官方文档地址
https://docs.gitea.io/zh-cn/install-with-docker/
注意系统要使用ubuntu20
因为后续使用ssh,需要通过authorized_keys把宿主机的git的ssh请求转发给宿主机的2222端口从而转发给容器,
本人测试使用centos7则无法将宿主机的git用户ssh使用authorized_keys转发到容器(也可能是我姿势不对)
格式类似如下
command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-2",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUWcDg1ObhpMDdsPk4xZH6HUt8LrluIvvt1+JIOBaxxbWgNWM+zAceIZvLbYDswubFhsusuj6k+TjzthlB9dDOxql6zvadfasdfasdfasdfasdfQOnTXkoRenOGi5eBJPapaxmEcNyDL1aiJ3UGq+FFBIBEoXqnV1ojqq/VKskvojqWsl7QpIqNAll71GTpF3i5QKZug5xsP5ygSbxzo7rCKKP6lBi/adfasdfasdfep9ykFRlfeDfMEL4x4XoqmwPCGhSKYITOViEYiiruDRo+U5+swMS5mqBiFl+5WmySJzfd0Bs1eaYeFEENTp/OefJvea+EzjGHUAxI6o0UL5XjIQZDkew5TGhYSDpALZA8x3OvTsZvNqjU31V5MiMQi3YU8LsarOk487cGxvRPVJSlsI0Q4KL3n7XERmVAFYx23bmbYik4QydhbHfPfu+XQ6+rTCQeIOu9aU3MVvl2cPwE1/QQKy2h/b6kxKcTlPJUWbUz0IK/hT/STmBG1ZLU7PPb13O2tTjfNuYKWilcViEc2AtSkQ== valsong@foo.com
安装docker和docker-compose
sudo apt install docker.io -y
sudo apt install docker-compose -y
先创建git用户
adduser git
创建完毕后查看git用户的id
id git
uid=1001(git) gid=1001(git) groups=1001(git)
得到uid是1001和gid是1001
下面的docker-compose.yml记得修改USER_UID和USER_GID
创建并进入文件夹/home/git/gitea
mkdir -p /home/git/gitea
cd /home/git/gitea
创建my.cnf 如果是arm平台无法安装arm版本的mysql可以考虑使用mariadb代替
mkdir -p /home/git/gitea/mysql/config
vim /home/git/gitea/mysql/config/my.cnf
mysql my.cnf
[mysqld]
## 设置server_id,一般设置为IP,注意要唯一,server-id必须为数字,不要搞骚操作
server-id=1
## 复制过滤:也就是指定哪个数据库不用同步(mysql库一般不同步)
binlog-ignore-db=mysql
## 开启二进制日志功能,可以随便取,最好有含义(关键就是这里了)
log-bin=mysql-bin
## 为每个session分配的内存,在事务过程中用来存储二进制日志的缓存
binlog_cache_size=1M
## 主从复制的格式(mixed,statement,row,默认格式是statement)
binlog_format=row
## row模式的binlog记录sql
# binlog_rows_query_log_events =1
## 二进制日志自动删除/过期的天数。默认值为0,表示不自动删除。
expire_logs_days=7
## 跳过主从复制中遇到的所有错误或指定类型的错误,避免slave端复制中断。
## 如:1062错误是指一些主键重复,1032错误是因为主从数据库数据不一致
slave_skip_errors=1062
## 设置事务隔离级别为RC
transaction-isolation=READ-COMMITTED
#default-time_zone = '+8:00'
## 开启gtid
gtid-mode=on
enforce-gtid-consistency=on
# 支持时间0000-00-00 00:00:00.000000
# sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
mariadb my.cnf
# The MariaDB configuration file
#
# The MariaDB/MySQL tools read configuration files in the following order:
# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
# 4. "~/.my.cnf" to set user-specific options.
#
# If the same option is defined multiple times, the last one will apply.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/
#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]
# Port or socket location where to connect
# port = 3306
socket = /run/mysqld/mysqld.sock
# Import all .cnf files from configuration directory
[mariadbd]
skip-host-cache
skip-name-resolve
!includedir /etc/mysql/mariadb.conf.d/
!includedir /etc/mysql/conf.d/
## 设置事务隔离级别为RC
transaction-isolation=READ-COMMITTED
## 主从复制的格式(mixed,statement,row,默认格式是statement)
binlog_format=row
## row模式的binlog记录sql
# binlog_rows_query_log_events =1
## 二进制日志自动删除/过期的天数。默认值为0,表示不自动删除。
expire_logs_days=7
创建docker-compose.yml
vim docker-compose.yml
mysql版本
version: "3"
networks:
gitea:
external: false
services:
gitea:
image: gitea/gitea:1.17
container_name: gitea
environment:
- USER_UID=1001
- USER_GID=1001
restart: always
privileged: true
networks:
- gitea
volumes:
- /home/git/.ssh/:/data/git/.ssh
- /home/git/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
depends_on:
- mysql
mysql:
platform: linux/x86_64
image: mysql:5.7
container_name: mysql5.7
#privileged: true
environment:
- MYSQL_ROOT_PASSWORD=123456
- "MYSQL_DATABASE=gitea"
- TZ=Asia/Shanghai
restart: always
command:
--default-authentication-plugin=mysql_native_password
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
--max_allowed_packet=128M
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /home/git/gitea/mysql/config/my.cnf:/etc/mysql/my.cnf
- /home/git/gitea/mysql/lib/mysql:/var/lib/mysql/
- /home/git/gitea/mysql/lib/mysql-files:/var/lib/mysql-files/
ports:
- 3306:3306
mariadb版本
version: "3"
networks:
gitea:
external: false
services:
gitea:
image: gitea/gitea:1.17
container_name: gitea
environment:
- USER_UID=1001
- USER_GID=1001
restart: always
privileged: true
networks:
- gitea
volumes:
- /home/git/.ssh/:/data/git/.ssh
- /home/git/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
depends_on:
- mariadb
mariadb:
image: mariadb:10.9
container_name: mariadb10.9
#privileged: true
environment:
- MARIADB_ROOT_PASSWORD=123456
- MARIADB_DATABASE=gitea
- TZ=Asia/Shanghai
restart: always
command:
--default-authentication-plugin=mysql_native_password
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
--max_allowed_packet=128M
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /home/git/gitea/mysql/config/my.cnf:/etc/mysql/my.cnf
- /home/git/gitea/mysql/lib/mysql:/var/lib/mysql/
- /home/git/gitea/mysql/lib/mysql-files:/var/lib/mysql-files/
ports:
- 3306:3306
切换到git用户将sshkey添加到/home/git/.ssh/authorized_keys
su git
ssh-keygen -t ed25519 -b 4096 -C "Gitea Host Key"
echo "$(cat /home/git/.ssh/id_ed25519.pub)" >> /home/git/.ssh/authorized_keys
eval "$(ssh-agent -s)"
切换到root用户创建/usr/local/bin/gitea
su root
vim /usr/local/bin/gitea
注意这里和官网教程不一样,这个地方是对旧的rsa算法进行支持,具体issue见
https://github.com/go-gitea/gitea/issues/17798
ssh -p 2222 -o PubkeyAcceptedAlgorithms=+ssh-rsa git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
授权给git用户
chown -R git /usr/local/bin/gitea
su git
chmod 700 /usr/local/bin/gitea
启动容器
docker-compose up -d
