深海游弋的鱼 – 默默的点滴

前置条件

ubuntu 24.04.2 LTS

动手实践

# 安装 podman
$ sudo apt install podman
 
# 创建一个低权限用户，尽量不要使用root用户，身份操作podman,降低安全风险
$ sudo adduser podman
 
# 允许用户下的容器在系统启动的时候启动服务
$ sudo loginctl enable-linger podman

# 退出当前用户，切换到刚刚创建的低权限用户, 注意，不要使用 su - user 的方式切换，后续会执行各种报错
# 如果使用 su user 切换会导致环境变量被带到新用户，导致执行报错
# ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/1000" is not owned by the current user 
# Error running systemd as user - Failed to connect to bus: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined
# 或者在使用 systemctl --user daemon-reload 之类的命令报错
# Systemd User Services: Failed to connect to bus
 
$ exit
 
# 通过 ssh 登录用户名 podman 密码是创建用户的时候设置的密码，解决报错问题
$ ssh xxx.xxx.xxx.xxx -l podman
 
# 准备本地目录映射
$ mkdir ~/.dockers
 
$ mkdir ~/.dockers/gitea

$ podman pull docker.gitea.com/gitea:latest

# 此处我们 默认不导出 ssh 访问，只允许 http 访问
$ podman run -d --cpus=2 --name gitea -p 10890:3000 -v /home/podman/.dockers/gitea:/data gitea

# 每次都启动新容器方式创建servcie //--new参数，每次启动都删除旧容器，启动一个新容器 
$ podman generate systemd --restart-policy=always -n --new -f gitea

# 保存到 ~/.config/systemd/user/
$ mkdir .config

$ mkdir .config/systemd

$ mkdir .config/systemd/user

$ mv container-gitea.service ~/.config/systemd/user/

# 刷新配置文件，让其生效
$ systemctl --user daemon-reload

# 上述命令如果报错 Failed to connect to bus 
# 一般是通过 su - 切换账号导致的，需要退出当前的SSH登录
# 重新通过 ssh 登录，用户名 podman 密码是创建用户的时候设置的密码

# 设置容器开机自启，并且现在启动
$ systemctl --user enable --now ~/.config/systemd/user/container-gitea.service

# 如果需要进入容器查看执行情况，参考如下命令
# podman exec -it container-gitea bash

# 查看日志
# podman logs -f -t gitea

# 测试，重启系统，观察是否能开机自动启动
$ sudo reboot

# 启动或重启服务 
# systemctl --user start container-gitea.service 
# systemctl --user restart container-gitea.service

# 如果启动失败，观察服务日志
# journalctl --user -xeu container-gitea.service
# 或者
# sudo journalctl -f

# 安装 podman

$ sudo apt install podman

# 创建一个低权限用户，尽量不要使用root用户，身份操作podman,降低安全风险

$ sudo adduser podman

# 允许用户下的容器在系统启动的时候启动服务

$ sudo loginctl enable-linger podman

# 退出当前用户，切换到刚刚创建的低权限用户, 注意，不要使用 su - user 的方式切换，后续会执行各种报错

# 如果使用 su user 切换会导致环境变量被带到新用户，导致执行报错

# ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/1000" is not owned by the current user

# Error running systemd as user - Failed to connect to bus: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined

# 或者在使用 systemctl --user daemon-reload 之类的命令报错

# Systemd User Services: Failed to connect to bus

$ exit

# 通过 ssh 登录用户名 podman 密码是创建用户的时候设置的密码，解决报错问题

$ ssh xxx.xxx.xxx.xxx -l podman

# 准备本地目录映射

$ mkdir ~/.dockers

$ mkdir ~/.dockers/gitea

$ podman pull docker.gitea.com/gitea:latest

# 此处我们默认不导出 ssh 访问，只允许 http 访问

$ podman run -d --cpus=2 --name gitea -p 10890:3000 -v /home/podman/.dockers/gitea:/data gitea

