Gitea: Difference between revisions
From charlesreid1
| Line 1: | Line 1: | ||
=What is it?= | ==What is it?== | ||
Gitea is a self-hosted github-like web service, written in Go. | Gitea is a self-hosted github-like web service, written in Go. | ||
| Line 157: | Line 157: | ||
Then detach the screen and voila. | Then detach the screen and voila. | ||
==Importing Repositories from Github== | |||
If you want to import a repository or move a repository from a different server to your gitea server, here's how you do it. | |||
Summary: | |||
* Get a local copy of the repo onto your server | |||
* Fetch all the tags, commits, remote branches, etc. so you have a local copy | |||
* Add a new remote server, e.g., new-origin | |||
* Push all local branches and tags to the new-origin server | |||
* Remove old origin, rename new-origin to origin | |||
Link: https://www.smashingmagazine.com/2014/05/moving-git-repository-new-server/ | |||
===Getting local copy of repo locally=== | |||
Use git checkout with https | |||
===Fetch all tags, commits, etc=== | |||
If origin is the remote server you are migrating FROM: | |||
<pre> | |||
git fetch origin | |||
</pre> | |||
This will get all the latest branches and tags info, but won't necessarily grab a copy. To force git to grab a copy, do: | |||
<pre> | |||
git branch -a | |||
</pre> | |||
Get any branches prefixed with <code>remote/origin/my-branch</code> and check them out: | |||
For example if you had <code>remote/origin/my-branch-1</code> and <code>remote/origin/my-branch-2</code>: | |||
<pre> | |||
git checkout -b my-branch-1 origin/my-branch-1 | |||
git checkout -b my-branch-2 origin/my-branch-2 | |||
</pre> | |||
Now verify you have local copies of all branches: | |||
<pre> | |||
git branch -a | |||
</pre> | |||
===Create new remote=== | |||
Now create your new remote, call it new-origin: | |||
<pre> | |||
git remote add new-origin user@server:path/to/git/repo | |||
</pre> | |||
Now we have two remotes. We'll push everything to the brand new remote, then sever any ties we had with the old remote. | |||
===Push everything to new server=== | |||
To push everything to the remote new-origin: | |||
<pre> | |||
git push --all new-origin | |||
git push --tags new-origin | |||
</pre> | |||
===Update remote origin=== | |||
Now get rid of the old origin and replace it with the new-origin: | |||
<pre> | |||
git remote rm origin | |||
git remote rename new-origin origin | |||
</pre> | |||
===Optional: delete old repo=== | |||
At this point, you can delete the old remote repository on the old server if you so choose. | |||
=References= | =References= | ||
Revision as of 18:21, 21 March 2017
What is it?
Gitea is a self-hosted github-like web service, written in Go.
(insert screenshot here)
Main link: https://try.gitea.io/
Github project: https://github.com/go-gitea/gitea
Installing
To install it, you can use the binary.
I kept the gitea directory organized by putting the binary in its own folder, then separating out the certificates (for https/ssl), data (gitea's sqlite database), repositories (data for git repositories), and log (logging for gitea).
/path/to/www/gitea/ +--------- bin/ +--------- certs/ +--------- data/ +--------- repositories/ +--------- log/
To install it, you just navigate to the binary and run
$ ./gitea web
This runs a setup page on port 3000. Alternatively, you can use the admin command line interface to set things up securely, without exposing the (sensitive) setup page to anyone.
That's about it.
Gitea with HTTPS
You can run gitea over HTTPS. The gitea binary can generate self-signed certificates, or you can use an existing HTTPS certificate.
Using existing HTTPS certificate
I needed to have gitea over HTTPS using an existing certificate. I already had an HTTPS certificate, in the form of a private .key and a public .cert, but it was set up to be restricted to root only, and nginx and Apache are perfectly okay running as www-data and not being able to read the private key file (which is only readable by root). We're fine there.
