mirror of
https://gitea.com/gitea/docs.git
synced 2026-07-09 06:55:18 +00:00
Add 1.25.0 documentation (#289)
Reviewed-on: https://gitea.com/gitea/docs/pulls/289
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
---
|
||||
date: "2019-12-28"
|
||||
slug: adding-legal-pages
|
||||
sidebar_position: 110
|
||||
aliases:
|
||||
- /en-us/adding-legal-pages
|
||||
---
|
||||
|
||||
# Adding Legal Pages
|
||||
|
||||
Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Policy) to be added to website. Follow these steps to add them to your Gitea instance.
|
||||
|
||||
## Getting Pages
|
||||
|
||||
Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/assets/`. For example, to add Privacy Policy:
|
||||
|
||||
```bash
|
||||
wget -O /path/to/custom/public/assets/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
|
||||
```
|
||||
|
||||
Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.
|
||||
|
||||
You absolutely must not place a general ToS or privacy statement that implies that the Gitea project is responsible for your server.
|
||||
|
||||
## Make it Visible
|
||||
|
||||
Create or append to `/path/to/custom/templates/custom/extra_links_footer.tmpl`:
|
||||
|
||||
```go
|
||||
<a class="item" href="{{AppSubUrl}}/assets/privacy.html">Privacy Policy</a>
|
||||
```
|
||||
|
||||
Restart Gitea to see the changes.
|
||||
351
versioned_docs/version-1.25/administration/authentication.md
Normal file
351
versioned_docs/version-1.25/administration/authentication.md
Normal file
@@ -0,0 +1,351 @@
|
||||
---
|
||||
date: "2016-12-01T16:00:00+02:00"
|
||||
slug: "authentication"
|
||||
sidebar_position: 10
|
||||
aliases:
|
||||
- /en-us/authentication
|
||||
---
|
||||
|
||||
# Authentication
|
||||
|
||||
## LDAP (Lightweight Directory Access Protocol)
|
||||
|
||||
Both the LDAP via BindDN and the simple auth LDAP share the following fields:
|
||||
|
||||
- Authorization Name **(required)**
|
||||
|
||||
- A name to assign to the new method of authorization.
|
||||
|
||||
- Host **(required)**
|
||||
|
||||
- The address where the LDAP server can be reached.
|
||||
- Example: `mydomain.com`
|
||||
|
||||
- Port **(required)**
|
||||
|
||||
- The port to use when connecting to the server.
|
||||
- Example: `389` for LDAP or `636` for LDAP SSL
|
||||
|
||||
- Enable TLS Encryption (optional)
|
||||
|
||||
- Whether to use TLS when connecting to the LDAP server.
|
||||
|
||||
- Admin Filter (optional)
|
||||
|
||||
- An LDAP filter specifying if a user should be given administrator
|
||||
privileges. If a user account passes the filter, the user will be
|
||||
privileged as an administrator.
|
||||
- Example: `(objectClass=adminAccount)`
|
||||
- Example for Microsoft Active Directory (AD): `(memberOf=CN=admin-group,OU=example,DC=example,DC=org)`
|
||||
|
||||
- Username attribute (optional)
|
||||
|
||||
- The attribute of the user's LDAP record containing the user name. Given
|
||||
attribute value will be used for new Gitea account user name after first
|
||||
successful sign-in. Leave empty to use login name given on sign-in form.
|
||||
- This is useful when supplied login name is matched against multiple
|
||||
attributes, but only single specific attribute should be used for Gitea
|
||||
account name, see "User Filter".
|
||||
- Example: `uid`
|
||||
- Example for Microsoft Active Directory (AD): `sAMAccountName`
|
||||
|
||||
- First name attribute (optional)
|
||||
|
||||
- The attribute of the user's LDAP record containing the user's first name.
|
||||
This will be used to populate their account information.
|
||||
- Example: `givenName`
|
||||
|
||||
- Surname attribute (optional)
|
||||
|
||||
- The attribute of the user's LDAP record containing the user's surname.
|
||||
This will be used to populate their account information.
|
||||
- Example: `sn`
|
||||
|
||||
- E-mail attribute **(required)**
|
||||
- The attribute of the user's LDAP record containing the user's email
|
||||
address. This will be used to populate their account information.
|
||||
- Example: `mail`
|
||||
|
||||
### LDAP via BindDN
|
||||
|
||||
Adds the following fields:
|
||||
|
||||
- Bind DN (optional)
|
||||
|
||||
- The DN to bind to the LDAP server with when searching for the user. This
|
||||
may be left blank to perform an anonymous search.
|
||||
- Example: `cn=Search,dc=mydomain,dc=com`
|
||||
|
||||
- Bind Password (optional)
|
||||
|
||||
- The password for the Bind DN specified above, if any. _Note: The password
|
||||
is stored encrypted with the SECRET_KEY on the server. It is still recommended
|
||||
to ensure that the Bind DN has as few privileges as possible._
|
||||
|
||||
- User Search Base **(required)**
|
||||
|
||||
- The LDAP base at which user accounts will be searched for.
|
||||
- Example: `ou=Users,dc=mydomain,dc=com`
|
||||
|
||||
- User Filter **(required)**
|
||||
- An LDAP filter declaring how to find the user record that is attempting to
|
||||
authenticate. The `%[1]s` matching parameter will be substituted with login
|
||||
name given on sign-in form.
|
||||
- Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
|
||||
- Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`
|
||||
- To substitute more than once, `%[1]s` should be used instead, e.g. when
|
||||
matching supplied login name against multiple attributes such as user
|
||||
identifier, email or even phone number.
|
||||
- Example: `(&(objectClass=Person)(|(uid=%[1]s)(mail=%[1]s)(mobile=%[1]s)))`
|
||||
- Enable user synchronization
|
||||
- This option enables a periodic task that synchronizes the Gitea users with
|
||||
the LDAP server. The default period is every 24 hours but that can be
|
||||
changed in the app.ini file. See the _cron.sync_external_users_ section in
|
||||
the [sample
|
||||
app.ini](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini)
|
||||
for detailed comments about that section. The _User Search Base_ and _User
|
||||
Filter_ settings described above will limit which users can use Gitea and
|
||||
which users will be synchronized. When initially run the task will create
|
||||
all LDAP users that match the given settings so take care if working with
|
||||
large Enterprise LDAP directories.
|
||||
|
||||
### LDAP using simple auth
|
||||
|
||||
Adds the following fields:
|
||||
|
||||
- User DN **(required)**
|
||||
|
||||
- A template to use as the user's DN. The `%s` matching parameter will be
|
||||
substituted with login name given on sign-in form.
|
||||
- Example: `cn=%s,ou=Users,dc=mydomain,dc=com`
|
||||
- Example: `uid=%s,ou=Users,dc=mydomain,dc=com`
|
||||
|
||||
- User Search Base (optional)
|
||||
|
||||
- The LDAP base at which user accounts will be searched for.
|
||||
- Example: `ou=Users,dc=mydomain,dc=com`
|
||||
|
||||
- User Filter **(required)**
|
||||
- An LDAP filter declaring when a user should be allowed to log in. The `%[1]s`
|
||||
matching parameter will be substituted with login name given on sign-in
|
||||
form.
|
||||
- Example: `(&(objectClass=posixAccount)(|(cn=%[1]s)(mail=%[1]s)))`
|
||||
- Example: `(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))`
|
||||
|
||||
### Verify group membership in LDAP
|
||||
|
||||
Uses the following fields:
|
||||
|
||||
- Group Search Base DN (optional)
|
||||
|
||||
- The LDAP DN used for groups.
|
||||
- Example: `ou=group,dc=mydomain,dc=com`
|
||||
|
||||
- Group Attribute Containing List Of Users (optional)
|
||||
- The attribute of the group object that lists/contains the group members.
|
||||
- Example: `memberUid` or `member`
|
||||
|
||||
- User Attribute Listed in Group (optional)
|
||||
|
||||
- The user attribute that is used to reference a user in the group object.
|
||||
- Example: `uid` if the group objects contains a `member: bender` and the user object contains a `uid: bender`.
|
||||
- Example: `dn` if the group object contains a `member: uid=bender,ou=users,dc=planetexpress,dc=com`.
|
||||
|
||||
- Verify group membership in LDAP (optional)
|
||||
|
||||
- An LDAP filter declaring how to find valid groups in the above DN.
|
||||
- Example: `(|(cn=gitea_users)(cn=admins))`
|
||||
|
||||
## PAM (Pluggable Authentication Module)
|
||||
|
||||
This procedure enables PAM authentication. Users may still be added to the
|
||||
system manually using the user administration. PAM provides a mechanism to
|
||||
automatically add users to the current database by testing them against PAM
|
||||
authentication. To work with normal Linux passwords, the user running Gitea
|
||||
must also have read access to `/etc/shadow` in order to check the validity of
|
||||
the account when logging in using a public key.
|
||||
|
||||
**Note**: If a user has added SSH public keys into Gitea, the use of these
|
||||
keys _may_ bypass the login check system. Therefore, if you wish to disable a user who
|
||||
authenticates with PAM, you _should_ also manually disable the account in Gitea using the
|
||||
built-in user manager.
|
||||
|
||||
1. Configure and prepare the installation.
|
||||
- It is recommended that you create an administrative user.
|
||||
- Deselecting automatic sign-up may also be desired.
|
||||
1. Once the database has been initialized, log in as the newly created
|
||||
administrative user.
|
||||
1. Navigate to the user setting (icon in top-right corner), and select
|
||||
`Site Administration` -> `Authentication Sources`, and select
|
||||
`Add Authentication Source`.
|
||||
1. Fill out the field as follows:
|
||||
- `Authentication Type` : `PAM`
|
||||
- `Name` : Any value should be valid here, use "System Authentication" if
|
||||
you'd like.
|
||||
- `PAM Service Name` : Select the appropriate file listed under `/etc/pam.d/`
|
||||
that performs the authentication desired.[^1]
|
||||
- `PAM Email Domain` : The e-mail suffix to append to user authentication.
|
||||
For example, if the login system expects a user called `gituser`, and this
|
||||
field is set to `mail.com`, then Gitea will expect the `user email` field
|
||||
for an authenticated GIT instance to be `gituser@mail.com`.[^2]
|
||||
|
||||
**Note**: PAM support is added via [build-time flags](installation/from-source.md#build),
|
||||
and the official binaries provided do not have this enabled. PAM requires that
|
||||
the necessary libpam dynamic library be available and the necessary PAM
|
||||
development headers be accessible to the compiler.
|
||||
|
||||
[^1]: For example, using standard Linux log-in on Debian "Bullseye" use
|
||||
`common-session-noninteractive` - this value may be valid for other flavors of
|
||||
Debian including Ubuntu and Mint, consult your distribution's documentation.
|
||||
[^2]: **This is a required field for PAM**. Be aware: In the above example, the
|
||||
user will log into the Gitea web interface as `gituser` and not `gituser@mail.com`
|
||||
|
||||
## SMTP (Simple Mail Transfer Protocol)
|
||||
|
||||
This option allows Gitea to log in to an SMTP host as a Gitea user. To
|
||||
configure this, set the fields below:
|
||||
|
||||
- Authentication Name **(required)**
|
||||
|
||||
- A name to assign to the new method of authorization.
|
||||
|
||||
- SMTP Authentication Type **(required)**
|
||||
|
||||
- Type of authentication to use to connect to SMTP host, PLAIN or LOGIN.
|
||||
|
||||
- Host **(required)**
|
||||
|
||||
- The address where the SMTP host can be reached.
|
||||
- Example: `smtp.mydomain.com`
|
||||
|
||||
- Port **(required)**
|
||||
|
||||
- The port to use when connecting to the server.
|
||||
- Example: `587`
|
||||
|
||||
- Allowed Domains
|
||||
|
||||
- Restrict what domains can log in if using a public SMTP host or SMTP host
|
||||
with multiple domains.
|
||||
- Example: `gitea.com,mydomain.com,mydomain2.com`
|
||||
|
||||
- Force SMTPS
|
||||
|
||||
- SMTPS will be used by default for connections to port 465, if you wish to use SMTPS
|
||||
for other ports. Set this value.
|
||||
- Otherwise if the server provides the `STARTTLS` extension this will be used.
|
||||
|
||||
- Skip TLS Verify
|
||||
|
||||
- Disable TLS verify on authentication.
|
||||
|
||||
- This Authentication Source is Activated
|
||||
- Enable or disable this authentication source.
|
||||
|
||||
## FreeIPA
|
||||
|
||||
- In order to log in to Gitea using FreeIPA credentials, a bind account needs to
|
||||
be created for Gitea:
|
||||
|
||||
- On the FreeIPA server, create a `gitea.ldif` file, replacing `dc=example,dc=com`
|
||||
with your DN, and provide an appropriately secure password:
|
||||
|
||||
```sh
|
||||
dn: uid=gitea,cn=sysaccounts,cn=etc,dc=example,dc=com
|
||||
changetype: add
|
||||
objectclass: account
|
||||
objectclass: simplesecurityobject
|
||||
uid: gitea
|
||||
userPassword: secure password
|
||||
passwordExpirationTime: 20380119031407Z
|
||||
nsIdleTimeout: 0
|
||||
```
|
||||
|
||||
- Import the LDIF (change localhost to an IPA server if needed). A prompt for
|
||||
Directory Manager password will be presented:
|
||||
|
||||
```sh
|
||||
ldapmodify -h localhost -p 389 -x -D \
|
||||
"cn=Directory Manager" -W -f gitea.ldif
|
||||
```
|
||||
|
||||
- Add an IPA group for gitea_users :
|
||||
|
||||
```sh
|
||||
ipa group-add --desc="Gitea Users" gitea_users
|
||||
```
|
||||
|
||||
- Note: For errors about IPA credentials, run `kinit admin` and provide the
|
||||
domain admin account password.
|
||||
|
||||
- Log in to Gitea as an Administrator and click on "Authentication" under Admin Panel.
|
||||
Then click `Add New Source` and fill in the details, changing all where appropriate.
|
||||
|
||||
## SPNEGO with SSPI (Kerberos/NTLM, for Windows only)
|
||||
|
||||
Gitea supports SPNEGO single sign-on authentication (the scheme defined by RFC4559) for the web part of the server via the Security Support Provider Interface (SSPI) built in Windows. SSPI works only in Windows environments - when both the server and the clients are running Windows.
|
||||
|
||||
Before activating SSPI single sign-on authentication (SSO) you have to prepare your environment:
|
||||
|
||||
- Create a separate user account in active directory, under which the `gitea.exe` process will be running (eg. `user` under domain `domain.local`):
|
||||
|
||||
- Create a service principal name for the host where `gitea.exe` is running with class `HTTP`:
|
||||
|
||||
- Start `Command Prompt` or `PowerShell` as a privileged domain user (eg. Domain Administrator)
|
||||
- Run the command below, replacing `host.domain.local` with the fully qualified domain name (FQDN) of the server where the web application will be running, and `domain\user` with the name of the account created in the previous step:
|
||||
|
||||
```sh
|
||||
setspn -A HTTP/host.domain.local domain\user
|
||||
```
|
||||
|
||||
- Sign in (_sign out if you were already signed in_) with the user created
|
||||
|
||||
- Make sure that `ROOT_URL` in the `[server]` section of `custom/conf/app.ini` is the fully qualified domain name of the server where the web application will be running - the same you used when creating the service principal name (eg. `host.domain.local`)
|
||||
|
||||
- Start the web server (`gitea.exe web`)
|
||||
|
||||
- Enable SSPI authentication by adding an `SPNEGO with SSPI` authentication source in `Site Administration -> Authentication Sources`
|
||||
|
||||
- Sign in to a client computer in the same domain with any domain user (client computer, different from the server running `gitea.exe`)
|
||||
|
||||
- If you are using Chrome or Edge, add the URL of the web app to the Local intranet sites (`Internet Options -> Security -> Local intranet -> Sites`)
|
||||
|
||||
- Start Chrome or Edge and navigate to the FQDN URL of Gitea (eg. `http://host.domain.local:3000`)
|
||||
|
||||
- Click the `Sign In` button on the dashboard and choose SSPI to be automatically logged in with the same user that is currently logged on to the computer
|
||||
|
||||
- If it does not work, make sure that:
|
||||
- You are not running the web browser on the same server where Gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are running on the same computer NTLM will be preferred over Kerberos.
|
||||
- There is only one `HTTP/...` SPN for the host
|
||||
- The SPN contains only the hostname, without the port
|
||||
- You have added the URL of the web app to the `Local intranet zone`
|
||||
- The clocks of the server and client should not differ with more than 5 minutes (depends on group policy)
|
||||
- `Integrated Windows Authentication` should be enabled in Internet Explorer (under `Advanced settings`)
|
||||
|
||||
## Reverse Proxy
|
||||
|
||||
Gitea supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with
|
||||
|
||||
```ini
|
||||
[service]
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
||||
```
|
||||
|
||||
The default login user name is in the `X-WEBAUTH-USER` header, you can change it via changing `REVERSE_PROXY_AUTHENTICATION_USER` in app.ini. If the user doesn't exist, you can enable automatic registration with `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION=true`.
|
||||
|
||||
The default login user email is `X-WEBAUTH-EMAIL`, you can change it via changing `REVERSE_PROXY_AUTHENTICATION_EMAIL` in app.ini, this could also be disabled with `ENABLE_REVERSE_PROXY_EMAIL`
|
||||
|
||||
If set `ENABLE_REVERSE_PROXY_FULL_NAME=true`, a user full name expected in `X-WEBAUTH-FULLNAME` will be assigned to the user when auto creating the user. You can also change the header name with `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`.
|
||||
|
||||
You can also limit the reverse proxy's IP address range with `REVERSE_PROXY_TRUSTED_PROXIES` which default value is `127.0.0.0/8,::1/128`. By `REVERSE_PROXY_LIMIT`, you can limit trusted proxies level.
|
||||
|
||||
You can enable the this authentication method for the API with
|
||||
|
||||
```ini
|
||||
[service]
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION_API = true
|
||||
```
|
||||
|
||||
:::note
|
||||
When this method is enabled for the API, the reverse proxy is responsible for handling CSRF protection.
|
||||
:::
|
||||
176
versioned_docs/version-1.25/administration/backup-and-restore.md
Normal file
176
versioned_docs/version-1.25/administration/backup-and-restore.md
Normal file
@@ -0,0 +1,176 @@
|
||||
---
|
||||
date: "2017-01-01T16:00:00+02:00"
|
||||
slug: "backup-and-restore"
|
||||
sidebar_position: 11
|
||||
aliases:
|
||||
- /en-us/backup-and-restore
|
||||
---
|
||||
|
||||
# Backup and Restore
|
||||
|
||||
Gitea currently has a `dump` command that will save the installation to a ZIP file. This
|
||||
file can be unpacked and used to restore an instance.
|
||||
|
||||
## Backup Consistency
|
||||
|
||||
To ensure the consistency of the Gitea instance, it must be shutdown during backup.
|
||||
|
||||
Gitea consists of a database, files and git repositories, all of which change when it is used. For instance, when a migration is in progress, a transaction is created in the database while the git repository is being copied over. If the backup happens in the middle of the migration, the git repository may be incomplete although the database claims otherwise because it was dumped afterwards. The only way to avoid such race conditions is by stopping the Gitea instance during the backups.
|
||||
|
||||
## Backup Command (`dump`)
|
||||
|
||||
Switch to the user running Gitea: `su git`. Run `./gitea dump -c /path/to/app.ini` in the Gitea installation
|
||||
directory. There should be some output similar to the following:
|
||||
|
||||
```log
|
||||
2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001
|
||||
2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories
|
||||
2016/12/27 22:32:22 Dumping database...
|
||||
2016/12/27 22:32:22 Packing dump files...
|
||||
2016/12/27 22:32:34 Removing tmp work dir: /tmp/gitea-dump-417443001
|
||||
2016/12/27 22:32:34 Finish dumping in file gitea-dump-1482906742.zip
|
||||
```
|
||||
|
||||
Inside the `gitea-dump-1482906742.zip` file, will be the following:
|
||||
|
||||
- `app.ini` - Optional copy of configuration file if originally stored outside the default `custom/` directory
|
||||
- `custom/` - All config or customization files in `custom/`.
|
||||
- `data/` - Data directory (APP_DATA_PATH), except sessions if you are using file session. This directory includes `attachments`, `avatars`, `lfs`, `indexers`, SQLite file if you are using SQLite.
|
||||
- `repos/` - Complete copy of the repository directory.
|
||||
- `gitea-db.sql` - SQL dump of database
|
||||
- `log/` - Various logs. They are not needed for a recovery or migration.
|
||||
|
||||
Intermediate backup files are created in a temporary directory specified either with the
|
||||
`--tempdir` command-line parameter or the `TMPDIR` environment variable.
|
||||
|
||||
## Backup the database
|
||||
|
||||
The SQL dump created by `gitea dump` uses XORM and Gitea admins may prefer to use the native the MySQL and PostgreSQL dump tools instead. There are still open issues when using XORM for dumping the database that may cause problems when attempting to restore it.
