自建git服务-gitea

问题

有些代码想放在服务器上，方便到处都可以访问。免费的github当然是个好选择，但github这两年也挂了好几次了，自建的服务更多时候是作为github的backup，或者不想代码被用作AI写作的素材。

操作

gitea服务docker-compose.yml

version: '3.5'
networks:
  proxy-network:
    external: true
services:
  gitea:
    container_name: gitea
    image: gitea/gitea:${GITEA_VERSION:-1.14.5}
    restart: unless-stopped
    depends_on:
      - gitea-cache
    environment:
      - APP_NAME="Gitea"
      - USER_UID=1000
      - USER_GID=1000
      - USER=git
      - RUN_MODE=prod
      - DOMAIN=git.csdaomin.com
      - SSH_DOMAIN=git.xxx.com
      - HTTP_PORT=3000
      - ROOT_URL=https://git.xxx.com
      - SSH_PORT=222
      - SSH_LISTEN_PORT=22
      - DB_TYPE=sqlite3
      - GITEA__cache__ENABLED=true
      - GITEA__cache__ADAPTER=redis
      - GITEA__cache__HOST=redis://gitea-cache:6379/0?pool_size=100&idle_timeout=180s
      - GITEA__cache__ITEM_TTL=24h
    ports:
      - "222:22"
    networks:
      - proxy-network
    volumes:
      - ./data/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    logging:
      driver: "json-file"
      options:
        max-size: "1m"

  gitea-cache:
    container_name: gitea-cache
    image: redis:6-alpine
    restart: unless-stopped
    networks:
      - proxy-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 15s
      timeout: 3s
      retries: 30
    logging:
      driver: "json-file"
      options:
        max-size: "1m"

docker-compose up 启动服务，可能会看到如下报错

WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.

此时只要按照提示，在/etc/sysctl.conf中添加vm.overcommit_memory=1 即可。修改完后使用sudo sysctl -p 命令，让修改生效。

此时再执行docker-compose up 就不会看到这个警告了

反向代理

gitea官网有反向代理的使用说明： https://docs.gitea.io/en-us/reverse-proxies/。个人对nginx比较熟悉，所以使用nginx，以下为对应的nginx 配置。(当然dns解析先配置上)

server {
    listen 80;
    server_name git.xxx.com;
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name git.xxx.com;
    ssl_certificate /etc/cfcert/xxx.com.pem;
    ssl_certificate_key /etc/cfcert/xxx.com.key;


        #防止爬虫
        if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
        {
        return 403;
        }
    location / {
        proxy_pass http://gitea:3000; 
        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Accept-Encoding gzip;
    }
}

管理后台配置

访问https://git.xxx.com 就可以看到gitea的安装管理界面，设置好用户名密码即可。

SSH访问配置

我们想让本地的客户端可以快速访问gitea ，就要设置本地的ssh key。以下命令，会在 ~/.ssh目录下生成gitea(私钥)和gitea.pub (公钥)文件。

ssh-keygen -f ~/.ssh/gitea -t rsa -C "Gitea" -q -N ""

修改.ssh/config

#sdm account
Host your.github.com
        HostName github.com
        User git
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/csdm_id_rsa
Host your.gitlab.com
        HostName gitlab.com
        User git
        PreferredAuthentications publickey
        IdentityFile ~/.ssh/csdm_id_rsa
Host git.xxx.com
        HostName git.xxx.com
        IdentityFile ~/.ssh/gitea
        User git
        PreferredAuthentications publickey
        Port 222

将生成的公钥在gitea的管理后台添加上，然后就可以通过ssh进行操作了

 git clone ssh://[email protected]:222/csdaomin/test.git

这里有个问题，我的域名解析是挂载cloudflare上的，通过服务器的ip+端口号222可以正常访问，但通过域名就有问题，所以我在本地和hosts文件中加了配置来暂时fix这个问题。