docker_gitea/README.md

3.2 KiB

blacka.com gitea service

This repo consists of some deployment files for running gitea, a Go-based git repository manager (think a Go-based simple github.com-like service.)

The idea here is to host a git repository and project management system, only because it is somewhat easy to do so, and this is better than just using gitweb.

Overview

This runs the actual application via a docker image published by the gitea project. However, we do need some integration with the host in order to run. The basic problems that we need to solve are:

  1. How do we get our main Apache-based web server to get us to the internal web server that the docker image runs? We use Apache's mod_proxy for that.
  2. How do we get SSH pushes/pulls to work. Ideally, one would be able to use a git url like git@blacka.com/davidb/docker_gitea.git. But to do that, we first need the host itself (zeke) to handle an ssh-session as git.

The gitea documentation talks about using docker-compose, so we will basically do that. Although, docker-compose itself (a python program not really maintained by the Docker project) is mostly gone, docker compose (with a space) now works with a normal docker-ce-cli install.

Deployment Artifacts

Currently we have

  • A docker-compose (docker<space>compose?) file, mostly copied from the documentation.
  • A systemd unit file, based on an example of how to run docker-compose via systemd (basically just have it launch docker compose up -d and then walk away.)
  • A snippet of httpd.conf config for setting up the mod_proxy settings.
  • A setup.sh shell script.

Deployment

Run setup.sh as root. That will

  1. Create the git:gitea user, with a home directory of /var/lib/gitea.
  2. Create the /var/lib/gitea/data and ~/.ssh directories
  3. Write out a docker-shell to use as the shell for the git:gitea user we just created. This will docker exec into the gitea image, effectively proxying ssh commands into the container. In theory we can just ssh into the container from the outside, but we would have configure an authorized_key that wasn't for a user.

Next get the container running:

  1. Copy the docker-compose.yaml file to /var/lib/gitea.
  2. Copy the docker.gitea.service to /etc/systemd/system.
  3. Activate the service:
systemctl enable docker.gitea.service
systemctl start docker.gitea.service

We can check to see if the container is running with docker container ls

Finally, get the webserver configured and reloaded:

  1. Update the apache configuration with the mod_proxy config. Note that the gitea container doesn't really care where you mount the proxy URL. I'm putting it at https://blacka.com/git, myself.
  2. Check that the config you just added won't break Apache, and reload if it looks OK
sudo -s  # become root
apachectl

# if that is OK, we can activate it
systemctl reload httpd.service

If we don't have any existing config, then the first registered user will be the admin. We might have to disable the REQUIRE_MANUAL_CONFIRM setting -- I haven't tried that order.