|
||||
|
||||
```sh
|
||||
# mysql
|
||||
mysqldump -u$USER -p$PASS --database $DATABASE > gitea-db.sql
|
||||
# postgres
|
||||
pg_dump -U $USER $DATABASE > gitea-db.sql
|
||||
```
|
||||
|
||||
### Using Docker (`dump`)
|
||||
|
||||
There are a few caveats for using the `dump` command with Docker.
|
||||
|
||||
The command has to be executed with the `RUN_USER = <OS_USERNAME>` specified in `gitea/conf/app.ini`; and, for the zipping of the backup folder to occur without permission error the command `docker exec` must be executed inside of the `--tempdir`.
|
||||
|
||||
Example:
|
||||
|
||||
```bash
|
||||
docker exec -u <OS_USERNAME> -it -w <--tempdir> $(docker ps -qf 'name=^<NAME_OF_DOCKER_CONTAINER>$') bash -c '/usr/local/bin/gitea dump -c </path/to/app.ini>'
|
||||
```
|
||||
|
||||
\*Note: `--tempdir` refers to the temporary directory of the docker environment used by Gitea; if you have not specified a custom `--tempdir`, then Gitea uses `/tmp` or the `TMPDIR` environment variable of the docker container. For `--tempdir` adjust your `docker exec` command options accordingly.
|
||||
|
||||
The result should be a file, stored in the `--tempdir` specified, along the lines of: `gitea-dump-1482906742.zip`
|
||||
|
||||
## Restore Command (`restore`)
|
||||
|
||||
There is currently no support for a recovery command. It is a manual process that mostly
|
||||
involves moving files to their correct locations and restoring a database dump.
|
||||
|
||||
Example:
|
||||
|
||||
```sh
|
||||
unzip gitea-dump-1610949662.zip
|
||||
cd gitea-dump-1610949662
|
||||
mv app.ini /etc/gitea/conf/app.ini
|
||||
mv data/* /var/lib/gitea/data/
|
||||
mv log/* /var/lib/gitea/log/
|
||||
mv repos/* /var/lib/gitea/data/gitea-repositories/
|
||||
chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea
|
||||
|
||||
# mysql
|
||||
mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE <gitea-db.sql
|
||||
# sqlite3
|
||||
sqlite3 $DATABASE_PATH <gitea-db.sql
|
||||
# postgres
|
||||
psql -U $USER -d $DATABASE < gitea-db.sql
|
||||
|
||||
service gitea restart
|
||||
```
|
||||
|
||||
Repository Git Hooks should be regenerated if installation method is changed (eg. binary -> Docker), or if Gitea is installed to a different directory than the previous installation.
|
||||
|
||||
With Gitea running, and from the directory Gitea's binary is located, execute: `./gitea admin regenerate hooks`
|
||||
|
||||
This ensures that application and configuration file paths in repository Git Hooks are consistent and applicable to the current installation. If these paths are not updated, repository `push` actions will fail.
|
||||
|
||||
If you still have issues, consider running `./gitea doctor check` to inspect possible errors (or run with `--fix`).
|
||||
|
||||
### Using Docker (`restore`)
|
||||
|
||||
There is also no support for a recovery command in a Docker-based gitea instance. The restore process contains the same steps as described in the previous section but with different paths.
|
||||
|
||||
Example:
|
||||
|
||||
```sh
|
||||
# open bash session in container
|
||||
docker exec --user git -it 2a83b293548e bash
|
||||
# unzip your backup file within the container
|
||||
unzip gitea-dump-1610949662.zip
|
||||
cd gitea-dump-1610949662
|
||||
# restore the gitea data
|
||||
mv data/* /data/gitea
|
||||
# restore the repositories itself
|
||||
mv repos/* /data/git/gitea-repositories/
|
||||
# adjust file permissions
|
||||
chown -R git:git /data
|
||||
# Regenerate Git Hooks
|
||||
/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
|
||||
```
|
||||
|
||||
The default user in the gitea container is `git` (1000:1000). Please replace `2a83b293548e` with your gitea container id or name.
|
||||
|
||||
### Using Docker-rootless (`restore`)
|
||||
|
||||
The restore workflow in Docker-rootless containers differs only in the directories to be used:
|
||||
|
||||
```sh
|
||||
# open bash session in container
|
||||
docker exec --user git -it 2a83b293548e bash
|
||||
# unzip your backup file within the container
|
||||
unzip gitea-dump-1610949662.zip
|
||||
cd gitea-dump-1610949662
|
||||
# restore the app.ini
|
||||
mv data/conf/app.ini /etc/gitea/app.ini
|
||||
# restore the gitea data
|
||||
mv data/* /var/lib/gitea
|
||||
# restore the repositories itself
|
||||
mv repos/* /var/lib/gitea/git/gitea-repositories
|
||||
# adjust file permissions
|
||||
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
|
||||
# Regenerate Git Hooks
|
||||
/usr/local/bin/gitea -c '/etc/gitea/app.ini' admin regenerate hooks
|
||||
```
|
||||
|
||||
### Using `gitea dump` to convert database types
|
||||
|
||||
The `gitea dump` command can produce a SQL file that can be read by another database type, which is useful to convert the database to another in case you did not choose the correct one during the first installation.
|
||||
|
||||
Note that this conversion process is not well-tested, which is why it is recommended to choose the final database type during the first installation without attempting to change it afterwards.
|
||||
|
||||
Stop the Gitea server, then make sure you have a full backup of your original database.
|
||||
|
||||
Before attempting the conversion, ensure that the original database is clean. Run `gitea doctor check --all --fix` and `gitea doctor recreate-table` to address common issues.
|
||||
|
||||
Use the `--database` flag to get a Gitea dump with the SQL file in the target format, in this example PostgreSQL: `gitea dump --database postgres`, then extract the file `gitea-db.sql` from the generated ZIP file.
|
||||
|
||||
Create the PostgreSQL Gitea user and Gitea database. Then, import the SQL file as the Gitea user into the Gitea database, using commands such as:
|
||||
|
||||
```sh
|
||||
sudo -u postgres psql -d gitea
|
||||
gitea=# SET synchronous_commit TO off
|
||||
gitea=# SET on_error_stop TO on
|
||||
gitea=# \i gitea-db.sql
|
||||
```
|
||||
|
||||
Disabling `synchronous_commit` makes PostgreSQL less resilient to crashes, but makes the import a lot faster. Since we already have a backup of the original database and we can check that the import completes successfully, it should be a good trade-off.
|
||||
|
||||
After the import is completed, set up Gitea to use PostgreSQL and start the Gitea server again. Good luck!
|
||||
112
versioned_docs/version-1.25/administration/cmd-embedded.md
Normal file
112
versioned_docs/version-1.25/administration/cmd-embedded.md
Normal file
@@ -0,0 +1,112 @@
|
||||
---
|
||||
date: "2020-01-25T21:00:00-03:00"
|
||||
slug: "cmd-embedded"
|
||||
sidebar_position: 20
|
||||
aliases:
|
||||
- /en-us/cmd-embedded
|
||||
---
|
||||
|
||||
# Embedded data extraction tool
|
||||
|
||||
Gitea's executable contains all the resources required to run: templates, images, style-sheets
|
||||
and translations. Any of them can be overridden by placing a replacement in a matching path
|
||||
inside the `custom` directory (see [Customizing Gitea](../administration/customizing-gitea.md)).
|
||||
|
||||
To obtain a copy of the embedded resources ready for editing, the `embedded` command from the CLI
|
||||
can be used from the OS shell interface.
|
||||
|
||||
:::note
|
||||
The embedded data extraction tool is included in Gitea versions 1.12 and above.
|
||||
:::
|
||||
|
||||
## Listing resources
|
||||
|
||||
To list resources embedded in Gitea's executable, use the following syntax:
|
||||
|
||||
```sh
|
||||
gitea embedded list [--include-vendored] [patterns...]
|
||||
```
|
||||
|
||||
The `--include-vendored` flag makes the command include vendored files, which are
|
||||
normally excluded; that is, files from external libraries that are required for Gitea
|
||||
(e.g. [octicons](https://octicons.github.com/), etc).
|
||||
|
||||
A list of file search patterns can be provided. Gitea uses [gobwas/glob](https://github.com/gobwas/glob)
|
||||
for its glob syntax. Here are some examples:
|
||||
|
||||
- List all template files, in any virtual directory: `**.tmpl`
|
||||
- List all mail template files: `templates/mail/**.tmpl`
|
||||
- List all files inside `public/assets/img`: `public/assets/img/**`
|
||||
|
||||
Don't forget to use quotes for the patterns, as spaces, `*` and other characters might have
|
||||
a special meaning for your command shell.
|
||||
|
||||
If no pattern is provided, all files are listed.
|
||||
|
||||
### Example: Listing all embedded files
|
||||
|
||||
Listing all embedded files with `openid` in their path:
|
||||
|
||||
```sh
|
||||
$ gitea embedded list '**openid**'
|
||||
public/assets/img/auth/openid_connect.svg
|
||||
public/assets/img/openid-16x16.png
|
||||
templates/user/auth/finalize_openid.tmpl
|
||||
templates/user/auth/signin_openid.tmpl
|
||||
templates/user/auth/signup_openid_connect.tmpl
|
||||
templates/user/auth/signup_openid_navbar.tmpl
|
||||
templates/user/auth/signup_openid_register.tmpl
|
||||
templates/user/settings/security_openid.tmpl
|
||||
```
|
||||
|
||||
## Extracting resources
|
||||
|
||||
To extract resources embedded in Gitea's executable, use the following syntax:
|
||||
|
||||
```sh
|
||||
gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overwrite|--rename] [--include-vendored] {patterns...}
|
||||
```
|
||||
|
||||
The `--config` option tells Gitea the location of the `app.ini` configuration file if
|
||||
it's not in its default location. This option is only used with the `--custom` flag.
|
||||
|
||||
The `--destination` option tells Gitea the directory where the files must be extracted to.
|
||||
The default is the current directory.
|
||||
|
||||
The `--custom` flag tells Gitea to extract the files directly into the `custom` directory.
|
||||
For this to work, the command needs to know the location of the `app.ini` configuration
|
||||
file (`--config`) and, depending of the configuration, be ran from the directory where
|
||||
Gitea normally starts. See [Customizing Gitea](../administration/customizing-gitea.md) for details.
|
||||
|
||||
The `--overwrite` flag allows any existing files in the destination directory to be overwritten.
|
||||
|
||||
The `--rename` flag tells Gitea to rename any existing files in the destination directory
|
||||
as `filename.bak`. Previous `.bak` files are overwritten.
|
||||
|
||||
At least one file search pattern must be provided; see `list` subcomand above for pattern
|
||||
syntax and examples.
|
||||
|
||||
### Important notice
|
||||
|
||||
Make sure to **only extract those files that require customization**. Files that
|
||||
are present in the `custom` directory are not upgraded by Gitea's upgrade process.
|
||||
When Gitea is upgraded to a new version (by replacing the executable), many of the
|
||||
embedded files will suffer changes. Gitea will honor and use any files found
|
||||
in the `custom` directory, even if they are old and incompatible.
|
||||
|
||||
### Example: Extracting mail templates
|
||||
|
||||
Extracting mail templates to a temporary directory:
|
||||
|
||||
```sh
|
||||
$ mkdir tempdir
|
||||
$ gitea embedded extract --destination tempdir 'templates/mail/**.tmpl'
|
||||
Extracting to tempdir:
|
||||
tempdir/templates/mail/auth/activate.tmpl
|
||||
tempdir/templates/mail/auth/activate_email.tmpl
|
||||
tempdir/templates/mail/auth/register_notify.tmpl
|
||||
tempdir/templates/mail/auth/reset_passwd.tmpl
|
||||
tempdir/templates/mail/issue/assigned.tmpl
|
||||
tempdir/templates/mail/issue/default.tmpl
|
||||
tempdir/templates/mail/notify/collaborator.tmpl
|
||||
```
|
||||
564
versioned_docs/version-1.25/administration/command-line.md
Normal file
564
versioned_docs/version-1.25/administration/command-line.md
Normal file
@@ -0,0 +1,564 @@
|
||||
---
|
||||
date: "2017-01-01T16:00:00+02:00"
|
||||
slug: "command-line"
|
||||
sidebar_position: 1
|
||||
aliases:
|
||||
- /en-us/command-line
|
||||
---
|
||||
|
||||
# Gitea Command Line
|
||||
|
||||
## Usage
|
||||
|
||||
`gitea [global options] command [command or global options] [arguments...]`
|
||||
|
||||
## Global options
|
||||
|
||||
All global options can be placed at the command level.
|
||||
|
||||
- `--help`, `-h`: Show help text and exit. Optional.
|
||||
- `--version`, `-v`: Show version and exit. Optional. (example: `Gitea version 1.1.0+218-g7b907ed built with: bindata, sqlite`).
|
||||
- `--work-path path`, `-w path`: Gitea's work path. Optional. (default: the binary's path or `$GITEA_WORK_DIR`)
|
||||
- `--custom-path path`, `-C path`: Gitea's custom folder path. Optional. (default: `WorkPath`/custom or `$GITEA_CUSTOM`).
|
||||
- `--config path`, `-c path`: Gitea configuration file path. Optional. (default: `CustomPath`/conf/app.ini).
|
||||
|
||||
NB: The defaults custom-path, config and work-path can also be
|
||||
changed at build time (if preferred).
|
||||
|
||||
## Commands
|
||||
|
||||
### web
|
||||
|
||||
Starts the server:
|
||||
|
||||
- Options:
|
||||
- `--port number`, `-p number`: Port number. Optional. (default: 3000). Overrides configuration file.
|
||||
- `--install-port number`: Port number to run the install page on. Optional. (default: 3000). Overrides configuration file.
|
||||
- `--pid path`, `-P path`: Pidfile path. Optional.
|
||||
- `--quiet`, `-q`: Only emit Fatal logs on the console for logs emitted before logging set up.
|
||||
- `--verbose`: Emit tracing logs on the console for logs emitted before logging is set-up.
|
||||
- Examples:
|
||||
- `gitea web`
|
||||
- `gitea web --port 80`
|
||||
- `gitea web --config /etc/gitea.ini --pid /some/custom/gitea.pid`
|
||||
- Notes:
|
||||
- Gitea should not be run as root. To bind to a port below 1024, you can use setcap on
|
||||
Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be
|
||||
redone every time you update Gitea.
|
||||
|
||||
### admin
|
||||
|
||||
Admin operations:
|
||||
|
||||
- Commands:
|
||||
- `user`:
|
||||
- `list`:
|
||||
- Options:
|
||||
- `--admin`: List only admin users. Optional.
|
||||
- Description: lists all users that exist
|
||||
- Examples:
|
||||
- `gitea admin user list`
|
||||
- `delete`:
|
||||
- Options:
|
||||
- `--email`: Email of the user to be deleted.
|
||||
- `--username`: Username of user to be deleted.
|
||||
- `--id`: ID of user to be deleted.
|
||||
- One of `--id`, `--username` or `--email` is required. If more than one is provided then all have to match.
|
||||
- Examples:
|
||||
- `gitea admin user delete --id 1`
|
||||
- `create`:
|
||||
- Options:
|
||||
- `--name value`: Username. Required. As of Gitea 1.9.0, use the `--username` flag instead.
|
||||
- `--username value`: Username. Required. New in Gitea 1.9.0.
|
||||
- `--password value`: Password. Required.
|
||||
- `--email value`: Email. Required.
|
||||
- `--admin`: If provided, this makes the user an admin. Optional.
|
||||
- `--access-token`: If provided, an access token will be created for the user. Optional. (default: false).
|
||||
- `--must-change-password`: The created user will be required to set a new password after the initial login, default: true. It could be disabled by `--must-change-password=false`.
|
||||
- `--random-password`: If provided, a randomly generated password will be used as the password of the created
|
||||
user. The value of `--password` will be discarded. Optional.
|
||||
- `--random-password-length`: If provided, it will be used to configure the length of the randomly generated
|
||||
password. Optional. (default: 12)
|
||||
- Examples:
|
||||
- `gitea admin user create --username myname --password asecurepassword --email me@example.com`
|
||||
- `change-password`:
|
||||
- Options:
|
||||
- `--username value`, `-u value`: Username. Required.
|
||||
- `--password value`, `-p value`: New password. Required.
|
||||
- `--must-change-password`: The user is required to set a new password after the login, default: true. It could be disabled by `--must-change-password=false`.
|
||||
- Examples:
|
||||
- `gitea admin user change-password --username myname --password asecurepassword`
|
||||
- `must-change-password`:
|
||||
- Args:
|
||||
- `[username...]`: Users that must change their passwords
|
||||
- Options:
|
||||
- `--all`, `-A`: Force a password change for all users
|
||||
- `--exclude username`, `-e username`: Exclude the given user. Can be set multiple times.
|
||||
- `--unset`: Revoke forced password change for the given users
|
||||
- `generate-access-token`:
|
||||
- Options:
|
||||
- `--username value`, `-u value`: Username. Required.
|
||||
- `--token-name value`, `-t value`: Token name. Required.
|
||||
- `--scopes value`: Comma-separated list of scopes. Scopes follow the format `[read|write]:<block>` or `all` where `<block>` is one of the available visual groups you can see when opening the API page showing the available routes (for example `repo`).
|
||||
- Examples:
|
||||
- `gitea admin user generate-access-token --username myname --token-name mytoken`
|
||||
- `gitea admin user generate-access-token --help`
|
||||
- `regenerate`
|
||||
- Options:
|
||||
- `hooks`: Regenerate Git Hooks for all repositories
|
||||
- `keys`: Regenerate authorized_keys file
|
||||
- Examples:
|
||||
- `gitea admin regenerate hooks`
|
||||
- `gitea admin regenerate keys`
|
||||
- `auth`:
|
||||
- `list`:
|
||||
- Description: lists all external authentication sources that exist
|
||||
- Examples:
|
||||
- `gitea admin auth list`
|
||||
- `delete`:
|
||||
- Options:
|
||||
- `--id`: ID of source to be deleted. Required.
|
||||
- Examples:
|
||||
- `gitea admin auth delete --id 1`
|
||||
- `add-oauth`:
|
||||
- Options:
|
||||
- `--name`: Application Name.
|
||||
- `--provider`: OAuth2 Provider.
|
||||
- `--key`: Client ID (Key).
|
||||
- `--secret`: Client Secret.
|
||||
- `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
|
||||
- `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
|
||||
- `--custom-tenant-id`: Use custom Tenant ID for OAuth endpoints.
|
||||
- `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
|
||||
- `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
|
||||
- `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
|
||||
- `--custom-email-url`: Use a custom Email URL (option for GitHub).
|
||||
- `--icon-url`: Custom icon URL for OAuth2 login source.
|
||||
- `--skip-local-2fa`: Allow source to override local 2FA. (Optional)
|
||||
- `--scopes`: Additional scopes to request for this OAuth2 source. (Optional)
|
||||
- `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional)
|
||||
- `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional)
|
||||
- `--group-claim-name`: Claim name providing group names for this source. (Optional)
|
||||
- `--admin-group`: Group Claim value for administrator users. (Optional)
|
||||
- `--restricted-group`: Group Claim value for restricted users. (Optional)
|
||||
- `--group-team-map`: JSON mapping between groups and org teams. (Optional)
|
||||
- `--group-team-map-removal`: Activate automatic team membership removal depending on groups. (Optional)
|
||||
- Examples:
|
||||
- `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
|
||||
- `update-oauth`:
|
||||
- Options:
|
||||
- `--id`: ID of source to be updated. Required.
|
||||
- `--name`: Application Name.
|
||||
- `--provider`: OAuth2 Provider.
|
||||
- `--key`: Client ID (Key).
|
||||
- `--secret`: Client Secret.
|
||||
- `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
|
||||
- `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
|
||||
- `--custom-tenant-id`: Use custom Tenant ID for OAuth endpoints.
|
||||
- `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
|
||||
- `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
|
||||
- `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
|
||||
- `--custom-email-url`: Use a custom Email URL (option for GitHub).
|
||||
- `--icon-url`: Custom icon URL for OAuth2 login source.
|
||||
- `--skip-local-2fa`: Allow source to override local 2FA. (Optional)
|
||||
- `--scopes`: Additional scopes to request for this OAuth2 source.
|
||||
- `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional)
|
||||
- `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional)
|
||||
- `--group-claim-name`: Claim name providing group names for this source. (Optional)
|
||||
- `--admin-group`: Group Claim value for administrator users. (Optional)
|
||||
- `--restricted-group`: Group Claim value for restricted users. (Optional)
|
||||
- Examples:
|
||||
- `gitea admin auth update-oauth --id 1 --name external-github-updated`
|
||||
- `add-smtp`:
|
||||
- Options:
|
||||
- `--name`: Application Name. Required.
|
||||
- `--auth-type`: SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5). Default to PLAIN.
|
||||
- `--host`: SMTP host. Required.
|
||||
- `--port`: SMTP port. Required.
