mirror of
				https://github.com/go-gitea/gitea
				synced 2025-09-28 03:28:13 +00:00 
			
		
		
		
	* docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
		
			
				
	
	
		
			297 lines
		
	
	
		
			9.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			297 lines
		
	
	
		
			9.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| date: "2020-02-09T20:00:00+02:00"
 | |
| title: "Installation with Docker (rootless)"
 | |
| slug: "install-with-docker-rootless"
 | |
| weight: 10
 | |
| toc: true
 | |
| draft: true
 | |
| menu:
 | |
|   sidebar:
 | |
|     parent: "installation"
 | |
|     name: "With Docker Rootless"
 | |
|     weight: 10
 | |
|     identifier: "install-with-docker-rootless"
 | |
| ---
 | |
| 
 | |
| # Installation with Docker
 | |
| 
 | |
| Gitea provides automatically updated Docker images within its Docker Hub organization. It is
 | |
| possible to always use the latest stable tag or to use another service that handles updating
 | |
| Docker images.
 | |
| 
 | |
| The rootless image use Gitea internal ssh to provide git protocol and doesn't support openssh. 
 | |
| 
 | |
| This reference setup guides users through the setup based on `docker-compose`, but the installation
 | |
| of `docker-compose` is out of scope of this documentation. To install `docker-compose` itself, follow
 | |
| the official [install instructions](https://docs.docker.com/compose/install/).
 | |
| 
 | |
| ## Basics
 | |
| 
 | |
| The most simple setup just creates a volume and a network and starts the `gitea/gitea:latest-rootless`
 | |
| image as a service. Since there is no database available, one can be initialized using SQLite3.
 | |
| Create a directory for `data` and `config` then paste the following content into a file named `docker-compose.yml`.
 | |
| Note that the volume should be owned by the user/group with the UID/GID specified in the config file. By default Gitea in docker will use uid:1000 gid:1000. If needed you can set ownership on those folders with the command: `sudo chown 1000:1000 config/ data/`
 | |
| If you don't give the volume correct permissions, the container may not start.
 | |
| Also be aware that the tag `:latest-rootless` will install the current development version.
 | |
| For a stable release you can use `:1-rootless` or specify a certain release like `:{{< version >}}-rootless`.
 | |
| 
 | |
| ```yaml
 | |
| version: "2"
 | |
| 
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
|     restart: always
 | |
|     volumes:
 | |
|       - ./data:/var/lib/gitea
 | |
|       - ./config:/etc/gitea
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
|       - "3000:3000"
 | |
|       - "2222:2222"
 | |
| ```
 | |
| 
 | |
| ## Custom port
 | |
| 
 | |
| To bind the integrated ssh and the webserver on a different port, adjust
 | |
| the port section. It's common to just change the host port and keep the ports within
 | |
| the container like they are.
 | |
| 
 | |
| ```diff
 | |
| version: "2"
 | |
| 
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
|     restart: always
 | |
|     volumes:
 | |
|       - ./data:/var/lib/gitea
 | |
|       - ./config:/etc/gitea  
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
| -      - "3000:3000"
 | |
| -      - "2222:2222"
 | |
| +      - "80:3000"
 | |
| +      - "22:2222"
 | |
| ```
 | |
| 
 | |
| ## MySQL database
 | |
| 
 | |
| To start Gitea in combination with a MySQL database, apply these changes to the
 | |
| `docker-compose.yml` file created above.
 | |
| 
 | |
| ```diff
 | |
| version: "2"
 | |
| 
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
| +    environment:
 | |
| +      - DB_TYPE=mysql
 | |
| +      - DB_HOST=db:3306
 | |
| +      - DB_NAME=gitea
 | |
| +      - DB_USER=gitea
 | |
| +      - DB_PASSWD=gitea
 | |
|     restart: always
 | |
|     volumes:
 | |
|       - ./data:/var/lib/gitea
 | |
|       - ./config:/etc/gitea  
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
|       - "3000:3000"
 | |
|       - "222:22"
 | |
| +    depends_on:
 | |
| +      - db
 | |
| +
 | |
| +  db:
 | |
| +    image: mysql:5.7
 | |
| +    restart: always
 | |
| +    environment:
 | |
| +      - MYSQL_ROOT_PASSWORD=gitea
 | |
| +      - MYSQL_USER=gitea
 | |
| +      - MYSQL_PASSWORD=gitea
