading and replacing Gitea binaries.
First, stop the Gitea service.
$ sudo systemctl stop gitea
Download and install the Gitea binaries.
$ GITEAVERSION=LATESTVERSION
$ wget -O gitea https://dl.gitea.io/gitea/${GITEAVERSION}/gitea-${GITEAVERSION}-linux-amd64
$ sudo mv gitea /usr/local/bin
$ sudo chmod +x /usr/local/bin/gitea
Restart the Gitea service.
$ sudo systemctl start gitea
Step 11-How to use SSH
To use SSH, we need to add our own SSH key to Gitea. If not, you can use the following command to create one on your local system.
$ ssh-keygen -N "yourpassphrase" -t ed25519 -C "gitea_key"
This will create a key named id_ed25519
inside ~/.ssh
contents.To add this key, copy the contents of the file ~/.ssh/id_ed25519.pub
To your clipboard.Then add this key to the Gitea settings page under the tab SSH/GPG key . Click Add key Button and name the key and paste it into the box.
If there is a list of allowed users in the sshd configuration file, you need to add git
To it.
Open the SSHD configuration file.
$ sudo nano /etc/ssh/sshd_config
Find the line that should look like the following.
AllowUsers myuser myotheruser git
Press save file Ctrl + X And enter Yes When prompted.
Restart the SSHD service.
$ sudo systemctl restart ssh
You need to add a passphrase for the key we created ssh-agent
Tools on your local system so you won’t be asked repeatedly. Run the following command to do this.
$ eval $(ssh-agent)
Agent pid 46436
$ ssh-add ~/.ssh/id_ed25519
You can clone your repository to test the SSH connection.
$ git clone ssh://[email protected]/username/repo.git
Cloning into 'repo'...
The authenticity of host 'googlesyndication.com (201.110.80.160)' can't be established.
ECDSA key fingerprint is SHA256:Kx9l19zpGhHfbb2wHtmWeC7/WWv8e5/T3Tcws2qwVEw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'googlesyndication.com,201.110.80.160' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (5/5), 4.77 KiB | 977.00 KiB/s, done.
in conclusion
This concludes the tutorial on installing and configuring the Gitea code hosting service Fedora 34. If you have any questions, please raise them in the comments below.