|
||||
- `--force-smtps`: SMTPS is always used on port 465. Set this to force SMTPS on other ports.
|
||||
- `--skip-verify`: Skip TLS verify.
|
||||
- `--helo-hostname`: Hostname sent with HELO. Leave blank to send current hostname.
|
||||
- `--disable-helo`: Disable SMTP helo.
|
||||
- `--allowed-domains`: Leave empty to allow all domains. Separate multiple domains with a comma (',').
|
||||
- `--skip-local-2fa`: Skip 2FA to log on.
|
||||
- `--active`: This Authentication Source is Activated.
|
||||
Remarks:
|
||||
`--force-smtps`, `--skip-verify`, `--disable-helo`, `--skip-loca-2fs` and `--active` options can be used in form:
|
||||
- `--option`, `--option=true` to enable
|
||||
- `--option=false` to disable
|
||||
If those options are not specified value would not be changed in `update-smtp` or would use default `false` value in `add-smtp`
|
||||
- Examples:
|
||||
- `gitea admin auth add-smtp --name ldap --host smtp.mydomain.org --port 587 --skip-verify --active`
|
||||
- `update-smtp`:
|
||||
- Options:
|
||||
- `--id`: ID of source to be updated. Required.
|
||||
- other options are shared with `add-smtp`
|
||||
- Examples:
|
||||
- `gitea admin auth update-smtp --id 1 --host smtp.mydomain.org --port 587 --skip-verify=false`
|
||||
- `gitea admin auth update-smtp --id 1 --active=false`
|
||||
- `add-ldap`: Add new LDAP (via Bind DN) authentication source
|
||||
- Options:
|
||||
- `--name value`: Authentication name. Required.
|
||||
- `--not-active`: Deactivate the authentication source.
|
||||
- `--security-protocol value`: Security protocol name. Required.
|
||||
- `--skip-tls-verify`: Disable TLS verification.
|
||||
- `--host value`: The address where the LDAP server can be reached. Required.
|
||||
- `--port value`: The port to use when connecting to the LDAP server. Required.
|
||||
- `--user-search-base value`: The LDAP base at which user accounts will be searched for. Required.
|
||||
- `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
|
||||
- `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
|
||||
- `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
|
||||
- `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
|
||||
- `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
|
||||
- `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
|
||||
- `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
|
||||
- `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
|
||||
- `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar.
|
||||
- `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
|
||||
- `--bind-password value`: The password for the Bind DN, if any.
|
||||
- `--attributes-in-bind`: Fetch attributes in bind DN context.
|
||||
- `--synchronize-users`: Enable user synchronization.
|
||||
- `--page-size value`: Search page size.
|
||||
- Examples:
|
||||
- `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail`
|
||||
- `update-ldap`: Update existing LDAP (via Bind DN) authentication source
|
||||
- Options:
|
||||
- `--id value`: ID of authentication source. Required.
|
||||
- `--name value`: Authentication name.
|
||||
- `--not-active`: Deactivate the authentication source.
|
||||
- `--security-protocol value`: Security protocol name.
|
||||
- `--skip-tls-verify`: Disable TLS verification.
|
||||
- `--host value`: The address where the LDAP server can be reached.
|
||||
- `--port value`: The port to use when connecting to the LDAP server.
|
||||
- `--user-search-base value`: The LDAP base at which user accounts will be searched for.
|
||||
- `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
|
||||
- `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
|
||||
- `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
|
||||
- `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
|
||||
- `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
|
||||
- `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
|
||||
- `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
|
||||
- `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
|
||||
- `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar.
|
||||
- `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
|
||||
- `--bind-password value`: The password for the Bind DN, if any.
|
||||
- `--attributes-in-bind`: Fetch attributes in bind DN context.
|
||||
- `--synchronize-users`: Enable user synchronization.
|
||||
- `--page-size value`: Search page size.
|
||||
- Examples:
|
||||
- `gitea admin auth update-ldap --id 1 --name "my ldap auth source"`
|
||||
- `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
|
||||
- `add-ldap-simple`: Add new LDAP (simple auth) authentication source
|
||||
- Options:
|
||||
- `--name value`: Authentication name. Required.
|
||||
- `--not-active`: Deactivate the authentication source.
|
||||
- `--security-protocol value`: Security protocol name. Required.
|
||||
- `--skip-tls-verify`: Disable TLS verification.
|
||||
- `--host value`: The address where the LDAP server can be reached. Required.
|
||||
- `--port value`: The port to use when connecting to the LDAP server. Required.
|
||||
- `--user-search-base value`: The LDAP base at which user accounts will be searched for.
|
||||
- `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
|
||||
- `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
|
||||
- `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
|
||||
- `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
|
||||
- `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
|
||||
- `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
|
||||
- `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
|
||||
- `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
|
||||
- `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar.
|
||||
- `--user-dn value`: The user’s DN. Required.
|
||||
- Examples:
|
||||
- `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail`
|
||||
- `update-ldap-simple`: Update existing LDAP (simple auth) authentication source
|
||||
- Options:
|
||||
- `--id value`: ID of authentication source. Required.
|
||||
- `--name value`: Authentication name.
|
||||
- `--not-active`: Deactivate the authentication source.
|
||||
- `--security-protocol value`: Security protocol name.
|
||||
- `--skip-tls-verify`: Disable TLS verification.
|
||||
- `--host value`: The address where the LDAP server can be reached.
|
||||
- `--port value`: The port to use when connecting to the LDAP server.
|
||||
- `--user-search-base value`: The LDAP base at which user accounts will be searched for.
|
||||
- `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
|
||||
- `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
|
||||
- `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status.
|
||||
- `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
|
||||
- `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
|
||||
- `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
|
||||
- `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
|
||||
- `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
|
||||
- `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar.
|
||||
- `--user-dn value`: The user’s DN.
|
||||
- Examples:
|
||||
- `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"`
|
||||
- `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
|
||||
|
||||
### cert
|
||||
|
||||
Generates a self-signed SSL certificate. Outputs to `cert.pem` and `key.pem` in the current
|
||||
directory and will overwrite any existing files.
|
||||
|
||||
- Options:
|
||||
- `--host value`: Comma separated hostnames and ips which this certificate is valid for.
|
||||
Wildcards are supported. Required.
|
||||
- `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options
|
||||
are P224, P256, P384, P521.
|
||||
- `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is
|
||||
set. (default: 3072).
|
||||
- `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`).
|
||||
- `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s)
|
||||
- `--ca`: If provided, this cert generates it's own certificate authority. Optional.
|
||||
- Examples:
|
||||
- `gitea cert --host git.example.com,example.com,www.example.com --ca`
|
||||
|
||||
### dump
|
||||
|
||||
Dumps all files and databases into a zip file. Outputs into a file like `gitea-dump-1482906742.zip`
|
||||
in the current directory.
|
||||
|
||||
- Options:
|
||||
- `--file name`, `-f name`: Name of the dump file with will be created. Optional. (default: gitea-dump-[timestamp].zip).
|
||||
- `--tempdir path`, `-t path`: Path to the temporary directory used. Optional. (default: /tmp).
|
||||
- `--skip-repository`, `-R`: Skip the repository dumping. Optional.
|
||||
- `--skip-custom-dir`: Skip dumping of the custom dir. Optional.
|
||||
- `--skip-lfs-data`: Skip dumping of LFS data. Optional.
|
||||
- `--skip-attachment-data`: Skip dumping of attachment data. Optional.
|
||||
- `--skip-package-data`: Skip dumping of package data. Optional.
|
||||
- `--skip-log`: Skip dumping of log data. Optional.
|
||||
- `--skip-index`: Skip dumping of Bleve indexer data. Optional. Applies only for bleve.
|
||||
- `--database`, `-d`: Specify the database SQL syntax. Optional (supported arguments: sqlite3, mysql, mssql, postgres).
|
||||
- `--verbose`, `-V`: If provided, shows additional details. Optional.
|
||||
- `--type`: Set the dump output format. Optional. (formats: zip, tar, tar.sz, tar.gz, tar.xz, tar.bz2, tar.br, tar.lz4, tar.zst default: zip).
|
||||
- Examples:
|
||||
- `gitea dump`
|
||||
- `gitea dump --verbose`
|
||||
|
||||
### generate
|
||||
|
||||
Generates random values and tokens for usage in configuration file. Useful for generating values
|
||||
for automatic deployments.
|
||||
|
||||
- Commands:
|
||||
- `secret`:
|
||||
- Options:
|
||||
- `INTERNAL_TOKEN`: Token used for an internal API call authentication.
|
||||
- `JWT_SECRET`: LFS & OAUTH2 JWT authentication secret (LFS_JWT_SECRET is aliased to this option for backwards compatibility).
|
||||
- `SECRET_KEY`: Global secret key.
|
||||
- Examples:
|
||||
- `gitea generate secret INTERNAL_TOKEN`
|
||||
- `gitea generate secret JWT_SECRET`
|
||||
- `gitea generate secret SECRET_KEY`
|
||||
|
||||
### keys
|
||||
|
||||
Provides an SSHD AuthorizedKeysCommand. Needs to be configured in the sshd config file:
|
||||
|
||||
```ini
|
||||
# The value of -e and the AuthorizedKeysCommandUser should match the
|
||||
# username running Gitea
|
||||
AuthorizedKeysCommandUser git
|
||||
AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k
|
||||
```
|
||||
|
||||
The command will return the appropriate authorized_keys line for the
|
||||
provided key. You should also set the value
|
||||
`SSH_CREATE_AUTHORIZED_KEYS_FILE=false` in the `[server]` section of
|
||||
`app.ini`.
|
||||
|
||||
:::note
|
||||
opensshd requires the Gitea program to be owned by root and not
|
||||
writable by group or others. The program must be specified by an absolute
|
||||
path.
|
||||
Gitea must be running for this command to succeed.
|
||||
:::
|
||||
|
||||
### migrate
|
||||
|
||||
Migrates the database. This command can be used to run other commands before starting the server for the first time.
|
||||
This command is idempotent.
|
||||
|
||||
### doctor check
|
||||
|
||||
Diagnose and potentially fix problems with the current Gitea instance.
|
||||
Several checks are run by default, but additional ones can be run:
|
||||
|
||||
- `gitea doctor check --list` - will list all the available checks
|
||||
- `gitea doctor check --all` - will run all available checks
|
||||
- `gitea doctor check --default` - will run the default checks
|
||||
- `gitea doctor check --run [check(s),]...` - will run the named checks
|
||||
|
||||
Some problems can be automatically fixed by passing the `--fix` option.
|
||||
Extra logging can be set with `--log-file=...`.
|
||||
|
||||
#### doctor recreate-table
|
||||
|
||||
Sometimes when there are migrations the old columns and default values may be left
|
||||
unchanged in the database schema. This may lead to warning such as:
|
||||
|
||||
```log
|
||||
2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync() [W] Table user Column keep_activity_private db default is , struct default is 0
|
||||
```
|
||||
|
||||
You can cause Gitea to recreate these tables and copy the old data into the new table
|
||||
with the defaults set appropriately by using:
|
||||
|
||||
```bash
|
||||
gitea doctor recreate-table user
|
||||
```
|
||||
|
||||
You can ask Gitea to recreate multiple tables using:
|
||||
|
||||
```bash
|
||||
gitea doctor recreate-table table1 table2 ...
|
||||
```
|
||||
|
||||
And if you would like Gitea to recreate all tables simply call:
|
||||
|
||||
```bash
|
||||
gitea doctor recreate-table
|
||||
```
|
||||
|
||||
It is highly recommended to back-up your database before running these commands.
|
||||
|
||||
### doctor convert
|
||||
|
||||
Converts a MySQL database from utf8 to utf8mb4 or a MSSQL database from varchar to nvarchar.
|
||||
|
||||
### manager
|
||||
|
||||
Manage running server operations:
|
||||
|
||||
- Commands:
|
||||
- `shutdown`: Gracefully shutdown the running process
|
||||
- `restart`: Gracefully restart the running process - (not implemented for windows servers)
|
||||
- `flush-queues`: Flush queues in the running process
|
||||
- Options:
|
||||
- `--timeout value`: Timeout for the flushing process (default: 1m0s)
|
||||
- `--non-blocking`: Set to true to not wait for flush to complete before returning
|
||||
- `logging`: Adjust logging commands
|
||||
- Commands:
|
||||
- `pause`: Pause logging
|
||||
- Notes:
|
||||
- The logging level will be raised to INFO temporarily if it is below this level.
|
||||
- Gitea will buffer logs up to a certain point and will drop them after that point.
|
||||
- `resume`: Resume logging
|
||||
- `release-and-reopen`: Cause Gitea to release and re-open files and connections used for logging (Equivalent to sending SIGUSR1 to Gitea.)
|
||||
- `remove name`: Remove the named logger
|
||||
- Options:
|
||||
- `--group group`, `-g group`: Set the group to remove the sublogger from. (defaults to `default`)
|
||||
- `add`: Add a logger
|
||||
- Commands:
|
||||
- `console`: Add a console logger
|
||||
- Options:
|
||||
- `--group value`, `-g value`: Group to add logger to - will default to "default"
|
||||
- `--name value`, `-n value`: Name of the new logger - will default to mode
|
||||
- `--level value`, `-l value`: Logging level for the new logger
|
||||
- `--stacktrace-level value`, `-L value`: Stacktrace logging level
|
||||
- `--flags value`, `-F value`: Flags for the logger
|
||||
- `--expression value`, `-e value`: Matching expression for the logger
|
||||
- `--prefix value`, `-p value`: Prefix for the logger
|
||||
- `--color`: Use color in the logs
|
||||
- `--stderr`: Output console logs to stderr - only relevant for console
|
||||
- `file`: Add a file logger
|
||||
- Options:
|
||||
- `--group value`, `-g value`: Group to add logger to - will default to "default"
|
||||
- `--name value`, `-n value`: Name of the new logger - will default to mode
|
||||
- `--level value`, `-l value`: Logging level for the new logger
|
||||
- `--stacktrace-level value`, `-L value`: Stacktrace logging level
|
||||
- `--flags value`, `-F value`: Flags for the logger
|
||||
- `--expression value`, `-e value`: Matching expression for the logger
|
||||
- `--prefix value`, `-p value`: Prefix for the logger
|
||||
- `--color`: Use color in the logs
|
||||
- `--filename value`, `-f value`: Filename for the logger -
|
||||
- `--rotate`, `-r`: Rotate logs
|
||||
- `--max-size value`, `-s value`: Maximum size in bytes before rotation
|
||||
- `--daily`, `-d`: Rotate logs daily
|
||||
- `--max-days value`, `-D value`: Maximum number of daily logs to keep
|
||||
- `--compress`, `-z`: Compress rotated logs
|
||||
- `--compression-level value`, `-Z value`: Compression level to use
|
||||
- `conn`: Add a network connection logger
|
||||
- Options:
|
||||
- `--group value`, `-g value`: Group to add logger to - will default to "default"
|
||||
- `--name value`, `-n value`: Name of the new logger - will default to mode
|
||||
- `--level value`, `-l value`: Logging level for the new logger
|
||||
- `--stacktrace-level value`, `-L value`: Stacktrace logging level
|
||||
- `--flags value`, `-F value`: Flags for the logger
|
||||
- `--expression value`, `-e value`: Matching expression for the logger
|
||||
- `--prefix value`, `-p value`: Prefix for the logger
|
||||
- `--color`: Use color in the logs
|
||||
- `--reconnect-on-message`, `-R`: Reconnect to host for every message
|
||||
- `--reconnect`, `-r`: Reconnect to host when connection is dropped
|
||||
- `--protocol value`, `-P value`: Set protocol to use: tcp, unix, or udp (defaults to tcp)
|
||||
- `--address value`, `-a value`: Host address and port to connect to (defaults to :7020)
|
||||
- `smtp`: Add an SMTP logger
|
||||
- Options:
|
||||
- `--group value`, `-g value`: Group to add logger to - will default to "default"
|
||||
- `--name value`, `-n value`: Name of the new logger - will default to mode
|
||||
- `--level value`, `-l value`: Logging level for the new logger
|
||||
- `--stacktrace-level value`, `-L value`: Stacktrace logging level
|
||||
- `--flags value`, `-F value`: Flags for the logger
|
||||
- `--expression value`, `-e value`: Matching expression for the logger
|
||||
- `--prefix value`, `-p value`: Prefix for the logger
|
||||
- `--color`: Use color in the logs
|
||||
- `--username value`, `-u value`: Mail server username
|
||||
- `--password value`, `-P value`: Mail server password
|
||||
- `--host value`, `-H value`: Mail server host (defaults to: 127.0.0.1:25)
|
||||
- `--send-to value`, `-s value`: Email address(es) to send to
|
||||
- `--subject value`, `-S value`: Subject header of sent emails
|
||||
- `processes`: Display Gitea processes and goroutine information
|
||||
- Options:
|
||||
- `--flat`: Show processes as flat table rather than as tree
|
||||
- `--no-system`: Do not show system processes
|
||||
- `--stacktraces`: Show stacktraces for goroutines associated with processes
|
||||
- `--json`: Output as json
|
||||
- `--cancel PID`: Send cancel to process with PID. (Only for non-system processes.)
|
||||
|
||||
### dump-repo
|
||||
|
||||
Dump-repo dumps repository data from Git/GitHub/Gitea/GitLab:
|
||||
|
||||
- Options:
|
||||
- `--git_service service` : Git service, it could be `git`, `github`, `gitea`, `gitlab`, If clone_addr could be recognized, this could be ignored.
|
||||
- `--repo_dir dir`, `-r dir`: Repository dir path to store the data
|
||||
- `--clone_addr addr`: The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL. i.e. https://github.com/lunny/tango.git
|
||||
- `--auth_username lunny`: The username to visit the clone_addr
|
||||
- `--auth_password <password>`: The password to visit the clone_addr
|
||||
- `--auth_token <token>`: The personal token to visit the clone_addr
|
||||
- `--owner_name lunny`: The data will be stored on a directory with owner name if not empty
|
||||
- `--repo_name tango`: The data will be stored on a directory with repository name if not empty
|
||||
- `--units <units>`: Which items will be migrated, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.
|
||||
|
||||
### restore-repo
|
||||
|
||||
Restore-repo restore repository data from disk dir:
|
||||
|
||||
- Options:
|
||||
- `--repo_dir dir`, `-r dir`: Repository dir path to restore from
|
||||
- `--owner_name lunny`: Restore destination owner name
|
||||
- `--repo_name tango`: Restore destination repository name
|
||||
- `--units <units>`: Which items will be restored, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.
|
||||
|
||||
### actions generate-runner-token
|
||||
|
||||
Generate a new token for a runner to use to register with the server
|
||||
|
||||
- Options:
|
||||
- `--scope {owner}[/{repo}]`, `-s {owner}[/{repo}]`: To limit the scope of the runner, no scope means the runner can be used for all repos, but you can also limit it to a specific repo or owner
|
||||
|
||||
To register a global runner:
|
||||
|
||||
```bash
|
||||
gitea actions generate-runner-token
|
||||
```
|
||||
|
||||
To register a runner for a specific organization, in this case `org`:
|
||||
|
||||
```bash
|
||||
gitea actions generate-runner-token -s org
|
||||
```
|
||||
|
||||
To register a runner for a specific repo, in this case `username/test-repo`:
|
||||
|
||||
```bash
|
||||
gitea actions generate-runner-token -s username/test-repo
|
||||
```
|
||||
1618
versioned_docs/version-1.25/administration/config-cheat-sheet.md
Normal file
1618
versioned_docs/version-1.25/administration/config-cheat-sheet.md
Normal file
File diff suppressed because it is too large
Load Diff
507
versioned_docs/version-1.25/administration/customizing-gitea.md
Normal file
507
versioned_docs/version-1.25/administration/customizing-gitea.md
Normal file
@@ -0,0 +1,507 @@
|
||||
---
|
||||
date: "2017-04-15T14:56:00+02:00"
|
||||
slug: "customizing-gitea"
|
||||
sidebar_position: 100
|
||||
aliases:
|
||||
- /en-us/customizing-gitea
|
||||
---
|
||||
|
||||
# Customizing Gitea
|
||||
|
||||
Customizing Gitea is typically done using the `CustomPath` folder - by default this is
|
||||
the `custom` folder from the working directory (WorkPath), but may be different if your [installation](../installation/installation.md) has
|
||||
set this differently. This is the central place to override configuration settings,
|
||||
templates, etc. You can check the `CustomPath` using `gitea help`. You can also find
|
||||
the path on the _Configuration_ tab in the _Site Administration_ page. You can override
|
||||
the `CustomPath` by setting either the `GITEA_CUSTOM` environment variable or by
|
||||
using the `--custom-path` option on the `gitea` binary. (The option will override the
|
||||
environment variable.)
|
||||
|
||||
If Gitea is deployed from binary, all default paths will be relative to the Gitea
|
||||
binary. If installed from a distribution, these paths will likely be modified to
|
||||
the Linux Filesystem Standard. Gitea will attempt to create required folders, including
|
||||
`custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
|
||||
|
||||
Application settings can be found in file `CustomConf` which is by default,
|
||||
`$GITEA_CUSTOM/conf/app.ini` but may be different if your [installation](../installation/installation.md) has set this differently.
