官方文档地址

https://docs.gitea.io/zh-cn/install-with-docker/

注意系统要使用ubuntu20

因为后续使用ssh，需要通过authorized_keys把宿主机的git的ssh请求转发给宿主机的2222端口从而转发给容器，
本人测试使用centos7则无法将宿主机的git用户ssh使用authorized_keys转发到容器（也可能是我姿势不对）
格式类似如下

command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-2",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUWcDg1ObhpMDdsPk4xZH6HUt8LrluIvvt1+JIOBaxxbWgNWM+zAceIZvLbYDswubFhsusuj6k+TjzthlB9dDOxql6zvadfasdfasdfasdfasdfQOnTXkoRenOGi5eBJPapaxmEcNyDL1aiJ3UGq+FFBIBEoXqnV1ojqq/VKskvojqWsl7QpIqNAll71GTpF3i5QKZug5xsP5ygSbxzo7rCKKP6lBi/adfasdfasdfep9ykFRlfeDfMEL4x4XoqmwPCGhSKYITOViEYiiruDRo+U5+swMS5mqBiFl+5WmySJzfd0Bs1eaYeFEENTp/OefJvea+EzjGHUAxI6o0UL5XjIQZDkew5TGhYSDpALZA8x3OvTsZvNqjU31V5MiMQi3YU8LsarOk487cGxvRPVJSlsI0Q4KL3n7XERmVAFYx23bmbYik4QydhbHfPfu+XQ6+rTCQeIOu9aU3MVvl2cPwE1/QQKy2h/b6kxKcTlPJUWbUz0IK/hT/STmBG1ZLU7PPb13O2tTjfNuYKWilcViEc2AtSkQ== valsong@foo.com

安装docker和docker-compose

sudo apt install docker.io -y
sudo apt install docker-compose -y

先创建git用户

adduser git

创建完毕后查看git用户的id

id git
uid=1001(git) gid=1001(git) groups=1001(git)

得到uid是1001和gid是1001
下面的docker-compose.yml记得修改USER_UID和USER_GID

创建并进入文件夹/home/git/gitea

mkdir -p /home/git/gitea
cd /home/git/gitea

创建my.cnf 如果是arm平台无法安装arm版本的mysql可以考虑使用mariadb代替

mkdir -p /home/git/gitea/mysql/config
vim /home/git/gitea/mysql/config/my.cnf

mysql my.cnf

[mysqld]
## 设置server_id，一般设置为IP，注意要唯一，server-id必须为数字，不要搞骚操作
server-id=1
## 复制过滤：也就是指定哪个数据库不用同步（mysql库一般不同步）
binlog-ignore-db=mysql  
## 开启二进制日志功能，可以随便取，最好有含义（关键就是这里了）
log-bin=mysql-bin  
## 为每个session分配的内存，在事务过程中用来存储二进制日志的缓存
binlog_cache_size=1M  
## 主从复制的格式（mixed,statement,row，默认格式是statement）
binlog_format=row   

## row模式的binlog记录sql
# binlog_rows_query_log_events =1

## 二进制日志自动删除/过期的天数。默认值为0，表示不自动删除。
expire_logs_days=7  
## 跳过主从复制中遇到的所有错误或指定类型的错误，避免slave端复制中断。
## 如：1062错误是指一些主键重复，1032错误是因为主从数据库数据不一致
slave_skip_errors=1062

## 设置事务隔离级别为RC
transaction-isolation=READ-COMMITTED

#default-time_zone = '+8:00'

## 开启gtid
gtid-mode=on
enforce-gtid-consistency=on

# 支持时间0000-00-00 00:00:00.000000
# sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

mariadb my.cnf

# The MariaDB configuration file
#
# The MariaDB/MySQL tools read configuration files in the following order:
# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
# 4. "~/.my.cnf" to set user-specific options.
#
# If the same option is defined multiple times, the last one will apply.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/

#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]
# Port or socket location where to connect
# port = 3306
socket = /run/mysqld/mysqld.sock