# 每次都启动新容器方式创建servcie //--new参数，每次启动都删除旧容器，启动一个新容器

$ podman generate systemd --restart-policy=always -n --new -f gitea

# 保存到 ~/.config/systemd/user/

$ mkdir .config

$ mkdir .config/systemd

$ mkdir .config/systemd/user

$ mv container-gitea.service ~/.config/systemd/user/

# 刷新配置文件，让其生效

$ systemctl --user daemon-reload

# 上述命令如果报错 Failed to connect to bus

# 一般是通过 su - 切换账号导致的，需要退出当前的SSH登录

# 重新通过 ssh 登录，用户名 podman 密码是创建用户的时候设置的密码

# 设置容器开机自启，并且现在启动

$ systemctl --user enable --now ~/.config/systemd/user/container-gitea.service

# 如果需要进入容器查看执行情况，参考如下命令

# podman exec -it container-gitea bash

# 查看日志

# podman logs -f -t gitea

# 测试，重启系统，观察是否能开机自动启动

$ sudo reboot

# 启动或重启服务

# systemctl --user start container-gitea.service

# systemctl --user restart container-gitea.service

# 如果启动失败，观察服务日志

# journalctl --user -xeu container-gitea.service

# 或者

# sudo journalctl -f

访问配置，在地址栏输入 http://xxx.xxx.xxx.xxx:10890 进入配置页面，如下图：

后续如果需要修改配置，可以通过调整修改 /home/podman/.dockers/gitea/gitea/conf/app.ini 解决。

APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = www.mobibrw.com
SSH_DOMAIN = www.mobibrw.com
HTTP_PORT = 3000
ROOT_URL = http://www.mobibrw.com:10890/
DISABLE_SSH = true
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
OFFLINE_MODE = true
LANDING_PAGE = explore

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
SQLITE_JOURNAL_MODE = WAL

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]
PATH = /data/gitea/attachments

[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PASSWORD_HASH_ALGO = pbkdf2

[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost

[lfs]
PATH = /data/git/lfs

[mailer]
ENABLED = false

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[cron.update_checker]
ENABLED = false

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[oauth2]
JWT_SECRET = xxxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx

[ui.notification]
EVENT_SOURCE_UPDATE_TIME = -1
MAX_TIMEOUT = 1s
MIN_TIMEOUT = -1
TIMEOUT_STEP = 1s

100

101

102

103

104

105

106

APP_NAME = Gitea: Git with a cup of tea

RUN_MODE = prod

RUN_USER = git

WORK_PATH = /data/gitea

[repository]

ROOT = /data/git/repositories

[repository.local]

LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]

TEMP_PATH = /data/gitea/uploads

[server]

APP_DATA_PATH = /data/gitea

DOMAIN = www.mobibrw.com

SSH_DOMAIN = www.mobibrw.com

HTTP_PORT = 3000

ROOT_URL = http://www.mobibrw.com:10890/

DISABLE_SSH = true

SSH_PORT = 22

SSH_LISTEN_PORT = 22

LFS_START_SERVER = true

LFS_JWT_SECRET = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

OFFLINE_MODE = true

LANDING_PAGE = explore

[database]

PATH = /data/gitea/gitea.db

DB_TYPE = sqlite3

HOST = localhost:3306

NAME = gitea

USER = root

PASSWD =

LOG_SQL = false

SCHEMA =

SSL_MODE = disable

SQLITE_JOURNAL_MODE = WAL

[indexer]

ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]

PROVIDER_CONFIG = /data/gitea/sessions

PROVIDER = file

[picture]

AVATAR_UPLOAD_PATH = /data/gitea/avatars

REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]

PATH = /data/gitea/attachments

[log]

MODE = console

LEVEL = info

ROOT_PATH = /data/gitea/log

[security]

INSTALL_LOCK = true

SECRET_KEY =

REVERSE_PROXY_LIMIT = 1

REVERSE_PROXY_TRUSTED_PROXIES = *

INTERNAL_TOKEN = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

PASSWORD_HASH_ALGO = pbkdf2

[service]

DISABLE_REGISTRATION = true

REQUIRE_SIGNIN_VIEW = false

REGISTER_EMAIL_CONFIRM = false

ENABLE_NOTIFY_MAIL = false

ALLOW_ONLY_EXTERNAL_REGISTRATION = false

ENABLE_CAPTCHA = false

DEFAULT_KEEP_EMAIL_PRIVATE = false

DEFAULT_ALLOW_CREATE_ORGANIZATION = false

DEFAULT_ENABLE_TIMETRACKING = true

NO_REPLY_ADDRESS = noreply.localhost

[lfs]

PATH = /data/git/lfs

[mailer]

ENABLED = false

[openid]

ENABLE_OPENID_SIGNIN = false

ENABLE_OPENID_SIGNUP = false

[cron.update_checker]

ENABLED = false

[repository.pull-request]

DEFAULT_MERGE_STYLE = merge

[repository.signing]

DEFAULT_TRUST_MODEL = committer

[oauth2]

JWT_SECRET = xxxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx

[ui.notification]

EVENT_SOURCE_UPDATE_TIME = -1

MAX_TIMEOUT = 1s

MIN_TIMEOUT = -1

TIMEOUT_STEP = 1s

一	二	三	四	五	六	日
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

GitLab的替代者-轻量级Gitea安装与配置

前置条件

动手实践

参考链接

发布者

默默

发表回复取消回复

前置条件

动手实践

参考链接

发布者

默默

发表回复 取消回复

发表回复取消回复