|
||||
Again `gitea help` will allow you review this variable and you can override it using the
|
||||
`--config` option on the `gitea` binary.
|
||||
|
||||
- [Quick Cheat Sheet](../administration/config-cheat-sheet.md)
|
||||
- [Complete List](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini)
|
||||
|
||||
If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
|
||||
environment variable; this can be used to override the default path to something else.
|
||||
`GITEA_CUSTOM` might, for example, be set by an init script. You can check whether the value
|
||||
is set under the "Configuration" tab on the site administration page.
|
||||
|
||||
- [List of Environment Variables](../administration/environment-variables.md)
|
||||
|
||||
:::note
|
||||
Gitea must perform a full restart to see configuration changes.
|
||||
:::
|
||||
|
||||
## Serving custom public files
|
||||
|
||||
To make Gitea serve custom public files (like pages and images), use the folder
|
||||
`$GITEA_CUSTOM/public/` as the webroot. Symbolic links will be followed.
|
||||
At the moment, only the following files are served:
|
||||
|
||||
- `public/robots.txt`
|
||||
- files in the `public/.well-known/` folder
|
||||
- files in the `public/assets/` folder
|
||||
|
||||
For example, a file `image.png` stored in `$GITEA_CUSTOM/public/assets/`, can be accessed with
|
||||
the url `http://gitea.domain.tld/assets/image.png`.
|
||||
|
||||
## Changing the logo
|
||||
|
||||
To build a custom logo and/or favicon clone the Gitea source repository, replace `assets/logo.svg` and/or `assets/favicon.svg` and run
|
||||
`make generate-images`. `assets/favicon.svg` is used for the favicon only. This will update below output files which you can then place in `$GITEA_CUSTOM/public/assets/img` on your server:
|
||||
|
||||
- `public/assets/img/logo.svg` - Used for site icon, app icon
|
||||
- `public/assets/img/logo.png` - Used for Open Graph
|
||||
- `public/assets/img/avatar_default.png` - Used as the default avatar image
|
||||
- `public/assets/img/apple-touch-icon.png` - Used on iOS devices for bookmarks
|
||||
- `public/assets/img/favicon.svg` - Used for favicon
|
||||
- `public/assets/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons
|
||||
|
||||
In case the source image is not in vector format, you can attempt to convert a raster image using tools like [this](https://www.aconvert.com/image/png-to-svg/).
|
||||
|
||||
## Customizing Gitea pages and resources
|
||||
|
||||
Gitea's executable contains all the resources required to run: templates, images, style-sheets
|
||||
and translations. Any of them can be overridden by placing a replacement in a matching path
|
||||
inside the `custom` directory. For example, to replace the default `.gitignore` provided
|
||||
for C++ repositories, we want to replace `options/gitignore/C++`. To do this, a replacement
|
||||
must be placed in `$GITEA_CUSTOM/options/gitignore/C++` (see about the location of the `CustomPath`
|
||||
directory at the top of this document).
|
||||
|
||||
Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://pkg.go.dev/html/template),
|
||||
which can be modified by placing replacements below the `$GITEA_CUSTOM/templates` directory.
|
||||
|
||||
To obtain any embedded file (including templates), the [`gitea embedded` tool](../administration/cmd-embedded.md) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/main/templates) directory of Gitea source (Note: the example link is from the `main` branch. Make sure to use templates compatible with the release you are using).
|
||||
|
||||
Be aware that any statement contained inside `{{` and `}}` are Gitea's template syntax and
|
||||
shouldn't be touched without fully understanding these components.
|
||||
|
||||
### Customizing startpage / homepage
|
||||
|
||||
Copy [`home.tmpl`](https://github.com/go-gitea/gitea/blob/main/templates/home.tmpl) for your version of Gitea from `templates` to `$GITEA_CUSTOM/templates`.
|
||||
Edit as you wish.
|
||||
Dont forget to restart your Gitea to apply the changes.
|
||||
|
||||
### Adding links and tabs
|
||||
|
||||
If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `$GITEA_CUSTOM/templates/custom/` directory.
|
||||
|
||||
For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
|
||||
just place it under your "$GITEA_CUSTOM/public/assets/" directory (for instance `$GITEA_CUSTOM/public/assets/impressum.html`) and put a link to it in either `$GITEA_CUSTOM/templates/custom/extra_links.tmpl` or `$GITEA_CUSTOM/templates/custom/extra_links_footer.tmpl`.
|
||||
|
||||
To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
|
||||
`<a class="item" href="{{AppSubUrl}}/assets/impressum.html">Impressum</a>`
|
||||
|
||||
For more information, see [Adding Legal Pages](../administration/adding-legal-pages.md).
|
||||
|
||||
You can add new tabs in the same way, putting them in `extra_tabs.tmpl`.
|
||||
The exact HTML needed to match the style of other tabs is in the file
|
||||
`templates/repo/header.tmpl`
|
||||
([source in GitHub](https://github.com/go-gitea/gitea/blob/main/templates/repo/header.tmpl))
|
||||
|
||||
### Other additions to the page
|
||||
|
||||
Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful templates you can put in your `$GITEA_CUSTOM/templates/custom/` directory:
|
||||
|
||||
- `header.tmpl`, just before the end of the `<head>` tag where you can add custom CSS files for instance.
|
||||
- `body_outer_pre.tmpl`, right after the start of `<body>`.
|
||||
- `body_inner_pre.tmpl`, before the top navigation bar, but already inside the main container `<div class="full height">`.
|
||||
- `body_inner_post.tmpl`, before the end of the main container.
|
||||
- `body_outer_post.tmpl`, before the bottom `<footer>` element.
|
||||
- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional JavaScript.
|
||||
|
||||
### Using Gitea variables
|
||||
|
||||
It's possible to use various Gitea variables in your custom templates.
|
||||
|
||||
First, _temporarily_ enable development mode: in your `app.ini` change from `RUN_MODE = prod` to `RUN_MODE = dev`. Then add `{{ $ | DumpVar }}` to any of your templates, restart Gitea and refresh that page; that will dump all available variables.
|
||||
|
||||
Find the data that you need, and use the corresponding variable; for example, if you need the name of the repository then you'd use `{{.Repository.Name}}`.
|
||||
|
||||
If you need to transform that data somehow, and aren't familiar with Go, an easy workaround is to add the data to the DOM and add a small JavaScript script block to manipulate the data.
|
||||
|
||||
### Example: PlantUML
|
||||
|
||||
You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by using a PlantUML server.
|
||||
The data is encoded and sent to the PlantUML server which generates the picture. There is an online
|
||||
demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
|
||||
can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
|
||||
copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
|
||||
`$GITEA_CUSTOM/public/assets/` folder. Then add the following to `custom/footer.tmpl`:
|
||||
|
||||
```html
|
||||
<script>
|
||||
$(async () => {
|
||||
if (!$('.language-plantuml').length) return;
|
||||
await Promise.all([
|
||||
$.getScript('https://your-gitea-server.com/assets/deflate.js'),
|
||||
$.getScript('https://your-gitea-server.com/assets/encode.js'),
|
||||
$.getScript('https://your-gitea-server.com/assets/plantuml_codeblock_parse.js'),
|
||||
]);
|
||||
// Replace call with address to your plantuml server
|
||||
parsePlantumlCodeBlocks("https://www.plantuml.com/plantuml");
|
||||
});
|
||||
</script>
|
||||
```
|
||||
|
||||
You can then add blocks like the following to your markdown:
|
||||
|
||||
```plantuml
|
||||
Alice -> Bob: Authentication Request
|
||||
Bob --> Alice: Authentication Response
|
||||
|
||||
Alice -> Bob: Another authentication Request
|
||||
Alice <-- Bob: Another authentication Response
|
||||
```
|
||||
|
||||
The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.
|
||||
|
||||
### Example: CAD Files Preview using Online 3D Viewer
|
||||
|
||||
You can implement CAD file preview inside your Gitea instance. This implemenation uses [`Online 3D Viewer`](https://github.com/kovacsv/Online3DViewer).
|
||||
|
||||
Supports following 3D file formats:
|
||||
'3dm', '3ds', '3mf', 'amf', 'bim', 'brep', 'dae', 'fbx', 'fcstd', 'glb',
|
||||
'gltf', 'ifc', 'igs', 'iges', 'stp', 'step', 'stl', 'obj', 'off', 'ply', 'wrl'
|
||||
(Only v2 for .gltf files)
|
||||
|
||||
#### Part 1: Add template
|
||||
|
||||
In $GITEA_CUSTOM we need to add our template.
|
||||
This template needs to be saved in "$GITEA_CUSTOM/templates/custom/".
|
||||
Here create file "footer.tmpl" and add following text into it:
|
||||
|
||||
```
|
||||
nano $GITEA_CUSTOM/templates/custom/footer.tmpl
|
||||
```
|
||||
|
||||
```html
|
||||
<script>
|
||||
function onPageChange() {
|
||||
// Supported 3D file types
|
||||
const fileTypes = ['3dm', '3ds', '3mf', 'amf', 'bim', 'brep', 'dae', 'fbx', 'fcstd', 'glb', 'gltf', 'ifc', 'igs', 'iges', 'stp', 'step', 'stl', 'obj', 'off', 'ply', 'wrl'];
|
||||
|
||||
// Select matching link
|
||||
const links = Array.from(document.querySelectorAll('a.ui.mini.basic.button'));
|
||||
const link3D = links.find(link => {
|
||||
const href = link.href.toLowerCase();
|
||||
return href.includes('/raw/') && fileTypes.some(ext => href.endsWith(`.${ext}`));
|
||||
});
|
||||
|
||||
if (link3D) {
|
||||
const existingScript = document.querySelector('script[src="/assets/o3dv/o3dv.min.js"]');
|
||||
|
||||
const initializeViewer = () => {
|
||||
const fileUrl = link3D.getAttribute('href');
|
||||
|
||||
const fileView = document.querySelector('.file-view');
|
||||
|
||||
if (!fileView) return;
|
||||
|
||||
// Remove only the old viewer container if it exists
|
||||
const oldView3D = document.getElementById('view-3d');
|
||||
if (oldView3D) {
|
||||
oldView3D.remove(); // safely remove old viewer container div
|
||||
} else {
|
||||
// No #view-3d, so remove all children inside .file-view
|
||||
while (fileView.firstChild) {
|
||||
fileView.removeChild(fileView.firstChild);
|
||||
}
|
||||
}
|
||||
|
||||
// Create a new container for the viewer
|
||||
const newView3D = document.createElement('div');
|
||||
newView3D.id = 'view-3d';
|
||||
newView3D.style.padding = '0';
|
||||
newView3D.style.margin = '0';
|
||||
newView3D.style.flexGrow = '1';
|
||||
newView3D.style.minHeight = '0';
|
||||
newView3D.style.width = '100%';
|
||||
|
||||
const header = document.querySelector('header');
|
||||
const headerHeight = header ? header.offsetHeight : 0;
|
||||
|
||||
newView3D.style.height = `calc(100vh - ${headerHeight}px)`;
|
||||
|
||||
// Append the new container inside fileView
|
||||
fileView.appendChild(newView3D);
|
||||
|
||||
const parentDiv = document.getElementById('view-3d');
|
||||
if (parentDiv) {
|
||||
const viewer = new OV.EmbeddedViewer(parentDiv, {
|
||||
backgroundColor: new OV.RGBAColor(59, 68, 76, 0),
|
||||
defaultColor: new OV.RGBColor(200, 200, 200),
|
||||
edgeSettings: new OV.EdgeSettings(false, new OV.RGBColor(0, 0, 0), 1),
|
||||
environmentSettings: new OV.EnvironmentSettings([
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posx.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negy.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/posz.jpg',
|
||||
'/assets/o3dv/envmaps/fishermans_bastion/negz.jpg'
|
||||
], false)
|
||||
});
|
||||
|
||||
viewer.LoadModelFromUrlList([fileUrl]);
|
||||
}
|
||||
};
|
||||
|
||||
if (typeof OV === 'undefined') {
|
||||
if (!existingScript) {
|
||||
const script = document.createElement('script');
|
||||
script.onload = initializeViewer;
|
||||
script.src = '/assets/o3dv/o3dv.min.js';
|
||||
document.head.appendChild(script);
|
||||
} else {
|
||||
// Script is loading but OV not yet ready — wait for it
|
||||
existingScript.addEventListener('load', initializeViewer);
|
||||
}
|
||||
} else {
|
||||
// OV already loaded
|
||||
initializeViewer();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// Run when the page is fully loaded
|
||||
document.addEventListener('DOMContentLoaded', onPageChange);
|
||||
|
||||
const targetSelector = 'a.ui.mini.basic.button[href*="/raw/"]';
|
||||
let lastHref = null;
|
||||
let timeoutId = null;
|
||||
|
||||
const checkAndRun = () => {
|
||||
const rawLink = document.querySelector(targetSelector);
|
||||
if (!rawLink) return;
|
||||
|
||||
const currentHref = rawLink.getAttribute('href');
|
||||
if (currentHref !== lastHref) {
|
||||
lastHref = currentHref;
|
||||
|
||||
const fileName = currentHref.split('/').pop();
|
||||
console.log('New Raw file link detected after delay:', fileName);
|
||||
|
||||
onPageChange();
|
||||
}
|
||||
};
|
||||
|
||||
const observer = new MutationObserver(() => {
|
||||
// Delay execution by 300ms after last mutation
|
||||
clearTimeout(timeoutId);
|
||||
timeoutId = setTimeout(checkAndRun, 300);
|
||||
});
|
||||
|
||||
observer.observe(document.body, {
|
||||
childList: true,
|
||||
subtree: true,
|
||||
});
|
||||
</script>
|
||||
```
|
||||
|
||||
#### Part 2: Add public files
|
||||
|
||||
Now we need to download latest version of O3DV. Go to "$GITEA_CUSTOM/public/assets/".
|
||||
Create folder using (and cd into it):
|
||||
|
||||
```
|
||||
mkdir o3dv
|
||||
cd o3dv
|
||||
```
|
||||
|
||||
Copy latest release zip link from [`GitHub`](https://github.com/kovacsv/Online3DViewer/releases) (v0.16.0 as of now).
|
||||
Here use e.g. wget to download the file:
|
||||
|
||||
```
|
||||
wget https://github.com/kovacsv/Online3DViewer/releases/download/0.16.0/o3dv.zip
|
||||
```
|
||||
|
||||
Use e.g. unzip to unzip the archive:
|
||||
```
|
||||
unzip o3dv.zip
|
||||
```
|
||||
|
||||
#### Part 3: Folder permissions
|
||||
|
||||
Now the last thing. Change permissions on the public folder:
|
||||
```
|
||||
chown -R git:git $GITEA_CUSTOM/public
|
||||
```
|
||||
|
||||
Now we have everything ready! Restart your gitea instance to apply these changes and test it in your browser.
|
||||
|
||||
Sanity check. You should end-up with a folder structure similar to this:
|
||||
|
||||
```
|
||||
$GITEA_CUSTOM/templates
|
||||
-- custom
|
||||
`-- footer.tmpl
|
||||
|
||||
$GITEA_CUSTOM/public/assets/
|
||||
-- o3dv
|
||||
|-- o3dv_0.15.0.zip
|
||||
|-- o3dv.license.md
|
||||
|-- o3dv.min.js
|
||||
|-- envmaps
|
||||
\...
|
||||
```
|
||||
|
||||
## Customizing Gitea mails
|
||||
|
||||
The `$GITEA_CUSTOM/templates/mail` folder allows changing the body of every mail of Gitea.
|
||||
Templates to override can be found in the
|
||||
[`templates/mail`](https://github.com/go-gitea/gitea/tree/main/templates/mail)
|
||||
directory of Gitea source.
|
||||
Override by making a copy of the file under `$GITEA_CUSTOM/templates/mail` using a
|
||||
full path structure matching source.
|
||||
|
||||
Any statement contained inside `{{` and `}}` are Gitea's template
|
||||
syntax and shouldn't be touched without fully understanding these components.
|
||||
|
||||
## Adding Analytics to Gitea
|
||||
|
||||
Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `$GITEA_CUSTOM/templates/custom/header.tmpl` file.
|
||||
|
||||
## Customizing gitignores, labels, licenses, locales, and readmes
|
||||
|
||||
Place custom files in corresponding sub-folder under `custom/options`.
|
||||
|
||||
:::note
|
||||
The files should not have a file extension, e.g. `Labels` rather than `Labels.txt`
|
||||
:::
|
||||
|
||||
### gitignores
|
||||
|
||||
To add custom .gitignore, add a file with existing [.gitignore rules](https://git-scm.com/docs/gitignore) in it to `$GITEA_CUSTOM/options/gitignore`
|
||||
|
||||
## Customizing the git configuration
|
||||
|
||||
Starting with Gitea 1.20, you can customize the git configuration via the `git.config` section.
|
||||
|
||||
### Enabling signed git pushes
|
||||
|
||||
To enable signed git pushes, set these two options:
|
||||
|
||||
```ini
|
||||
[git.config]
|
||||
receive.advertisePushOptions = true
|
||||
receive.certNonceSeed = <randomstring>
|
||||
```
|
||||
|
||||
`certNonceSeed` should be set to a random string and be kept secret.
|
||||
|
||||
### Labels
|
||||
|
||||
Starting with Gitea 1.19, you can add a file that follows the [YAML label format](https://github.com/go-gitea/gitea/blob/main/options/label/Advanced.yaml) to `$GITEA_CUSTOM/options/label`:
|
||||
|
||||
```yaml
|
||||
labels:
|
||||
- name: "foo/bar" # name of the label that will appear in the dropdown
|
||||
exclusive: true # whether to use the exclusive namespace for scoped labels. scoped delimiter is /
|
||||
color: aabbcc # hex colour coding
|
||||
description: Some label # long description of label intent
|
||||
```
|
||||
|
||||
The [legacy file format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) can still be used following the format below, however we strongly recommend using the newer YAML format instead.
|
||||
|
||||
`#hex-color label name ; label description`
|
||||
|
||||
For more information, see the [labels documentation](usage/labels.md).
|
||||
|
||||
### Licenses
|
||||
|
||||
To add a custom license, add a file with the license text to `$GITEA_CUSTOM/options/license`
|
||||
|
||||
### Locales
|
||||
|
||||
Locales are managed via our [Crowdin](https://crowdin.com/project/gitea).
|
||||
You can override a locale by placing an altered locale file in `$GITEA_CUSTOM/options/locale`.
|
||||
Gitea's default locale files can be found in the [`options/locale`](https://github.com/go-gitea/gitea/tree/main/options/locale) source folder and these should be used as examples for your changes.
|
||||
|
||||
To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
|
||||
|
||||
```ini title="app.ini"
|
||||
[i18n]
|
||||
LANGS = en-US,foo-BAR
|
||||
NAMES = English,FooBar
|
||||
```
|
||||
|
||||
The first locale will be used as the default if user browser's language doesn't match any locale in the list.
|
||||
|
||||
Locales may change between versions, so keeping track of your customized locales is highly encouraged.
|
||||
|
||||
### Readmes
|
||||
|
||||
To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `$GITEA_CUSTOM/options/readme`
|
||||
|
||||
:::note
|
||||
Readme templates support **variable expansion**.
|
||||
currently there are `{Name}` (name of repository), `{Description}`, `{CloneURL.SSH}`, `{CloneURL.HTTPS}` and `{OwnerName}`
|
||||
:::
|
||||
|
||||
### Reactions
|
||||
|
||||
To change reaction emoji's you can set allowed reactions at app.ini
|
||||
|
||||
```ini title="app.ini"
|
||||
[ui]
|
||||
REACTIONS = +1, -1, laugh, confused, heart, hooray, eyes
|
||||
```
|
||||
|
||||
A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gitea.com/issues/8)
|
||||
|
||||
## Customizing the look of Gitea
|
||||
|
||||
The built-in themes are `gitea-light`, `gitea-dark`, and `gitea-auto` (which automatically adapts to OS settings).
|
||||
|
||||
The default theme can be changed via `DEFAULT_THEME` in the [ui](../administration/config-cheat-sheet.md#ui-ui) section of `app.ini`.
|
||||
|
||||
Gitea also has support for user themes, which means every user can select which theme should be used.
|
||||
The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](../administration/config-cheat-sheet.md#ui-ui) section of `app.ini`.
|
||||
|
||||
To make a custom theme available to all users:
|
||||
|
||||
1. Add a CSS file to `$GITEA_CUSTOM/public/assets/css/theme-<theme-name>.css`.
|
||||
The value of `$GITEA_CUSTOM` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
|
||||
2. Add `<theme-name>` to the comma-separated list of setting `THEMES` in `app.ini`, or leave `THEMES` empty to allow all themes.
|
||||
|
||||
A custom theme file named `theme-my-theme.css` will be displayed as `my-theme` on the user's theme selection page.