But when I pointed to these files with soft links,
$ ln -fs /sslkeys/key.pem /www/gitea/cert/key.pem $ ln -fs /sslkeys/cert.pem /www/gitea/cert/key.pem
I was having some problems getting gitea to run. Gitea was raising a permissions error:
$ ./gitea web 2017/03/21 15:21:12 [T] Custom path: /www/gitea/bin/custom 2017/03/21 15:21:12 [T] Log path: /www/gitea/log 2017/03/21 15:21:12 [I] Gitea v1.0.1 2017/03/21 15:21:12 [I] Log Mode: File(Info) 2017/03/21 15:21:12 [I] Cache Service Enabled 2017/03/21 15:21:12 [I] Session Service Enabled 2017/03/21 15:21:12 [I] Git Version: 2.5.0 2017/03/21 15:21:12 [I] SQLite3 Supported 2017/03/21 15:21:12 [I] Run Mode: Production 2017/03/21 15:21:12 [I] Listen: https://0.0.0.0:3000 2017/03/21 15:21:12 [....io/gitea/cmd/web.go:632 runWeb()] [E] Fail to start server: open /www/gitea/certs/key.pem: permission denied
The solution was, the user that runs the Gitea web command also has to be able to read the private key file. Can just make the /sslkeys folder and contents group-readable to a new group ssl-group, and add any users that need access to the keys. Then add a git or gitea user, and run everything as the git user.
Add SSL group:
groupadd ssl-certs
Make a git user to run gitea:
useradd git
Add git user to ssl-certs group:
usermod -G ssl-certs git
Change permissions of SSL certs to be group-readable:
chgrp ssl-certs /sslcerts/{cert,key}.pem
chmod g+r /sslcerts/{cert,key}.pem
Now the keys are group-readable, and git is added to the group who can read SSL keys.
One more hurdle: we have to run gitea as the git user we just created. But we'll cover that below.
Using Self-Signed Cert
Using a self-signed HTTPS certificate is basically the equivalent to saying "Trust me!" at the end of every sentence. Any decent web browser raising an annoying warning or not loading the page at all. To use gitea to do it:
$ ./gitea cert --host mysite.com
This will create a key and certificate in the same directory, with pretty loose permissions.
Users and Permissions
Here's how I organized and arranged my gitea installation:
- set the git user as the user gitea runs as in the gitea config file
- the git user was running the gitea binary
- the git user was part of the ssl-certs group, which could read both public and private SSL keys
- the public and private keys were made group-readable and owned by the ssl-certs group
- to run gitea, I start up Screen and run the command
sudo su gitto get a shell as the user git. I then start up the gitea binary.
Here's what that requires:
Change the RUN_USER variable in the gitea config file, in custom/conf/app.ini:
RUN_USER = git
And then some commands to do user stuff and prepare to run the web server as git user:
# add group
groupadd ssl-certs
# add user
useradd git
# make user home directory for git user
mkdir /home/git
# add user to group
usermod -G ssl-certs git
# make ssl certs ownable
chgrp ssl-certs /sslkeys/{cert,key}.pem
chmod g+r /sslkeys/{cert,key}.pem
Now open up a screen and in the screen execute these commands:
# get a shell as user git sudo su git # run the gitea binary cd /www/gitea/bin ./gitea web
Then detach the screen and voila.
Importing Repositories from Github
If you want to import a repository or move a repository from a different server to your gitea server, here's how you do it.
Summary:
- Get a local copy of the repo onto your server
- Fetch all the tags, commits, remote branches, etc. so you have a local copy
- Add a new remote server, e.g., new-origin
- Push all local branches and tags to the new-origin server
- Remove old origin, rename new-origin to origin
Link: https://www.smashingmagazine.com/2014/05/moving-git-repository-new-server/
Getting local copy of repo locally
Use git checkout with https
Fetch all tags, commits, etc
If origin is the remote server you are migrating FROM:
git fetch origin
This will get all the latest branches and tags info, but won't necessarily grab a copy. To force git to grab a copy, do:
git branch -a
Get any branches prefixed with remote/origin/my-branch and check them out:
For example if you had remote/origin/my-branch-1 and remote/origin/my-branch-2:
git checkout -b my-branch-1 origin/my-branch-1 git checkout -b my-branch-2 origin/my-branch-2
Now verify you have local copies of all branches:
git branch -a
Create new remote
Now create your new remote, call it new-origin:
git remote add new-origin user@server:path/to/git/repo
Now we have two remotes. We'll push everything to the brand new remote, then sever any ties we had with the old remote.
Push everything to new server
To push everything to the remote new-origin:
git push --all new-origin git push --tags new-origin
Update remote origin
Now get rid of the old origin and replace it with the new-origin:
git remote rm origin git remote rename new-origin origin
Optional: delete old repo
At this point, you can delete the old remote repository on the old server if you so choose.
References
Main site: https://github.com/go-gitea/gitea
Config cheat sheet: https://docs.gitea.io/en-us/config-cheat-sheet/
Binary installation: https://docs.gitea.io/en-us/install-from-binary/
Can use Docker