# Import all .cnf files from configuration directory
[mariadbd]
skip-host-cache
skip-name-resolve

!includedir /etc/mysql/mariadb.conf.d/
!includedir /etc/mysql/conf.d/

## 设置事务隔离级别为RC
transaction-isolation=READ-COMMITTED

## 主从复制的格式（mixed,statement,row，默认格式是statement）
binlog_format=row   

## row模式的binlog记录sql
# binlog_rows_query_log_events =1

## 二进制日志自动删除/过期的天数。默认值为0，表示不自动删除。
expire_logs_days=7  

创建docker-compose.yml

vim docker-compose.yml

mysql版本

version: "3"

networks:
  gitea:
    external: false

services:
  gitea:
    image: gitea/gitea:1.17
    container_name: gitea
    environment:
      - USER_UID=1001
      - USER_GID=1001
    restart: always
    privileged: true
    networks:
      - gitea
    volumes:
      - /home/git/.ssh/:/data/git/.ssh
      - /home/git/gitea/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - mysql  

  mysql:
    platform: linux/x86_64
    image: mysql:5.7
    container_name: mysql5.7
    #privileged: true
    environment:
      - MYSQL_ROOT_PASSWORD=123456
      - "MYSQL_DATABASE=gitea"
      - TZ=Asia/Shanghai
    restart: always  
    command:
      --default-authentication-plugin=mysql_native_password
      --character-set-server=utf8mb4
      --collation-server=utf8mb4_general_ci
      --explicit_defaults_for_timestamp=true
      --lower_case_table_names=1
      --max_allowed_packet=128M
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /home/git/gitea/mysql/config/my.cnf:/etc/mysql/my.cnf
      - /home/git/gitea/mysql/lib/mysql:/var/lib/mysql/
      - /home/git/gitea/mysql/lib/mysql-files:/var/lib/mysql-files/
    ports:
      - 3306:3306

mariadb版本

version: "3"

networks:
  gitea:
    external: false

services:
  gitea:
    image: gitea/gitea:1.17
    container_name: gitea
    environment:
      - USER_UID=1001
      - USER_GID=1001
    restart: always
    privileged: true
    networks:
      - gitea
    volumes:
      - /home/git/.ssh/:/data/git/.ssh
      - /home/git/gitea/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - mariadb  

  mariadb:
    image: mariadb:10.9
    container_name: mariadb10.9
    #privileged: true
    environment:
      - MARIADB_ROOT_PASSWORD=123456
      - MARIADB_DATABASE=gitea
      - TZ=Asia/Shanghai
    restart: always  
    command:
      --default-authentication-plugin=mysql_native_password
      --character-set-server=utf8mb4
      --collation-server=utf8mb4_general_ci
      --explicit_defaults_for_timestamp=true
      --lower_case_table_names=1
      --max_allowed_packet=128M
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /home/git/gitea/mysql/config/my.cnf:/etc/mysql/my.cnf
      - /home/git/gitea/mysql/lib/mysql:/var/lib/mysql/
      - /home/git/gitea/mysql/lib/mysql-files:/var/lib/mysql-files/
    ports:
      - 3306:3306

切换到git用户将sshkey添加到/home/git/.ssh/authorized_keys

su git
ssh-keygen -t ed25519 -b 4096 -C "Gitea Host Key"
echo "$(cat /home/git/.ssh/id_ed25519.pub)" >> /home/git/.ssh/authorized_keys
eval "$(ssh-agent -s)"

切换到root用户创建/usr/local/bin/gitea

su root
vim /usr/local/bin/gitea  

注意这里和官网教程不一样，这个地方是对旧的rsa算法进行支持，具体issue见
https://github.com/go-gitea/gitea/issues/17798

ssh -p 2222 -o PubkeyAcceptedAlgorithms=+ssh-rsa git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

授权给git用户

chown -R git /usr/local/bin/gitea
su git
chmod 700 /usr/local/bin/gitea

启动容器

docker-compose up -d

管理台页面是宿主机的3000端口

有啥不明白的接下来参考官网教程吧

https://docs.gitea.io/zh-cn/install-with-docker/