|
||||
It could add theme meta information into the custom theme CSS file to provide more information about the theme.
|
||||
If a custom theme is a dark theme, please set the global css variable `--is-dark-theme: true` in the `:root` block.
|
||||
This allows Gitea to adjust the Monaco code editor's theme accordingly.
|
||||
An "auto" theme could be implemented by using "theme-gitea-auto.css" as a reference.
|
||||
|
||||
```css
|
||||
gitea-theme-meta-info {
|
||||
--theme-display-name: "My Awesome Theme"; /* this theme will be display as "My Awesome Theme" on the UI */
|
||||
}
|
||||
:root {
|
||||
--is-dark-theme: true; /* if it is a dark theme */
|
||||
--color-primary: #112233;
|
||||
/* more custom theme variables ... */
|
||||
}
|
||||
```
|
||||
|
||||
Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).
|
||||
|
||||
The default theme sources can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/css/themes).
|
||||
|
||||
## Customizing fonts
|
||||
|
||||
Fonts can be customized using CSS variables:
|
||||
|
||||
```css
|
||||
:root {
|
||||
--fonts-proportional: /* custom proportional fonts */ !important;
|
||||
--fonts-monospace: /* custom monospace fonts */ !important;
|
||||
--fonts-emoji: /* custom emoji fonts */ !important;
|
||||
}
|
||||
```
|
||||
120
versioned_docs/version-1.25/administration/email-setup.md
Normal file
120
versioned_docs/version-1.25/administration/email-setup.md
Normal file
@@ -0,0 +1,120 @@
|
||||
---
|
||||
date: "2019-10-15T10:10:00+05:00"
|
||||
slug: "email-setup"
|
||||
sidebar_position: 12
|
||||
aliases:
|
||||
- /en-us/email-setup
|
||||
---
|
||||
|
||||
# Email setup
|
||||
|
||||
Gitea has mailer functionality for sending transactional emails (such as registration confirmation). It can be configured to either use Sendmail (or compatible MTAs like Postfix and msmtp) or directly use SMTP server.
|
||||
|
||||
:::note
|
||||
Be sure to set ENABLE_NOTIFY_MAIL=true to allow Gitea to send email notifications. Check the [Config Cheat Sheet](../administration/config-cheat-sheet.md#service-service) for details.
|
||||
:::
|
||||
|
||||
## Using Sendmail
|
||||
|
||||
Use `sendmail` command as mailer.
|
||||
|
||||
:::note
|
||||
For use in the official Gitea Docker image, please configure with the SMTP version (see the following section).
|
||||
:::
|
||||
|
||||
:::note
|
||||
For Internet-facing sites consult documentation of your MTA for instructions to send emails over TLS. Also set up SPF, DMARC, and DKIM DNS records to make emails sent be accepted as legitimate by various email providers.
|
||||
:::
|
||||
|
||||
```ini title="app.ini"
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
FROM = gitea@mydomain.com
|
||||
PROTOCOL = sendmail
|
||||
SENDMAIL_PATH = /usr/sbin/sendmail
|
||||
SENDMAIL_ARGS = "--" ; most "sendmail" programs take options, "--" will prevent an email address being interpreted as an option.
|
||||
```
|
||||
|
||||
## Using SMTP
|
||||
|
||||
Directly use SMTP server as relay. This option is useful if you don't want to set up MTA on your instance but you have an account at email provider.
|
||||
|
||||
```ini title="app.ini"
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
FROM = gitea@mydomain.com
|
||||
PROTOCOL = smtps
|
||||
SMTP_ADDR = mail.mydomain.com
|
||||
SMTP_PORT = 587
|
||||
USER = gitea@mydomain.com
|
||||
PASSWD = `password`
|
||||
```
|
||||
|
||||
Restart Gitea for the configuration changes to take effect.
|
||||
|
||||
To send a test email to validate the settings, go to Gitea > Site Administration > Configuration > Summary -> Mailer Configuration.
|
||||
|
||||
For the full list of options check the [Config Cheat Sheet](../administration/config-cheat-sheet.md)
|
||||
|
||||
:::note
|
||||
Authentication is only supported when the SMTP server communication is encrypted with TLS or `HOST=localhost`. TLS encryption can be through:
|
||||
:::
|
||||
|
||||
- STARTTLS (also known as Opportunistic TLS) via port 587 with `PROTOCOL=smtp+starttls`. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
|
||||
- SMTPS connection (SMTP over TLS) via the default port 465. Connection to the server use TLS from the beginning.
|
||||
- Forced SMTPS connection with `PROTOCOL=smtps`. (These are both known as Implicit TLS.)
|
||||
This is due to protections imposed by the Go internal libraries against STRIPTLS attacks.
|
||||
|
||||
Note that Implicit TLS is recommended by [RFC8314](https://tools.ietf.org/html/rfc8314#section-3) since 2018.
|
||||
|
||||
### Gmail
|
||||
|
||||
The following configuration should work with GMail's SMTP server:
|
||||
|
||||
```ini title="app.ini"
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
HOST = smtp.gmail.com:465 ; Remove this line for Gitea >= 1.18.0
|
||||
SMTP_ADDR = smtp.gmail.com
|
||||
SMTP_PORT = 465
|
||||
FROM = example.user@gmail.com
|
||||
USER = example.user
|
||||
PASSWD = `***`
|
||||
PROTOCOL = smtps
|
||||
```
|
||||
|
||||
Note that you'll need to create and use an [App password](https://support.google.com/accounts/answer/185833?hl=en) by enabling 2FA on your Google
|
||||
account. You won't be able to use your Google account password directly.
|
||||
|
||||
### ProtonMail
|
||||
|
||||
This feature is currently only available for select Proton for Business customers and those with Visionary and Family plans with custom domain addresses. See [ProtonMail's SMTP documentation](https://proton.me/support/smtp-submission) for more information. This limitation can be circumvented by using the ProtonMail Bridge application.
|
||||
|
||||
Note that emails sent using SMTP are not [end-to-end encrypted](https://proton.me/support/proton-mail-encryption-explained). However, they’re still stored with zero-access encryption like any other emails in your Proton Mail inbox.
|
||||
|
||||
The following configuration should work with ProtonMail's SMTP server:
|
||||
|
||||
1. In your browser (or desktop application), sign in to your Proton Mail account and select **Settings → All settings → Proton Mail → IMAP/SMTP → SMTP tokens**.
|
||||
2. Click **Generate token**.
|
||||
3. Enter the following details to create a new SMTP token:
|
||||
- **Token name**: Select a name for your token. This is for your reference only and does not affect the token's functionality.
|
||||
- **Email address**: Select one of your active custom domain addresses to pair with your token. Copy this email address and use it for the `FROM` and `USER` configuration in `app.ini`.
|
||||
4. Click **Generate**.
|
||||
5. Enter your Proton Mail Account password.
|
||||
|
||||
Your SMTP username and SMTP token (password) will be generated. You can now enter them as the `USER` and `PASSWD` in your `app.ini` configuration.
|
||||
|
||||
```ini title="app.ini"
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
FROM = example.user@customdomain.tld
|
||||
PROTOCOL = smtp+starttls
|
||||
SMTP_ADDR = smtp.protonmail.ch
|
||||
SMTP_PORT = 587
|
||||
USER = example.user@customdomain.tld
|
||||
PASSWD = `TOKEN`
|
||||
```
|
||||
|
||||
After closing the popup, you will not be able to see this SMTP token (password) again for security reasons. You can always generate more tokens if you need to rotate passwords.
|
||||
|
||||
Note: Your Proton Mail login or mailbox passwords will not work with SMTP
|
||||
@@ -0,0 +1,50 @@
|
||||
---
|
||||
date: "2017-04-08T11:34:00+02:00"
|
||||
slug: "environment-variables"
|
||||
sidebar_position: 10
|
||||
aliases:
|
||||
- /en-us/environment-variables
|
||||
---
|
||||
|
||||
# Environment variables
|
||||
|
||||
This is an inventory of Gitea environment variables. They change Gitea behaviour.
|
||||
|
||||
Initialize them before Gitea command to be effective, for example:
|
||||
|
||||
```sh
|
||||
GITEA_CUSTOM=/home/gitea/custom ./gitea web
|
||||
```
|
||||
|
||||
## From Go language
|
||||
|
||||
As Gitea is written in Go, it uses some variables that influence the behaviour of Go's runtime, such as:
|
||||
|
||||
- `GOMEMLIMIT`
|
||||
- `GOGC`
|
||||
- `GOMAXPROCS`
|
||||
- `GODEBUG`
|
||||
|
||||
For documentation about each of the variables available, refer to the
|
||||
[official Go documentation on runtime environment variables](https://pkg.go.dev/runtime#hdr-Environment_Variables).
|
||||
|
||||
## Gitea files
|
||||
|
||||
- `GITEA_WORK_DIR`: Absolute path of working directory.
|
||||
- `GITEA_CUSTOM`: Gitea uses `WorkPath`/custom folder by default. Use this variable to change _custom_ directory.
|
||||
|
||||
## Operating system specifics
|
||||
|
||||
- `USER`: System user that Gitea will run as. Used for some repository access strings.
|
||||
- `USERNAME`: if no `USER` found, Gitea will use `USERNAME`
|
||||
- `HOME`: User home directory path. The `USERPROFILE` environment variable is used in Windows.
|
||||
|
||||
### Only on Windows
|
||||
|
||||
- `USERPROFILE`: User home directory path. If empty, uses `HOMEDRIVE` + `HOMEPATH`
|
||||
- `HOMEDRIVE`: Main drive path used to access the home directory (C:)
|
||||
- `HOMEPATH`: Home relative path in the given home drive path
|
||||
|
||||
## Miscellaneous
|
||||
|
||||
- `SKIP_MINWINSVC`: If set to 1, do not run as a service on Windows.
|
||||
183
versioned_docs/version-1.25/administration/external-renderers.md
Normal file
183
versioned_docs/version-1.25/administration/external-renderers.md
Normal file
@@ -0,0 +1,183 @@
|
||||
---
|
||||
date: "2018-11-23:00:00+02:00"
|
||||
slug: "external-renderers"
|
||||
sidebar_position: 60
|
||||
aliases:
|
||||
- /en-us/external-renderers
|
||||
---
|
||||
|
||||
# External renderers
|
||||
|
||||
Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries,
|
||||
it is just a matter of:
|
||||
|
||||
- installing external binaries
|
||||
- add some configuration to your `app.ini` file
|
||||
- restart your Gitea instance
|
||||
|
||||
This supports rendering of whole files. If you want to render code blocks in markdown you would need to do something with javascript. See some examples on the [Customizing Gitea](../administration/customizing-gitea.md) page.
|
||||
|
||||
## Installing external binaries
|
||||
|
||||
In order to get file rendering through external binaries, their associated packages must be installed.
|
||||
If you're using a Docker image, your `Dockerfile` should contain something along this lines:
|
||||
|
||||
```docker
|
||||
FROM docker.gitea.com/gitea:@dockerVersion@
|
||||
[...]
|
||||
|
||||
COPY custom/app.ini /data/gitea/conf/app.ini
|
||||
[...]
|
||||
|
||||
RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev pandoc python3-dev py3-pyzmq pipx
|
||||
# install any other package you need for your external renderers
|
||||
|
||||
RUN pipx install jupyter docutils --include-deps --global
|
||||
# add above any other python package you may need to install
|
||||
```
|
||||
|
||||
## `app.ini` file configuration
|
||||
|
||||
add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
|
||||
|
||||
```ini
|
||||
[markup.asciidoc]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .adoc,.asciidoc
|
||||
RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
|
||||
; Input is not a standard input but a file
|
||||
IS_INPUT_FILE = false
|
||||
|
||||
[markup.jupyter]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .ipynb
|
||||
RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
|
||||
IS_INPUT_FILE = false
|
||||
|
||||
[markup.restructuredtext]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .rst
|
||||
RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
|
||||
IS_INPUT_FILE = false
|
||||
```
|
||||
|
||||
If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizer. The example below could be used to support server-side [KaTeX](https://katex.org/) rendering output from [`pandoc`](https://pandoc.org/).
|
||||
|
||||
```ini
|
||||
[markup.sanitizer.TeX]
|
||||
; Pandoc renders TeX segments as <span>s with the "math" class, optionally
|
||||
; with "inline" or "display" classes depending on context.
|
||||
; - note this is different from the built-in math support in our markdown parser which uses <code>
|
||||
ELEMENT = span
|
||||
ALLOW_ATTR = class
|
||||
REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
|
||||
|
||||
[markup.markdown]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .md,.markdown
|
||||
RENDER_COMMAND = pandoc -f markdown -t html --katex
|
||||
```
|
||||
|
||||
You must define `ELEMENT` and `ALLOW_ATTR` in each section.
|
||||
|
||||
To define multiple entries, add a unique alphanumeric suffix (e.g., `[markup.sanitizer.1]` and `[markup.sanitizer.something]`).
|
||||
|
||||
To apply a sanitisation rules only for a specify external renderer they must use the renderer name, e.g. `[markup.sanitizer.asciidoc.rule-1]`, `[markup.sanitizer.<renderer>.rule-1]`.
|
||||
|
||||
**Note**: If the rule is defined above the renderer ini section or the name does not match a renderer it is applied to every renderer.
|
||||
|
||||
Once your configuration changes have been made, restart Gitea to have changes take effect.
|
||||
|
||||
**Note**: Prior to Gitea 1.12 there was a single `markup.sanitiser` section with keys that were redefined for multiple rules, however,
|
||||
there were significant problems with this method of configuration necessitating configuration through multiple sections.
|
||||
|
||||
### Example: HTML
|
||||
|
||||
Render HTML files directly:
|
||||
|
||||
```ini
|
||||
[markup.html]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .html,.htm
|
||||
RENDER_COMMAND = cat
|
||||
; Input is not a standard input but a file
|
||||
IS_INPUT_FILE = true
|
||||
|
||||
[markup.sanitizer.html.1]
|
||||
ELEMENT = div
|
||||
ALLOW_ATTR = class
|
||||
|
||||
[markup.sanitizer.html.2]
|
||||
ELEMENT = a
|
||||
ALLOW_ATTR = class
|
||||
```
|
||||
|
||||
### Example: Office DOCX
|
||||
|
||||
Display Office DOCX files with [`pandoc`](https://pandoc.org/):
|
||||
|
||||
```ini
|
||||
[markup.docx]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .docx
|
||||
RENDER_COMMAND = "pandoc --from docx --to html --self-contained --template /path/to/basic.html"
|
||||
|
||||
[markup.sanitizer.docx.img]
|
||||
ALLOW_DATA_URI_IMAGES = true
|
||||
```
|
||||
|
||||
The template file has the following content:
|
||||
|
||||
```
|
||||
$body$
|
||||
```
|
||||
|
||||
### Example: Jupyter Notebook
|
||||
|
||||
Display Jupyter Notebook files with [`nbconvert`](https://github.com/jupyter/nbconvert):
|
||||
|
||||
```ini
|
||||
[markup.jupyter]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .ipynb
|
||||
RENDER_COMMAND = "jupyter-nbconvert --stdin --stdout --to html --template basic"
|
||||
|
||||
[markup.sanitizer.jupyter.img]
|
||||
ALLOW_DATA_URI_IMAGES = true
|
||||
```
|
||||
|
||||
## Customizing CSS
|
||||
|
||||
The external renderer is specified in the .ini in the format `[markup.XXXXX]` and the HTML supplied by your external renderer will be wrapped in a `<div>` with classes `markup` and `XXXXX`. The `markup` class provides out of the box styling (as does `markdown` if `XXXXX` is `markdown`). Otherwise you can use these classes to specifically target the contents of your rendered HTML.
|
||||
|
||||
And so you could write some CSS:
|
||||
|
||||
```css
|
||||
.markup.XXXXX html {
|
||||
font-size: 100%;
|
||||
overflow-y: scroll;
|
||||
-webkit-text-size-adjust: 100%;
|
||||
-ms-text-size-adjust: 100%;
|
||||
}
|
||||
|
||||
.markup.XXXXX body {
|
||||
color: #444;
|
||||
font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', serif;
|
||||
font-size: 12px;
|
||||
line-height: 1.7;
|
||||
padding: 1em;
|
||||
margin: auto;
|
||||
max-width: 42em;
|
||||
background: #fefefe;
|
||||
}
|
||||
|
||||
.markup.XXXXX p {
|
||||
color: orangered;
|
||||
}
|
||||
```
|
||||
|
||||
Add your stylesheet to your custom directory e.g `custom/public/assets/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
|
||||
|
||||
```html
|
||||
<link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
|
||||
```
|
||||
118
versioned_docs/version-1.25/administration/fail2ban-setup.md
Normal file
118
versioned_docs/version-1.25/administration/fail2ban-setup.md
Normal file
@@ -0,0 +1,118 @@
|
||||
---
|
||||
date: "2018-05-11T11:00:00+02:00"
|
||||
slug: "fail2ban-setup"
|
||||
sidebar_position: 16
|
||||
aliases:
|
||||
- /en-us/fail2ban-setup
|
||||
---
|
||||
|
||||
# Fail2ban Setup
|
||||
|
||||
**Remember that fail2ban is powerful and can cause lots of issues if you do it incorrectly, so make
|
||||
sure to test this before relying on it so you don't lock yourself out.**
|
||||
|
||||
Gitea returns an HTTP 200 for bad logins in the web logs, but if you have logging options on in
|
||||
`app.ini`, then you should be able to go off of `log/gitea.log`, which gives you something like this
|
||||
on a bad authentication from the web or CLI using SSH or HTTP respectively:
|
||||
|
||||
```log
|
||||
2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:143:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(DEPRECATED: This may be a false positive as the user may still go on to correctly authenticate.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:155:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(DEPRECATED: This may be a false positive as the user may still go on to correctly authenticate.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:198:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(DEPRECATED: This may be a false positive as the user may still go on to correctly authenticate.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:213:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(DEPRECATED: This may be a false positive as the user may still go on to correctly authenticate.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:227:publicKeyHandler() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(DEPRECATED: This may be a false positive as the user may still go on to correctly authenticate.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:05:09 modules/ssh/ssh.go:249:sshConnectionFailed() [W] Failed authentication attempt from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
(From 1.15 this new message will available and doesn't have any of the false positive results that above messages from publicKeyHandler do. This will only be logged if the user has completely failed authentication.)
|
||||
|
||||
```log
|
||||
2020/10/15 16:08:44 ...s/context/context.go:204:HandleText() [E] invalid credentials from xxx.xxx.xxx.xxx
|
||||
```
|
||||
|
||||
Add our filter in `/etc/fail2ban/filter.d/gitea.local`:
|
||||
|
||||
```ini
|
||||
# gitea.local
|
||||
[Definition]
|
||||
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
|
||||
ignoreregex =
|
||||
```
|
||||
|
||||
Add our jail in `/etc/fail2ban/jail.d/gitea.local`:
|
||||
|
||||
```ini
|
||||
[gitea]
|
||||
enabled = true
|
||||
filter = gitea
|
||||
logpath = /var/lib/gitea/log/gitea.log
|
||||
maxretry = 10
|
||||
findtime = 3600
|
||||
bantime = 900
|
||||
action = iptables-allports
|
||||
```
|
||||
|
||||
If you're using Docker, you'll also need to add an additional jail to handle the **FORWARD**
|
||||
chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.local`:
|
||||
|
||||
```ini
|
||||
[gitea-docker]
|
||||
enabled = true
|
||||
filter = gitea
|
||||
logpath = /var/lib/gitea/log/gitea.log
|
||||
maxretry = 10
|
||||
findtime = 3600
|
||||
bantime = 900
|
||||
action = iptables-allports[chain="FORWARD"]
|
||||
```
|
||||
|
||||
Then simply run `service fail2ban restart` to apply your changes. You can check to see if
|
||||
fail2ban has accepted your configuration using `service fail2ban status`.
|
||||
|
||||
Make sure and read up on fail2ban and configure it to your needs, this bans someone
|
||||
for **15 minutes** (from all ports) when they fail authentication 10 times in an hour.
|
||||
|
||||
If you run Gitea behind a reverse proxy with Nginx (for example with Docker), you need to add
|
||||
this to your Nginx configuration so that IPs don't show up as 127.0.0.1:
|
||||
|
||||
```
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
```
|
||||
|
||||
The security options in `app.ini` need to be adjusted to allow the interpretation of the headers
|
||||
as well as the list of IP addresses and networks that describe trusted proxy servers
|
||||
(See the [configuration cheat sheet](../administration/config-cheat-sheet.md#security-security) for more information).
|
||||
|
||||
```
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.1/8 ; 172.17.0.0/16 for the docker default network
|
||||
```
|
||||
@@ -0,0 +1,43 @@
|
||||
---
|
||||
date: "2019-10-06T08:00:00+05:00"
|
||||
slug: "git-lfs-setup"
|
||||
sidebar_position: 12
|
||||
aliases:
|
||||
- /en-us/git-lfs-setup
|
||||
---
|
||||
|
||||
# Git LFS setup
|
||||
|
||||
To use Gitea's built-in LFS support, you must update the `app.ini` file:
|
||||
|
||||
```ini
|
||||
[server]
|
||||
; Enables git-lfs support. true or false, default is false.
|
||||
LFS_START_SERVER = true
|
||||
|
||||
[lfs]
|
||||
; Where your lfs files reside, default is data/lfs.
|
||||
PATH = /home/gitea/data/lfs
|
||||
```
|
||||
|
||||
:::note
|
||||
LFS server support needs at least Git v2.1.2 installed on the server
|
||||
:::
|
||||
|
||||
# Git LFS Pure SSH protocol
|
||||
|
||||
The LFS Pure SSH protocol supports making LFS connections purely over SSH
|
||||
(without having to expose an HTTP endpoint for the Gitea server).
|
||||
Support for it can be enabled with the config option `server.LFS_ALLOW_PURE_SSH`:
|
||||
|
||||
```ini
|
||||
[server]
|
||||
LFS_ALLOW_PURE_SSH = true
|
||||
```
|
||||
|
||||
:::note
|
||||
The option is currently set to default false due to an open bug in the `git-lfs`
|
||||
client that causes SSH transfers to hang: https://github.com/git-lfs/git-lfs/pull/5816
|
||||
This can be worked around on all the client machines by setting the git config:
|
||||
`git config --global lfs.ssh.automultiplex false`
|
||||
:::
|
||||
93
versioned_docs/version-1.25/administration/https-support.md
Normal file
93
versioned_docs/version-1.25/administration/https-support.md
Normal file
@@ -0,0 +1,93 @@
|
||||
---
|
||||
date: "2018-06-02T11:00:00+02:00"
|
||||
slug: "https-setup"
|
||||
sidebar_position: 12
|
||||
aliases:
|
||||
- /en-us/https-setup
|
||||
---
|
||||
|
||||
# HTTPS Setup
|
||||
|
||||
## Using the built-in server
|
||||
|
||||
Before you enable HTTPS, make sure that you have valid SSL/TLS certificates.
|
||||
You could use self-generated certificates for evaluation and testing. Please run `gitea cert --host [HOST]` to generate a self signed certificate.
|
||||
|
||||
If you are using Apache or nginx on the server, it's recommended to check the [reverse proxy guide](./reverse-proxies.md).
|
||||
|
||||
To use Gitea's built-in HTTPS support, you must change your `app.ini` file:
|
||||
|
||||
```ini
|
||||
[server]
|
||||
PROTOCOL = https
|
||||
ROOT_URL = https://git.example.com:3000/
|
||||
HTTP_PORT = 3000
|
||||
CERT_FILE = cert.pem
|
||||
KEY_FILE = key.pem
|
||||
```
|
||||
|
||||
Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to establish the trust relationship.
|
||||
To learn more about the config values, please checkout the [Config Cheat Sheet](./config-cheat-sheet.md#server-server).
|
||||
|
||||
For the `CERT_FILE` or `KEY_FILE` field, the file path is relative to the `GITEA_CUSTOM` environment variable when it is a relative path. It can be an absolute path as well.
|
||||
|
||||
### Setting up HTTP redirection
|
||||
|
||||
The Gitea server is only able to listen to one port; to redirect HTTP requests to the HTTPS port, you will need to enable the HTTP redirection service:
|
||||
|
||||
```ini
|
||||
[server]
|
||||
REDIRECT_OTHER_PORT = true
|
||||
; Port the redirection service should listen on
|
||||
PORT_TO_REDIRECT = 3080
|
||||
```
|
||||
|
||||
If you are using Docker, make sure that this port is configured in your `docker-compose.yml` file.
|
||||
|
||||
## Using ACME (Default: Let's Encrypt)
|
||||
|
||||
[ACME](https://tools.ietf.org/html/rfc8555) is a Certificate Authority standard protocol that allows you to automatically request and renew SSL/TLS certificates. [Let's Encrypt](https://letsencrypt.org/) is a free publicly trusted Certificate Authority server using this standard. Only `HTTP-01` and `TLS-ALPN-01` challenges are implemented. In order for ACME challenges to pass and verify your domain ownership, external traffic to the gitea domain on port `80` (`HTTP-01`) or port `443` (`TLS-ALPN-01`) has to be served by the gitea instance. Setting up [HTTP redirection](#setting-up-http-redirection) and port-forwards might be needed for external traffic to route correctly. Normal traffic to port `80` will otherwise be automatically redirected to HTTPS. **You must consent** to the ACME provider's terms of service (default Let's Encrypt's [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)).
|
||||
|
||||
Minimum setup using the default Let's Encrypt:
|
||||
|
||||
```ini
|
||||
[server]
|
||||
PROTOCOL=https
|
||||
DOMAIN=git.example.com
|
||||
ENABLE_ACME=true
|
||||
ACME_ACCEPTTOS=true
|
||||
ACME_DIRECTORY=https
|
||||
;; Email can be omitted here and provided manually at first run, after which it is cached
|
||||
ACME_EMAIL=email@example.com
|
||||
```
|
||||
|
||||
Minimum setup using a [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.
|
||||
|
||||
```ini
|
||||
[server]
|
||||
PROTOCOL=https
|
||||
DOMAIN=git.example.com
|
||||
ENABLE_ACME=true
|
||||
ACME_ACCEPTTOS=true
|
||||
ACME_URL=https://ca.example.com/acme/acme/directory
|
||||
;; Can be omitted if using the system's trust is preferred
|
||||
;ACME_CA_ROOT=/path/to/root_ca.crt
|
||||
ACME_DIRECTORY=https
|
||||
ACME_EMAIL=email@example.com
|
||||
```
|
||||
|
||||
To learn more about the config values, please checkout the [Config Cheat Sheet](./config-cheat-sheet.md#server-server).
|
||||
|
||||
## Using a reverse proxy
|
||||
|
||||
Setup up your reverse proxy as shown in the [reverse proxy guide](../administration/reverse-proxies.md).
|
||||
|
||||
After that, enable HTTPS by following one of these guides:
|
||||
|
||||
- [nginx](https://nginx.org/en/docs/http/configuring_https_servers.html)
|
||||
- [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)
|
||||
- [caddy](https://caddyserver.com/docs/tls)
|
||||
|
||||
:::note
|
||||
Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepts incoming TLS connections, decrypts the contents, and passes the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network). If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.
|
||||
:::
|
||||
284
versioned_docs/version-1.25/administration/logging-config.md
Normal file
284
versioned_docs/version-1.25/administration/logging-config.md
Normal file
@@ -0,0 +1,284 @@
|
||||
---
|
||||
date: "2019-04-02T17:06:00+01:00"
|
||||
slug: "logging-config"
|
||||
sidebar_position: 40
|
||||
aliases:
|
||||
- /en-us/logging-configuration
|
||||
---
|
||||
|
||||
# Logging Configuration
|
||||
|
||||
The logging configuration of Gitea mainly consists of 3 types of components:
|
||||
|
||||
- The `[log]` section for general configuration
|
||||
- `[log.<mode-name>]` sections for the configuration of different log writers to output logs, aka: "writer mode", the mode name is also used as "writer name".
|
||||
- The `[log]` section can also contain sub-logger configurations following the key schema `logger.<logger-name>.<CONFIG-KEY>`
|
||||
|
||||
There is a fully functional log output by default, so it is not necessary to define one.
|
||||
|
||||
## Collecting Logs for Help
|
||||
|
||||
To collect logs for help and issue report, see [Support Options](help/support.md).
|
||||
|
||||
## The `[log]` section
|
||||
|
||||
Configuration of logging facilities in Gitea happen in the `[log]` section and its subsections.
|
||||
|
||||
In the top level `[log]` section the following configurations can be placed:
|
||||
|
||||
- `ROOT_PATH`: (Default: **%(GITEA_WORK_DIR)/log**): Base path for log files
|
||||
- `MODE`: (Default: **console**) List of log outputs to use for the Default logger.
|
||||
- `LEVEL`: (Default: **Info**) Least severe log events to persist, case-insensitive. Possible values are: `Trace`, `Debug`, `Info`, `Warn`, `Error`, `Fatal`.
|
||||
- `STACKTRACE_LEVEL`: (Default: **None**) For this and more severe events the stacktrace will be printed upon getting logged.
|
||||
|
||||
And it can contain the following sub-loggers:
|
||||
|
||||
- `logger.router.MODE`: (Default: **,**): List of log outputs to use for the Router logger.
|
||||
- `logger.access.MODE`: (Default: **_empty_**) List of log outputs to use for the Access logger. By default, the access logger is disabled.
|
||||
- `logger.xorm.MODE`: (Default: **,**) List of log outputs to use for the XORM logger.
|
||||
|
||||
Setting a comma (`,`) to sub-logger's mode means making it use the default global `MODE`.
|
||||
|
||||
## Quick samples
|
||||
|
||||
### Default (empty) Configuration
|
||||
|
||||
The empty configuration is equivalent to default:
|
||||
|
||||
```ini
|
||||
[log]
|
||||
ROOT_PATH = %(GITEA_WORK_DIR)/log
|
||||
MODE = console
|
||||
LEVEL = Info
|
||||
STACKTRACE_LEVEL = None
|
||||
logger.router.MODE = ,
|
||||
logger.xorm.MODE = ,
|
||||
logger.access.MODE =
|
||||
|
||||
; this is the config options of "console" mode (used by MODE=console above)
|
||||
[log.console]
|
||||
MODE = console
|
||||
FLAGS = stdflags
|
||||
PREFIX =
|
||||
COLORIZE = true
|
||||
```
|
||||
|
||||
This is equivalent to sending all logs to the console, with default Golang log being sent to the console log too.
|
||||
|
||||
This is only a sample, and it is the default, do not need to write it into your configuration file.
|
||||
|
||||
### Disable Router logs and record some access logs to file
|
||||
|
||||
The Router logger is disabled, the access logs (>=Warn) goes into `access.log`:
|
||||
|
||||
```ini
|
||||
[log]
|
||||
logger.router.MODE =
|
||||
logger.access.MODE = access-file
|
||||
|
||||
[log.access-file]
|
||||
MODE = file
|
||||
LEVEL = Warn
|
||||
FILE_NAME = access.log
|
||||
```
|
||||
|
||||
### Set different log levels for different modes
|
||||
|
||||
Default logs (>=Warn) goes into `gitea.log`, while Error logs goes into `file-error.log`:
|
||||
|
||||
```ini
|
||||
[log]
|
||||
LEVEL = Warn
|
||||
MODE = file, file-error
|
||||
|
||||
; by default, the "file" mode will record logs to %(log.ROOT_PATH)/gitea.log, so we don't need to set it
|
||||
; [log.file]
|
||||
; by default, the MODE (actually it's the output writer of this logger) is taken from the section name, so we don't need to set it either
|
||||
; MODE = file
|
||||
|
||||
[log.file-error]
|
||||
MODE = file
|
||||
LEVEL = Error
|
||||
FILE_NAME = file-error.log
|
||||
```
|
||||
|
||||
## Log outputs (mode and writer)
|
||||
|
||||
Gitea provides the following log output writers:
|
||||
|
||||
- `console` - Log to `stdout` (or `stderr` if it is set in the config)
|
||||
- `file` - Log to a file
|
||||
- `conn` - Log to a socket (network or unix)
|
||||
|
||||
### Common configuration
|
||||
|
||||
Certain configuration is common to all modes of log output:
|
||||
|
||||
- `MODE` is the mode of the log output writer. It will default to the mode name in the ini section. Thus `[log.console]` will default to `MODE = console`.
|
||||
- `LEVEL` is the lowest level that this output will log.
|
||||
- `STACKTRACE_LEVEL` is the lowest level that this output will print a stacktrace.
|
||||
- `COLORIZE` will default to `true` for `console` as described, otherwise it will default to `false`.
|
||||
|
||||
#### `EXPRESSION`
|
||||
|
||||
`EXPRESSION` represents a regular expression that log events must match to be logged by the output writer.
|
||||
Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match.
|
||||
NB: the whole message or string doesn't need to completely match.
|
||||
|
||||
Please note this expression will be run in the writer's goroutine but not the logging event goroutine.
|
||||
|
||||
#### `FLAGS`
|
||||
|
||||
`FLAGS` represents the preceding logging context information that is
|
||||
printed before each message. It is a comma-separated string set. The order of values does not matter.
|
||||
|
||||
It defaults to `stdflags` (= `date,time,medfile,shortfuncname,levelinitial`)
|
||||
|
||||
Possible values are:
|
||||
|
||||
- `none` or `,` - No flags.
|
||||
- `date` - the date in the local time zone: `2009/01/23`.
|
||||
- `time` - the time in the local time zone: `01:23:23`.
|
||||
- `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes time.
|
||||
- `longfile` - full file name and line number: `/a/b/c/d.go:23`.
|
||||
- `shortfile` - final file name element and line number: `d.go:23`.
|
||||
- `funcname` - function name of the caller: `runtime.Caller()`.
|
||||
- `shortfuncname` - last part of the function name. Overrides `funcname`.
|
||||
- `utc` - if date or time is set, use UTC rather than the local time zone.
|
||||
- `levelinitial` - initial character of the provided level in brackets eg. `[I]` for info.
|
||||
- `level` - level in brackets `[INFO]`.
|
||||
- `gopid` - the Goroutine-PID of the context.
|
||||
- `medfile` - last 20 characters of the filename - equivalent to `shortfile,longfile`.
|
||||
- `stdflags` - equivalent to `date,time,medfile,shortfuncname,levelinitial`.
|
||||
|
||||
### Console mode
|
||||
|
||||
In this mode the logger will forward log messages to the stdout and
|
||||
stderr streams attached to the Gitea process.
|
||||
|
||||
For loggers in console mode, `COLORIZE` will default to `true` if not
|
||||
on windows, or the Windows terminal can be set into ANSI mode or is a
|
||||
cygwin or Msys pipe.
|
||||
|
||||
Settings:
|
||||
|
||||
- `STDERR`: **false**: Whether the logger should print to `stderr` instead of `stdout`.
|
||||
|
||||
### File mode
|
||||
|
||||
In this mode the logger will save log messages to a file.
|
||||
|
||||
Settings:
|
||||
|
||||
- `FILE_NAME`: The file to write the log events to, relative to `ROOT_PATH`, Default to `%(ROOT_PATH)/gitea.log`. Exception: access log will default to `%(ROOT_PATH)/access.log`.
|
||||
- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file. 28 represents 256Mb. For details see below.
|
||||
- `LOG_ROTATE` **true**: Whether to rotate the log files. TODO: if false, will it delete instead on daily rotate, or do nothing?.
|
||||
- `DAILY_ROTATE`: **true**: Whether to rotate logs daily.
|
||||
- `MAX_DAYS`: **7**: Delete rotated log files after this number of days.
|
||||
- `COMPRESS`: **true**: Whether to compress old log files by default with gzip.
|
||||
- `COMPRESSION_LEVEL`: **-1**: Compression level. For details see below.
|
||||
|
||||
`MAX_SIZE_SHIFT` defines the maximum size of a file by left shifting 1 the given number of times (`1 << x`).
|
||||
The exact behavior at the time of v1.17.3 can be seen [here](https://github.com/go-gitea/gitea/blob/v1.17.3/modules/setting/log.go#L185).
|
||||
|
||||
The useful values of `COMPRESSION_LEVEL` are from 1 (best speed) to 9 (best compression). [DefaultCompression](https://pkg.go.dev/compress/gzip#pkg-constants) (-1) and [HuffmanOnly](https://pkg.go.dev/compress/flate#HuffmanOnly) (-2) can also be chosen.
|
||||
Beware that better compression might come with higher resource usage.
|
||||
|
||||
### Conn mode
|
||||
|
||||
In this mode the logger will send log messages over a network socket.
|
||||
|
||||
Settings:
|
||||
|
||||
- `ADDR`: **:7020**: Sets the address to connect to.
|
||||
- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
|
||||
- `RECONNECT`: **false**: Try to reconnect when connection is lost.
|
||||
- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
|
||||
|
||||
### The "Router" logger
|
||||
|
||||
The Router logger logs the following message types when Gitea's route handlers work:
|
||||
|
||||
- `started` messages will be logged at TRACE level
|
||||
- `polling`/`completed` routers will be logged at INFO. Exception: "/assets" static resource requests are also logged at TRACE.
|
||||
- `slow` routers will be logged at WARN
|
||||
- `failed` routers will be logged at WARN
|
||||
|
||||
### The "XORM" logger
|
||||
|
||||
To make XORM outputs SQL logs, the `LOG_SQL` in `[database]` section should also be set to `true`.
|
||||
|
||||
### The "Access" logger
|
||||
|
||||
The Access logger is a new logger since Gitea 1.9. It provides a NCSA
|
||||
Common Log compliant log format. It's highly configurable but caution
|
||||
should be taken when changing its template. The main benefit of this
|
||||
logger is that Gitea can now log accesses in a standard log format so
|
||||
standard tools may be used.
|
||||
|
||||
You can enable this logger using `logger.access.MODE = ...`.
|
||||
|
||||
If desired the format of the Access logger can be changed by changing
|
||||
the value of the `ACCESS_LOG_TEMPLATE`.
|
||||
|
||||
Please note, the access logger will log at `INFO` level, setting the
|
||||
`LEVEL` of this logger to `WARN` or above will result in no access logs.
|
||||
|
||||
#### The ACCESS_LOG_TEMPLATE
|
||||
|
||||
This value represents a go template. Its default value is
|
||||
|
||||
```tmpl
|
||||
{{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"`
|
||||
```
|
||||
|
||||
The template is passed following options:
|
||||
|
||||
- `Ctx` is the `context.Context`
|
||||
- `Identity` is the `SignedUserName` or `"-"` if the user is not logged in
|
||||
- `Start` is the start time of the request
|
||||
- `ResponseWriter` is the `http.ResponseWriter`
|
||||
|
||||
Caution must be taken when changing this template as it runs outside of
|
||||
the standard panic recovery trap. The template should also be as simple
|
||||
as it runs for every request.
|
||||
|
||||
## Releasing-and-Reopening, Pausing and Resuming logging
|
||||
|
||||
If you are running on Unix you may wish to release-and-reopen logs in order to use `logrotate` or other tools.
|
||||
It is possible force Gitea to release and reopen it's logging files and connections by sending `SIGUSR1` to the
|
||||
running process, or running `gitea manager logging release-and-reopen`.
|
||||
|
||||
Alternatively, you may wish to pause and resume logging - this can be accomplished through the use of the
|
||||
`gitea manager logging pause` and `gitea manager logging resume` commands. Please note that whilst logging
|
||||
is paused log events below INFO level will not be stored and only a limited number of events will be stored.
|
||||
Logging may block, albeit temporarily, slowing Gitea considerably whilst paused - therefore it is
|
||||
recommended that pausing only done for a very short period of time.
|
||||
|
||||
## Adding and removing logging whilst Gitea is running
|
||||
|
||||
It is possible to add and remove logging whilst Gitea is running using the `gitea manager logging add` and `remove` subcommands.
|
||||
This functionality can only adjust running log systems and cannot be used to start the access or router loggers if they
|
||||
were not already initialized. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
|
||||
the Gitea service.
|
||||
|
||||
The main intention of these commands is to easily add a temporary logger to investigate problems on running systems where a restart
|
||||
may cause the issue to disappear.
|
||||
|
||||
## Using `logrotate` instead of built-in log rotation
|
||||
|
||||
Gitea includes built-in log rotation, which should be enough for most deployments. However, if you instead want to use the `logrotate` utility:
|
||||
|
||||
- Disable built-in log rotation by setting `LOG_ROTATE` to `false` in your `app.ini`.
|
||||
- Install `logrotate`.
|
||||
- Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details.
|
||||
In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10` to the `gitea` process itself,
|
||||
or run `gitea manager logging release-and-reopen` (with the appropriate environment).
|
||||
Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
|
||||
- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations.
|
||||
- If you are using docker and are running from outside the container you can use
|
||||
`docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'`
|
||||
or `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'` or send `USR1` directly to the Gitea process itself.
|
||||
|
||||
The next `logrotate` jobs will include your configurations, so no restart is needed.
|
||||
You can also immediately reload `logrotate` with `logrotate /etc/logrotate.conf --force`.
|
||||
269
versioned_docs/version-1.25/administration/mail-templates.md
Normal file
269
versioned_docs/version-1.25/administration/mail-templates.md
Normal file
@@ -0,0 +1,269 @@
|
||||
---
|
||||
date: "2019-10-23T17:00:00-03:00"
|
||||
slug: "mail-templates"
|
||||
sidebar_position: 45
|
||||
aliases:
|
||||
- /en-us/mail-templates
|
||||
---
|
||||
|
||||
# Mail templates
|
||||
|
||||
To craft the e-mail subject and contents for certain operations, Gitea can be customized by using templates. The templates
|
||||
for these functions are located under the [`custom` directory](../administration/customizing-gitea.md).
|
||||
Gitea has an internal template that serves as default in case there's no custom alternative.
|
||||
|
||||
Custom templates are loaded when Gitea starts. Changes made to them are not recognized until Gitea is restarted again.
|
||||
|
||||
## Mail notifications supporting templates
|
||||
|
||||
Currently, the following notification events make use of templates:
|
||||
|
||||
| Action name | Usage |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------ |
|
||||
| `new` | A new issue or pull request was created. |
|
||||
| `comment` | A new comment was created in an existing issue or pull request. |
|
||||
| `close` | An issue or pull request was closed. |
|
||||
| `reopen` | An issue or pull request was reopened. |
|
||||
| `review` | The head comment of a review in a pull request. |
|
||||
| `approve` | The head comment of a approving review for a pull request. |
|
||||
| `reject` | The head comment of a review requesting changes for a pull request. |
|
||||
| `code` | A single comment on the code of a pull request. |
|
||||
| `assigned` | User was assigned to an issue or pull request. |
|
||||
| `default` | Any action not included in the above categories, or when the corresponding category template is not present. |
|
||||
|
||||
The path for the template of a particular message type is:
|
||||
|
||||
```sh
|
||||
custom/templates/mail/{action type}/{action name}.tmpl
|
||||
```
|
||||
|
||||
Where `{action type}` is one of `issue` or `pull` (for pull requests), and `{action name}` is one of the names listed above.
|
||||
|
||||
For example, the specific template for a mail regarding a comment in a pull request is:
|
||||
|
||||
```sh
|
||||
custom/templates/mail/pull/comment.tmpl
|
||||
```
|
||||
|
||||
However, creating templates for each and every action type/name combination is not required.
|
||||
A fallback system is used to choose the appropriate template for an event. The _first existing_
|
||||
template on this list is used:
|
||||
|
||||
- The specific template for the desired **action type** and **action name**.
|
||||
- The template for action type `issue` and the desired **action name**.
|
||||
- The template for the desired **action type**, action name `default`.
|
||||
- The template for action type `issue`, action name `default`.
|
||||
|
||||
The only mandatory template is action type `issue`, action name `default`, which is already embedded in Gitea
|
||||
unless it's overridden by the user in the `custom` directory.
|
||||
|
||||
## Template syntax
|
||||
|
||||
Mail templates are UTF-8 encoded text files that need to follow one of the following formats:
|
||||
|
||||
```
|
||||
Text and macros for the subject line
|
||||
------------
|
||||
Text and macros for the mail body
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```
|
||||
Text and macros for the mail body
|
||||
```
|
||||
|
||||
Specifying a _subject_ section is optional (and therefore also the dash line separator). When used, the separator between
|
||||
_subject_ and _mail body_ templates requires at least three dashes; no other characters are allowed in the separator line.
|
||||
|
||||
_Subject_ and _mail body_ are parsed by [Golang's template engine](https://go.dev/pkg/text/template/) and
|
||||
are provided with a _metadata context_ assembled for each notification. The context contains the following elements:
|
||||
|
||||
| Name | Type | Available | Usage |
|
||||
| ------------------ | ---------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `.FallbackSubject` | string | Always | A default subject line. See Below. |
|
||||
| `.Subject` | string | Only in body | The _subject_, once resolved. |
|
||||
| `.Body` | string | Always | The message of the issue, pull request or comment, parsed from Markdown into HTML and sanitized. Do not confuse with the _mail body_. |
|
||||
| `.Link` | string | Always | The address of the originating issue, pull request or comment. |
|
||||
| `.Issue` | models.Issue | Always | The issue (or pull request) originating the notification. To get data specific to a pull request (e.g. `HasMerged`), `.Issue.PullRequest` can be used, but care should be taken as this field will be `nil` if the issue is _not_ a pull request. |
|
||||
| `.Comment` | models.Comment | If applicable | If the notification is from a comment added to an issue or pull request, this will contain the information about the comment. |
|
||||
| `.IsPull` | bool | Always | `true` if the mail notification is associated with a pull request (i.e. `.Issue.PullRequest` is not `nil`). |
|
||||
| `.Repo` | string | Always | Name of the repository, including owner name (e.g. `mike/stuff`) |
|
||||
| `.User` | models.User | Always | Owner of the repository from which the event originated. To get the user name (e.g. `mike`),`.User.Name` can be used. |
|
||||
| `.Doer` | models.User | Always | User that executed the action triggering the notification event. To get the user name (e.g. `rhonda`), `.Doer.Name` can be used. |
|
||||
| `.IsMention` | bool | Always | `true` if this notification was only generated because the user was mentioned in the comment, while not being subscribed to the source. It will be `false` if the recipient was subscribed to the issue or repository. |
|
||||
| `.SubjectPrefix` | string | Always | `Re: ` if the notification is about other than issue or pull request creation; otherwise an empty string. |
|
||||
| `.ActionType` | string | Always | `"issue"` or `"pull"`. Will correspond to the actual _action type_ independently of which template was selected. |
|
||||
| `.ActionName` | string | Always | It will be one of the action types described above (`new`, `comment`, etc.), and will correspond to the actual _action name_ independently of which template was selected. |
|
||||
| `.ReviewComments` | []models.Comment | Always | List of code comments in a review. The comment text will be in `.RenderedContent` and the referenced code will be in `.Patch`. |
|
||||
|
||||
All names are case sensitive.
|
||||
|
||||
### The _subject_ part of the template
|
||||
|
||||
The template engine used for the mail _subject_ is golang's [`text/template`](https://go.dev/pkg/text/template/).
|
||||
Please refer to the linked documentation for details about its syntax.
|
||||
|
||||
The _subject_ is built using the following steps:
|
||||
|
||||
- A template is selected according to the type of notification and to what templates are present.
|
||||
- The template is parsed and resolved (e.g. `{{.Issue.Index}}` is converted to the number of the issue
|
||||
or pull request).
|
||||
- All space-like characters (e.g. `TAB`, `LF`, etc.) are converted to normal spaces.
|
||||
- All leading, trailing and redundant spaces are removed.
|
||||
- The string is truncated to its first 256 runes (characters).
|
||||
|
||||
If the end result is an empty string, **or** no subject template was available (i.e. the selected template
|
||||
did not include a subject part), Gitea's **internal default** will be used.
|
||||
|
||||
The internal default (fallback) subject is the equivalent of:
|
||||
|
||||
```sh
|
||||
{{.SubjectPrefix}}[{{.Repo}}] {{.Issue.Title}} (#{{.Issue.Index}})
|
||||
```
|
||||
|
||||
For example: `Re: [mike/stuff] New color palette (#38)`
|
||||
|
||||
Gitea's default subject can also be found in the template _metadata_ as `.FallbackSubject` from any of
|
||||
the two templates, even if a valid subject template is present.
|
||||
|
||||
### The _mail body_ part of the template
|
||||
|
||||
The template engine used for the _mail body_ is golang's [`html/template`](https://go.dev/pkg/html/template/).
|
||||
Please refer to the linked documentation for details about its syntax.
|
||||
|
||||
The _mail body_ is parsed after the mail subject, so there is an additional _metadata_ field which is
|
||||
the actual rendered subject, after all considerations.
|
||||
|
||||
The expected result is HTML (including structural elements like`<html>`, `<body>`, etc.). Styling
|
||||
through `<style>` blocks, `class` and `style` attributes is possible. However, `html/template`
|
||||
does some [automatic escaping](https://go.dev/pkg/html/template/#hdr-Contexts) that should be considered.
|
||||
|
||||
Attachments (such as images or external style sheets) are not supported. However, other templates can
|
||||
be referenced too, for example to provide the contents of a `<style>` element in a centralized fashion.
|
||||
The external template must be placed under `custom/mail` and referenced relative to that directory.
|
||||
For example, `custom/mail/styles/base.tmpl` can be included using `{{template styles/base}}`.
|
||||
|
||||
The mail is sent with `Content-Type: multipart/alternative`, so the body is sent in both HTML
|
||||
and text formats. The latter is obtained by stripping the HTML markup.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
How a mail is rendered is directly dependent on the capabilities of the mail application. Many mail
|
||||
clients don't even support HTML, so they show the text version included in the generated mail.
|
||||
|
||||
If the template fails to render, it will be noticed only at the moment the mail is sent.
|
||||
A default subject is used if the subject template fails, and whatever was rendered successfully
|
||||
from the _mail body_ is used, disregarding the rest.
|
||||
|
||||
Please check [Gitea's logs](../administration/logging-config.md) for error messages in case of trouble.
|
||||
|
||||
## Example
|
||||
|
||||
`custom/templates/mail/issue/default.tmpl`:
|
||||
|
||||
```html
|
||||
[{{.Repo}}] @{{.Doer.Name}}
|
||||
{{if eq .ActionName "new"}}
|
||||
created
|
||||
{{else if eq .ActionName "comment"}}
|
||||
commented on
|
||||
{{else if eq .ActionName "close"}}
|
||||
closed
|
||||
{{else if eq .ActionName "reopen"}}
|
||||
reopened
|
||||
{{else}}
|
||||
updated
|
||||
{{end}}
|
||||
{{if eq .ActionType "issue"}}
|
||||
issue
|
||||
{{else}}
|
||||
pull request
|
||||
{{end}}
|
||||
#{{.Issue.Index}}: {{.Issue.Title}}
|
||||
------------
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>{{.Subject}}</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
{{if .IsMention}}
|
||||
<p>
|
||||
You are receiving this because @{{.Doer.Name}} mentioned you.
|
||||
</p>
|
||||
{{end}}
|
||||
<p>
|
||||
<p>
|
||||
<a href="{{AppUrl}}/{{.Doer.LowerName}}">@{{.Doer.Name}}</a>
|
||||
{{if not (eq .Doer.FullName "")}}
|
||||
({{.Doer.FullName}})
|
||||
{{end}}
|
||||
{{if eq .ActionName "new"}}
|
||||
created
|
||||
{{else if eq .ActionName "close"}}
|
||||
closed
|
||||
{{else if eq .ActionName "reopen"}}
|
||||
reopened
|
||||
{{else}}
|
||||
updated
|
||||
{{end}}
|
||||
<a href="{{.Link}}">{{.Repo}}#{{.Issue.Index}}</a>.
|
||||
</p>
|
||||
{{if not (eq .Body "")}}
|
||||
<h3>Message content</h3>
|
||||
<hr>
|
||||
{{.Body}}
|
||||
{{end}}
|
||||
</p>
|
||||
<hr>
|
||||
<p>
|
||||
<a href="{{.Link}}">View it on Gitea</a>.
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
```
|
||||
|
||||
This template produces something along these lines:
|
||||
|
||||
### Subject
|
||||
|
||||
> [mike/stuff] @rhonda commented on pull request #38: New color palette
|
||||
|
||||
### Mail body
|
||||
|
||||
> [@rhonda](#) (Rhonda Myers) updated [mike/stuff#38](#).
|
||||
>
|
||||
> #### Message content
|
||||
>
|
||||
> \_********************************\_********************************
|
||||
>
|
||||
> Mike, I think we should tone down the blues a little.
|
||||
> \_********************************\_********************************
|
||||
>
|
||||
> [View it on Gitea](#).
|
||||
|
||||
## Advanced
|
||||
|
||||
The template system contains several functions that can be used to further process and format
|
||||
the messages. Here's a list of some of them:
|
||||
|
||||
| Name | Parameters | Available | Usage |
|
||||
| ---------------- | ----------- | --------- | ------------------------------------------------------------------- |
|
||||
| `AppUrl` | - | Any | Gitea's URL |
|
||||
| `AppName` | - | Any | Set from `app.ini`, usually "Gitea" |
|
||||
| `AppDomain` | - | Any | Gitea's host name |
|
||||
| `EllipsisString` | string, int | Any | Truncates a string to the specified length; adds ellipsis as needed |
|
||||
| `SanitizeHTML` | string | Body only | Sanitizes text by removing any dangerous HTML tags from it |
|
||||
| `SafeHTML` | string | Body only | Takes the input as HTML, can be used for outputing raw HTML content |
|
||||
|
||||
These are _functions_, not metadata, so they have to be used:
|
||||
|
||||
```html
|
||||
Like this: {{SanitizeHTML "Escape<my>text"}}
|
||||
Or this: {{"Escape<my>text" | SanitizeHTML}}
|
||||
Or this: {{AppUrl}}
|
||||
But not like this: {{.AppUrl}}
|
||||
```
|
||||
56
versioned_docs/version-1.25/administration/repo-indexer.md
Normal file
56
versioned_docs/version-1.25/administration/repo-indexer.md
Normal file
@@ -0,0 +1,56 @@
|
||||
---
|
||||
date: "2019-09-06T01:35:00-03:00"
|
||||
slug: "repo-indexer"
|
||||
sidebar_position: 45
|
||||
aliases:
|
||||
- /en-us/repo-indexer
|
||||
---
|
||||
|
||||
# Repository indexer
|
||||
|
||||
## Builtin repository code search without indexer
|
||||
|
||||
Users could do repository-level code search without setting up a repository indexer.
|
||||
The builtin code search is based on the `git grep` command, which is fast and efficient for small repositories.
|
||||
Better code search support could be achieved by setting up the repository indexer.
|
||||
|
||||
## Setting up the repository indexer
|
||||
|
||||
Gitea can search through the files of the repositories by enabling this function in your [`app.ini`](../administration/config-cheat-sheet.md):
|
||||
|
||||
```ini
|
||||
[indexer]
|
||||
; ...
|
||||
REPO_INDEXER_ENABLED = true
|
||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
||||
MAX_FILE_SIZE = 1048576
|
||||
REPO_INDEXER_INCLUDE =
|
||||
REPO_INDEXER_EXCLUDE = resources/bin/**
|
||||
```
|
||||
|
||||
Please bear in mind that indexing the contents can consume a lot of system resources, especially when the index is created for the first time or globally updated (e.g. after upgrading Gitea).
|
||||
|
||||
### Choosing the files for indexing by size
|
||||
|
||||
The `MAX_FILE_SIZE` option will make the indexer skip all files larger than the specified value.
|
||||
|
||||
### Choosing the files for indexing by path
|
||||
|
||||
Gitea applies glob pattern matching from the [`gobwas/glob` library](https://github.com/gobwas/glob) to choose which files will be included in the index.
|
||||
|
||||
Limiting the list of files prevents the indexes from becoming polluted with derived or irrelevant files (e.g. lss, sym, map, etc.), so the search results are more relevant. It can also help reduce the index size.
|
||||
|
||||
`REPO_INDEXER_EXCLUDE_VENDORED` (default: true) excludes vendored files from index.
|
||||
|
||||
`REPO_INDEXER_INCLUDE` (default: empty) is a comma separated list of glob patterns to **include** in the index. An empty list means "_include all files_".
|
||||
`REPO_INDEXER_EXCLUDE` (default: empty) is a comma separated list of glob patterns to **exclude** from the index. Files that match this list will not be indexed. `REPO_INDEXER_EXCLUDE` takes precedence over `REPO_INDEXER_INCLUDE`.
|
||||
|
||||
Pattern matching works as follows:
|
||||
|
||||
- To match all files with a `.txt` extension no matter what directory, use `**.txt`.
|
||||
- To match all files with a `.txt` extension _only at the root level of the repository_, use `*.txt`.
|
||||
- To match all files inside `resources/bin` and below, use `resources/bin/**`.
|
||||
- To match all files _immediately inside_ `resources/bin`, use `resources/bin/*`.
|
||||
- To match all files named `Makefile`, use `**Makefile`.
|
||||
- Matching a directory has no effect; the pattern `resources/bin` will not include/exclude files inside that directory; `resources/bin/**` will.
|
||||
- All files and patterns are normalized to lower case, so `**Makefile`, `**makefile` and `**MAKEFILE` are equivalent.
|
||||
404
versioned_docs/version-1.25/administration/reverse-proxies.md
Normal file
404
versioned_docs/version-1.25/administration/reverse-proxies.md
Normal file
@@ -0,0 +1,404 @@
|
||||
---
|
||||
date: "2018-05-22T11:00:00+00:00"
|
||||
slug: "reverse-proxies"
|
||||
sidebar_position: 16
|
||||
aliases:
|
||||
- /en-us/reverse-proxies
|
||||
---
|
||||
|
||||
# Reverse Proxies
|
||||
|
||||
## General configuration
|
||||
|
||||
1. Set `[server] ROOT_URL = https://git.example.com/` in your `app.ini` file.
|
||||
2. Make the reverse-proxy pass `https://git.example.com/foo` to `http://gitea:3000/foo`.
|
||||
3. Make sure the reverse-proxy does not decode the URI. The request `https://git.example.com/a%2Fb` should be passed as `http://gitea:3000/a%2Fb`.
|
||||
4. Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea to make Gitea see the real URL being visited.
|
||||
5. Make sure your webserver has a certificate, including all intermediate and RootCA certificates, for `git clone` and `git pull` to work.
|
||||
|
||||
### Use a sub-path
|
||||
|
||||
Usually it's **not recommended** to put Gitea in a sub-path, it's not widely used and may have some issues in rare cases.
|
||||
|
||||
To make Gitea work with a sub-path (eg: `https://common.example.com/gitea/`),
|
||||
there are some extra requirements besides the general configuration above:
|
||||
|
||||
1. Use `[server] ROOT_URL = https://common.example.com/gitea/` in your `app.ini` file.
|
||||
2. Make the reverse-proxy pass `https://common.example.com/gitea/foo` to `http://gitea:3000/foo`.
|
||||
3. The container registry requires a fixed sub-path `/v2` at the root level which must be configured:
|
||||
- Make the reverse-proxy pass `https://common.example.com/v2` to `http://gitea:3000/v2`.
|
||||
- Make sure the URI and headers are also correctly passed (see the general configuration above).
|
||||
|
||||
## Nginx
|
||||
|
||||
If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`.
|
||||
|
||||
Make sure `client_max_body_size` is large enough, otherwise there would be "413 Request Entity Too Large" error when uploading large files.
|
||||
|
||||
```nginx
|
||||
server {
|
||||
...
|
||||
location / {
|
||||
client_max_body_size 512M;
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Nginx with a sub-path
|
||||
|
||||
In case you already have a site, and you want Gitea to share the domain name,
|
||||
you can setup Nginx to serve Gitea under a sub-path by adding the following `server` section
|
||||
into the `http` section of `nginx.conf`:
|
||||
|
||||
```nginx
|
||||
server {
|
||||
...
|
||||
location ~ ^/(gitea|v2)($|/) {
|
||||
client_max_body_size 512M;
|
||||
|
||||
# make nginx use unescaped URI, keep "%2F" as-is, remove the "/gitea" sub-path prefix, pass "/v2" as-is.
|
||||
rewrite ^ $request_uri;
|
||||
rewrite ^/(gitea($|/))?(.*) /$3 break;
|
||||
proxy_pass http://127.0.0.1:3000$uri;
|
||||
|
||||
# other common HTTP headers, see the "Nginx" config section above
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/gitea/` correctly in your configuration.
|
||||
|
||||
## Nginx and serve static resources directly
|
||||
|
||||
We can tune the performance in splitting requests into categories static and dynamic.
|
||||
|
||||
CSS files, JavaScript files, images and web fonts are static content.
|
||||
The front page, a repository view or issue list is dynamic content.
|
||||
|
||||
Nginx can serve static resources directly and proxy only the dynamic requests to Gitea.
|
||||
Nginx is optimized for serving static content, while the proxying of large responses might be the opposite of that
|
||||
(see [https://serverfault.com/q/587386](https://serverfault.com/q/587386)).
|
||||
|
||||
Download a snapshot of the Gitea source repository to `/path/to/gitea/`.
|
||||
After this, run `make frontend` in the repository directory to generate the static resources. We are only interested in the `public/` directory for this task, so you can delete the rest.
|
||||
(You will need to have [Node with npm](https://nodejs.org/en/download/) and `make` installed to generate the static resources)
|
||||
|
||||
Depending on the scale of your user base, you might want to split the traffic to two distinct servers,
|
||||
or use a cdn for the static files.
|
||||
|
||||
### Single node and single domain
|
||||
|
||||
Set `[server] STATIC_URL_PREFIX = /_/static` in your configuration.
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 80;
|
||||
server_name git.example.com;
|
||||
|
||||
location /_/static/assets/ {
|
||||
alias /path/to/gitea/public/;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Two nodes and two domains
|
||||
|
||||
Set `[server] STATIC_URL_PREFIX = http://cdn.example.com/gitea` in your configuration.
|
||||
|
||||
```nginx
|
||||
# application server running Gitea
|
||||
server {
|
||||
listen 80;
|
||||
server_name git.example.com;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
```nginx
|
||||
# static content delivery server
|
||||
server {
|
||||
listen 80;
|
||||
server_name cdn.example.com;
|
||||
|
||||
location /gitea/ {
|
||||
alias /path/to/gitea/public/;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Nginx Proxy Manager
|
||||
|
||||
If you are using Nginx Proxy Manager to serve your Gitea instance it differs slighly from the raw Nginx.
|
||||
|
||||
It is [adding some directives](https://github.com/NginxProxyManager/nginx-proxy-manager/blob/master/docker/rootfs/etc/nginx/conf.d/include/proxy.conf) for a custom location by default, so you have to skip these from the above mentioned Nginx config. Otherwise Nginx will produce `400 bad request` error due to duplicated directives (`proxy_set_header Host $host` is the particularly problematic one).
|
||||
|
||||
So while creating the `/` Custom location, just add the following lines to it's configuration:
|
||||
|
||||
```nginx
|
||||
client_max_body_size 512M;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
```
|
||||
|
||||
## Apache HTTPD
|
||||
|
||||
If you want Apache HTTPD to serve your Gitea instance, you can add the following to your Apache HTTPD configuration (usually located at `/etc/apache2/httpd.conf` in Ubuntu):
|
||||
|
||||
```apacheconf
|
||||
<VirtualHost *:80>
|
||||
...
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests off
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://localhost:3000/ nocanon
|
||||
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
:::note
|
||||
The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`.
|
||||
:::
|
||||
|
||||
If you wish to use Let's Encrypt with webroot validation, add the line `ProxyPass /.well-known !` before `ProxyPass` to disable proxying these requests to Gitea.
|
||||
|
||||
## Apache HTTPD with a sub-path
|
||||
|
||||
In case you already have a site, and you want Gitea to share the domain name, you can setup Apache HTTPD to serve Gitea under a sub-path by adding the following to you Apache HTTPD configuration (usually located at `/etc/apache2/httpd.conf` in Ubuntu):
|
||||
|
||||
```apacheconf
|
||||
<VirtualHost *:80>
|
||||
...
|
||||
<Proxy *>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Proxy>
|
||||
AllowEncodedSlashes NoDecode
|
||||
# Note: no trailing slash after either /git or port
|
||||
ProxyPass /git http://localhost:3000 nocanon
|
||||
ProxyPreserveHost On
|
||||
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
|
||||
</VirtualHost>
|
||||
```
|
||||
|
||||
Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/git/` correctly in your configuration.
|
||||
|
||||
:::note
|
||||
The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`.
|
||||
:::
|
||||
|
||||
## Caddy
|
||||
|
||||
If you want Caddy to serve your Gitea instance, you can add the following server block to your Caddyfile:
|
||||
|
||||
```
|
||||
git.example.com {
|
||||
reverse_proxy localhost:3000
|
||||
}
|
||||
```
|
||||
|
||||
## Caddy with a sub-path
|
||||
|
||||
In case you already have a site, and you want Gitea to share the domain name, you can setup Caddy to serve Gitea under a sub-path by adding the following to your server block in your Caddyfile:
|
||||
|
||||
```
|
||||
git.example.com {
|
||||
route /git/* {
|
||||
uri strip_prefix /git
|
||||
reverse_proxy localhost:3000
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Then set `[server] ROOT_URL = http://git.example.com/git/` in your configuration.
|
||||
|
||||
## IIS
|
||||
|
||||
If you wish to run Gitea with IIS. You will need to setup IIS with URL Rewrite as reverse proxy.
|
||||
|
||||
1. Setup an empty website in IIS, named let's say, `Gitea Proxy`.
|
||||
2. Follow the first two steps in [Microsoft's Technical Community Guide to Setup IIS with URL Rewrite](https://techcommunity.microsoft.com/t5/iis-support-blog/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world/ba-p/846222#M343). That is:
|
||||
|
||||
- Install Application Request Routing (ARR for short) either by using the Microsoft Web Platform Installer 5.1 (WebPI) or downloading the extension from [IIS.net](https://www.iis.net/downloads/microsoft/application-request-routing)
|
||||
- Once the module is installed in IIS, you will see a new Icon in the IIS Administration Console called URL Rewrite.
|
||||
- Open the IIS Manager Console and click on the `Gitea Proxy` Website from the tree view on the left. Select and double click the URL Rewrite Icon from the middle pane to load the URL Rewrite interface.
|
||||
- Choose the `Add Rule` action from the right pane of the management console and select the `Reverse Proxy Rule` from the `Inbound and Outbound Rules` category.
|
||||
- In the Inbound Rules section, set the server name to be the host that Gitea is running on with its port. e.g. if you are running Gitea on the localhost with port 3000, the following should work: `127.0.0.1:3000`
|
||||
- Enable SSL Offloading
|
||||
- In the Outbound Rules, ensure `Rewrite the domain names of the links in HTTP response` is set and set the `From:` field as above and the `To:` to your external hostname, say: `git.example.com`
|
||||
- Now edit the `web.config` for your website to match the following: (changing `127.0.0.1:3000` and `git.example.com` as appropriate)
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.web>
|
||||
<httpRuntime requestPathInvalidCharacters="" />
|
||||
</system.web>
|
||||
<system.webServer>
|
||||
<security>
|
||||
<requestFiltering>
|
||||
<hiddenSegments>
|
||||
<clear />
|
||||
</hiddenSegments>
|
||||
<denyUrlSequences>
|
||||
<clear />
|
||||
</denyUrlSequences>
|
||||
<fileExtensions allowUnlisted="true">
|
||||
<clear />
|
||||
</fileExtensions>
|
||||
</requestFiltering>
|
||||
</security>
|
||||
<rewrite>
|
||||
<rules useOriginalURLEncoding="false">
|
||||
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<action type="Rewrite" url="http://127.0.0.1:3000{UNENCODED_URL}" />
|
||||
<serverVariables>
|
||||
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="HTTP_ACCEPT_ENCODING" />
|
||||
<set name="HTTP_ACCEPT_ENCODING" value="" />
|
||||
</serverVariables>
|
||||
</rule>
|
||||
</rules>
|
||||
<outboundRules>
|
||||
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
|
||||
<!-- set the pattern correctly here - if you only want to accept http or https -->
|
||||
<!-- change the pattern and the action value as appropriate -->
|
||||
<match filterByTags="A, Form, Img" pattern="^http(s)?://127.0.0.1:3000/(.*)" />
|
||||
<action type="Rewrite" value="http{R:1}://git.example.com/{R:2}" />
|
||||
</rule>
|
||||
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
|
||||
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
|
||||
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
|
||||
</rule>
|
||||
<preConditions>
|
||||
<preCondition name="ResponseIsHtml1">
|
||||
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
|
||||
</preCondition>
|
||||
<preCondition name="NeedsRestoringAcceptEncoding">
|
||||
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
|
||||
</preCondition>
|
||||
</preConditions>
|
||||
</outboundRules>
|
||||
</rewrite>
|
||||
<urlCompression doDynamicCompression="true" />
|
||||
<handlers>
|
||||
<clear />
|
||||
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
|
||||
</handlers>
|
||||
<!-- Map all extensions to the same MIME type, so all files can be
|
||||
downloaded. -->
|
||||
<staticContent>
|
||||
<clear />
|
||||
<mimeMap fileExtension="*" mimeType="application/octet-stream" />
|
||||
</staticContent>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
```
|
||||
|
||||
## HAProxy
|
||||
|
||||
If you want HAProxy to serve your Gitea instance, you can add the following to your HAProxy configuration
|
||||
|
||||
add an acl in the frontend section to redirect calls to gitea.example.com to the correct backend
|
||||
|
||||
```
|
||||
frontend http-in
|
||||
...
|
||||
acl acl_gitea hdr(host) -i gitea.example.com
|
||||
use_backend gitea if acl_gitea
|
||||
...
|
||||
```
|
||||
|
||||
add the previously defined backend section
|
||||
|
||||
```
|
||||
backend gitea
|
||||
server localhost:3000 check
|
||||
```
|
||||
|
||||
If you redirect the http content to https, the configuration work the same way, just remember that the connection between HAProxy and Gitea will be done via http so you do not have to enable https in Gitea's configuration.
|
||||
|
||||
## HAProxy with a sub-path
|
||||
|
||||
In case you already have a site, and you want Gitea to share the domain name, you can setup HAProxy to serve Gitea under a sub-path by adding the following to you HAProxy configuration:
|
||||
|
||||
```
|
||||
frontend http-in
|
||||
...
|
||||
acl acl_gitea path_beg /gitea
|
||||
use_backend gitea if acl_gitea
|
||||
...
|
||||
```
|
||||
|
||||
With that configuration http://example.com/gitea/ will redirect to your Gitea instance.
|
||||
|
||||
then for the backend section
|
||||
|
||||
```
|
||||
backend gitea
|
||||
http-request replace-path /gitea\/?(.*) \/\1
|
||||
server localhost:3000 check
|
||||
```
|
||||
|
||||
The added http-request will automatically add a trailing slash if needed and internally remove /gitea from the path to allow it to work correctly with Gitea by setting properly http://example.com/gitea as the root.
|
||||
|
||||
Then you **MUST** set something like `[server] ROOT_URL = http://example.com/gitea/` correctly in your configuration.
|
||||
|
||||
## Traefik
|
||||
|
||||
If you want traefik to serve your Gitea instance, you can add the following label section to your `docker-compose.yaml` (Assuming the provider is docker).
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
image: docker.io/gitea/gitea
|
||||
...
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitea.rule=Host(`example.com`)"
|
||||
- "traefik.http.services.gitea-websecure.loadbalancer.server.port=3000"
|
||||
```
|
||||
|
||||
This config assumes that you are handling HTTPS on the traefik side and using HTTP between Gitea and traefik.
|
||||
|
||||
## Traefik with a sub-path
|
||||
|
||||
In case you already have a site, and you want Gitea to share the domain name, you can setup Traefik to serve Gitea under a sub-path by adding the following to your `docker-compose.yaml` (Assuming the provider is docker) :
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
image: docker.io/gitea/gitea
|
||||
...
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitea.rule=Host(`example.com`) && PathPrefix(`/gitea`)"
|
||||
- "traefik.http.services.gitea-websecure.loadbalancer.server.port=3000"
|
||||
- "traefik.http.middlewares.gitea-stripprefix.stripprefix.prefixes=/gitea"
|
||||
- "traefik.http.routers.gitea.middlewares=gitea-stripprefix"
|
||||
```
|
||||
|
||||
This config assumes that you are handling HTTPS on the traefik side and using HTTP between Gitea and traefik.
|
||||
|
||||
Then you **MUST** set something like `[server] ROOT_URL = http://example.com/gitea/` correctly in your configuration.
|
||||
@@ -0,0 +1,31 @@
|
||||
---
|
||||
date: "2019-12-31T13:55:00+05:00"
|
||||
slug: "search-engines-indexation"
|
||||
sidebar_position: 60
|
||||
aliases:
|
||||
- /en-us/search-engines-indexation
|
||||
---
|
||||
|
||||
# Search Engines Indexation
|
||||
|
||||
By default your Gitea installation will be indexed by search engines.
|
||||
If you don't want your repository to be visible for search engines read further.
|
||||
|
||||
## Block search engines indexation using robots.txt
|
||||
|
||||
To make Gitea serve a custom `robots.txt` (default: empty 404) for top level installations,
|
||||
create a file with path `public/robots.txt` in the [`custom` folder or `CustomPath`](../administration/customizing-gitea.md)
|
||||
|
||||
Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).
|
||||
|
||||
```txt
|
||||
User-agent: *
|
||||
Disallow: /
|
||||
```
|
||||
|
||||
If you installed Gitea in a subdirectory, you will need to create or edit the `robots.txt` in the top level directory.
|
||||
|
||||
```txt
|
||||
User-agent: *
|
||||
Disallow: /gitea/
|
||||
```
|
||||
212
versioned_docs/version-1.25/administration/signing.md
Normal file
212
versioned_docs/version-1.25/administration/signing.md
Normal file
@@ -0,0 +1,212 @@
|
||||
---
|
||||
date: "2019-08-17T10:20:00+01:00"
|
||||
slug: "signing"
|
||||
sidebar_position: 50
|
||||
aliases:
|
||||
- /en-us/signing
|
||||
---
|
||||
|
||||
# GPG/SSH Commit Signatures
|
||||
|
||||
Gitea will verify gpg/ssh commit signatures in the provided tree by
|
||||
checking if the commits are signed by a key within the Gitea database,
|
||||
or if the commit matches the default key for Git.
|
||||
|
||||
Additionally Gitea will verify commits signed by ssh keys, which public keys are part of [`TRUSTED_SSH_KEYS`](#general-configuration).
|
||||
|
||||
Keys are not checked to determine if they have expired or revoked.
|
||||
Keys are also not checked with keyservers.
|
||||
|
||||
A commit will be marked with a grey unlocked icon if no key can be
|
||||
found to verify it. If a commit is marked with a red unlocked icon,
|
||||
it is reported to be signed with a key with an id.
|
||||
|
||||
:::note
|
||||
The signer of a commit does not have to be an author or
|
||||
committer of a commit.
|
||||
:::
|
||||
|
||||
## Automatic Signing
|
||||
|
||||
There are a number of places where Gitea will generate commits itself:
|
||||
|
||||
- Repository Initialisation
|
||||
- Wiki Changes
|
||||
- CRUD actions using the editor or the API
|
||||
- Merges from Pull Requests
|
||||
|
||||
Depending on configuration and server trust you may want Gitea to
|
||||
sign these commits.
|
||||
|
||||
## Installing and generating a GPG key for Gitea
|
||||
|
||||
It is up to a server administrator to determine how best to install
|
||||
a signing key. Gitea generates all its commits using the server `git`
|
||||
command at present - and therefore the server `gpg` will be used for
|
||||
signing (if configured.) Administrators should review best-practices
|
||||
for GPG - in particular it is probably advisable to only install a
|
||||
signing secret subkey without the master signing and certifying secret
|
||||
key.
|
||||
|
||||
## Installing and generating a SSH key for Gitea
|
||||
|
||||
You can run `ssh-keygen -t ed25519 -f gitea-signing-key` to generate the private/public keypair for commit signing without any password. Usually you would store the key next to the gitea configuration, then point `SIGNING_KEY` to the generated public key `/path/to/gitea-signing-key.pub`. Gitea generates all its commits using the server `git` command at present - and therefore the server `ssh-keygen` will be used for
|
||||
signing (if configured.)
|
||||
|
||||
## General Configuration
|
||||
|
||||
Gitea's configuration for signing can be found with the
|
||||
`[repository.signing]` section of `app.ini`:
|
||||
|
||||
```ini
|
||||
...
|
||||
[repository.signing]
|
||||
SIGNING_KEY = default
|
||||
SIGNING_NAME =
|
||||
SIGNING_EMAIL =
|
||||
INITIAL_COMMIT = always
|
||||
CRUD_ACTIONS = pubkey, twofa, parentsigned
|
||||
WIKI = never
|
||||
MERGES = pubkey, twofa, basesigned, commitssigned
|
||||
|
||||
...
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
For SSH commit signing, you need to specify the `SIGNING_FORMAT` to `ssh` instead of the default `openpgp`. `SIGNING_NAME` and `SIGNING_EMAIL` are required for verifing the signatures.
|
||||
|
||||
This looks like this:
|
||||
|
||||
```ini
|
||||
...
|
||||
[repository.signing]
|
||||
SIGNING_KEY = /path/to/gitea-signing-key.pub
|
||||
SIGNING_NAME =
|
||||
SIGNING_EMAIL =
|
||||
SIGNING_FORMAT = ssh
|
||||
INITIAL_COMMIT = always
|
||||
CRUD_ACTIONS = pubkey, twofa, parentsigned
|
||||
WIKI = never
|
||||
MERGES = pubkey, twofa, basesigned, commitssigned
|
||||
...
|
||||
```
|
||||
|
||||
- `/path/to/gitea-signing-key` is expected to be the private key for `/path/to/gitea-signing-key.pub` [see here how to generate a new ssh keypair](#installing-and-generating-a-ssh-key-for-gitea).
|
||||
- `TRUSTED_SSH_KEYS = ssh-<algorithm> <key>` or `TRUSTED_SSH_KEYS = ssh-<algorithm> <key1>, ssh-<algorithm> <key2>` can be used for rotating the global ssh signing key to continue verifying commits signed by the previous keys.
|
||||
|
||||
### `SIGNING_KEY`
|
||||
|
||||
The first option to discuss is the `SIGNING_KEY`. There are three main
|
||||
options:
|
||||
|
||||
- `none` - this prevents Gitea from signing any commits
|
||||
- `default` - Gitea will default to the gpg key configured within `git config`
|
||||
- `KEYID` - Gitea will sign commits with the gpg key with the ID
|
||||
`KEYID`. In this case you should provide a `SIGNING_NAME` and
|
||||
`SIGNING_EMAIL` to be displayed for this key.
|
||||
- `/path/to/gitea-signing-key.pub` - Gitea will sign commits with the ssh key without the `.pub` suffix `/path/to/gitea-signing-key`. In this case you should provide a `SIGNING_NAME` and
|
||||
`SIGNING_EMAIL` to be displayed for this key and set `SIGNING_FORMAT` to `ssh`.
|
||||
|
||||
The `default` option will interrogate `git config` for
|
||||
`commit.gpgsign` option - if this is set, then it will use the results
|
||||
of the `user.signingkey`, `user.name` and `user.email` as appropriate.
|
||||
|
||||
By adjusting Git's `config` file within Gitea's
|
||||
repositories, `SIGNING_KEY=default` could be used to provide different
|
||||
signing keys on a per-repository basis. However, this is clearly not an
|
||||
ideal UI and therefore subject to change.
|
||||
|
||||
:::warning
|
||||
**Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home`)
|
||||
and uses its own config `{[git].HOME_PATH}/.gitconfig`.
|
||||
|
||||
If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig`)
|
||||
or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`.
|
||||
|
||||
Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`.
|
||||
|
||||
If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/`, consider setting the `$GNUPGHOME` environment variable to your preferred location, otherwise Gitea will use the gpg keys only under `{[git].HOME_PATH}/.gnupg`.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
The default option and repository specific signing keys are not supported for ssh keys
|
||||
:::
|
||||
|
||||
### `INITIAL_COMMIT`
|
||||
|
||||
This option determines whether Gitea should sign the initial commit
|
||||
when creating a repository. The possible values are:
|
||||
|
||||
- `never`: Never sign
|
||||
- `pubkey`: Only sign if the user has a public key
|
||||
- `twofa`: Only sign if the user logs in with two factor authentication
|
||||
- `always`: Always sign
|
||||
|
||||
Options other than `never` and `always` can be combined as a comma
|
||||
separated list. The commit will be signed if all selected options are true.
|
||||
|
||||
### `WIKI`
|
||||
|
||||
This options determines if Gitea should sign commits to the Wiki.
|
||||
The possible values are:
|
||||
|
||||
- `never`: Never sign
|
||||
- `pubkey`: Only sign if the user has a public key
|
||||
- `twofa`: Only sign if the user logs in with two-factor authentication
|
||||
- `parentsigned`: Only sign if the parent commit is signed.
|
||||
- `always`: Always sign
|
||||
|
||||
Options other than `never` and `always` can be combined as a comma
|
||||
separated list. The commit will be signed if all selected options are true.
|
||||
|
||||
### `CRUD_ACTIONS`
|
||||
|
||||
This option determines if Gitea should sign commits from the web
|
||||
editor or API CRUD actions. The possible values are:
|
||||
|
||||
- `never`: Never sign
|
||||
- `pubkey`: Only sign if the user has a public key
|
||||
- `twofa`: Only sign if the user logs in with two-factor authentication
|
||||
- `parentsigned`: Only sign if the parent commit is signed.
|
||||
- `always`: Always sign
|
||||
|
||||
Options other than `never` and `always` can be combined as a comma
|
||||
separated list. The change will be signed if all selected options are true.
|
||||
|
||||
### `MERGES`
|
||||
|
||||
This option determines if Gitea should sign merge commits from PRs.
|
||||
The possible options are:
|
||||
|
||||
- `never`: Never sign
|
||||
- `pubkey`: Only sign if the user has a public key
|
||||
- `twofa`: Only sign if the user logs in with two-factor authentication
|
||||
- `basesigned`: Only sign if the parent commit in the base repo is signed.
|
||||
- `headsigned`: Only sign if the head commit in the head branch is signed.
|
||||
- `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
|
||||
- `approved`: Only sign approved merges to a protected branch.
|
||||
- `always`: Always sign
|
||||
|
||||
Options other than `never` and `always` can be combined as a comma
|
||||
separated list. The merge will be signed if all selected options are true.
|
||||
|
||||
## Obtaining the Public Key of the Signing Key
|
||||
|
||||
The public key used to sign Gitea's commits can be obtained from the API at:
|
||||
|
||||
```sh
|
||||
/api/v1/signing-key.gpg
|
||||
```
|
||||
|
||||
In cases where there is a repository specific key this can be obtained from:
|
||||
|
||||
```sh
|
||||
/api/v1/repos/:username/:reponame/signing-key.gpg
|
||||
```
|
||||
|
||||
For ssh commit signing the default ssh public key can be obtained via the API at:
|
||||
|
||||
```sh
|
||||
/api/v1/signing-key.pub
|
||||
```
|
||||
Reference in New Issue
Block a user