 | |
| +      - MYSQL_DATABASE=gitea
 | |
| +    volumes:
 | |
| +      - ./mysql:/var/lib/mysql
 | |
| ```
 | |
| 
 | |
| ## PostgreSQL database
 | |
| 
 | |
| To start Gitea in combination with a PostgreSQL database, apply these changes to
 | |
| the `docker-compose.yml` file created above.
 | |
| 
 | |
| ```diff
 | |
| version: "2"
 | |
| 
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
|     environment:
 | |
| +      - DB_TYPE=postgres
 | |
| +      - DB_HOST=db:5432
 | |
| +      - DB_NAME=gitea
 | |
| +      - DB_USER=gitea
 | |
| +      - DB_PASSWD=gitea
 | |
|     restart: always
 | |
|     volumes:
 | |
|       - ./data:/var/lib/gitea
 | |
|       - ./config:/etc/gitea  
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
|       - "3000:3000"
 | |
|       - "2222:2222"
 | |
| +    depends_on:
 | |
| +      - db
 | |
| +
 | |
| +  db:
 | |
| +    image: postgres:9.6
 | |
| +    restart: always
 | |
| +    environment:
 | |
| +      - POSTGRES_USER=gitea
 | |
| +      - POSTGRES_PASSWORD=gitea
 | |
| +      - POSTGRES_DB=gitea
 | |
| +    volumes:
 | |
| +      - ./postgres:/var/lib/postgresql/data
 | |
| ```
 | |
| 
 | |
| ## Named volumes
 | |
| 
 | |
| To use named volumes instead of host volumes, define and use the named volume
 | |
| within the `docker-compose.yml` configuration. This change will automatically
 | |
| create the required volume. You don't need to worry about permissions with
 | |
| named volumes; Docker will deal with that automatically.
 | |
| 
 | |
| ```diff
 | |
| version: "2"
 | |
| 
 | |
| +volumes:
 | |
| +  gitea:
 | |
| +    driver: local
 | |
| +
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
|     restart: always
 | |
|     volumes:
 | |
| -      - ./data:/var/lib/gitea
 | |
| +      - gitea-data:/var/lib/gitea
 | |
| -      - ./config:/etc/gitea
 | |
| +      - gitea-config:/etc/gitea
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
|       - "3000:3000"
 | |
|       - "2222:2222"
 | |
| ```
 | |
| 
 | |
| MySQL or PostgreSQL containers will need to be created separately.
 | |
| 
 | |
| ## Custom user
 | |
| 
 | |
| You can choose to use a custom user (following --user flag definition https://docs.docker.com/engine/reference/run/#user).
 | |
| As an example to clone the host user `git` definition use the command `id -u git` and add it to `docker-compose.yml` file:
 | |
| Please make sure that the mounted folders are writable by the user.
 | |
| 
 | |
| ```diff
 | |
| version: "2"
 | |
| 
 | |
| services:
 | |
|   server:
 | |
|     image: gitea/gitea:latest-rootless
 | |
|     restart: always
 | |
| +    user: 1001
 | |
|     volumes:
 | |
|       - ./data:/var/lib/gitea
 | |
|       - ./config:/etc/gitea
 | |
|       - /etc/timezone:/etc/timezone:ro
 | |
|       - /etc/localtime:/etc/localtime:ro
 | |
|     ports:
 | |
|       - "3000:3000"
 | |
|       - "2222:2222"
 | |
| ```
 | |
| 
 | |
| ## Start
 | |
| 
 | |
| To start this setup based on `docker-compose`, execute `docker-compose up -d`,
 | |
| to launch Gitea in the background. Using `docker-compose ps` will show if Gitea
 | |
| started properly. Logs can be viewed with `docker-compose logs`.
 | |
| 
 | |
| To shut down the setup, execute `docker-compose down`. This will stop
 | |
| and kill the containers. The volumes will still exist.
 | |
| 
 | |
| Notice: if using a non-3000 port on http, change app.ini to match
 | |
| `LOCAL_ROOT_URL = http://localhost:3000/`.
 | |
| 
 | |
| ## Install
 | |
| 
 | |
| After starting the Docker setup via `docker-compose`, Gitea should be available using a
 | |
| favorite browser to finalize the installation. Visit http://server-ip:3000 and follow the
 | |
| installation wizard. If the database was started with the `docker-compose` setup as
 | |
| documented above, please note that `db` must be used as the database hostname.
 | |
| 
 | |
| ## Environments variables
 | |
| 
 | |
| You can configure some of Gitea's settings via environment variables:
 | |
| 
 | |
| (Default values are provided in **bold**)
 | |
| 
 | |
| * `APP_NAME`: **"Gitea: Git with a cup of tea"**: Application name, used in the page title.
 | |
| * `RUN_MODE`: **dev**: For performance and other purposes, change this to `prod` when deployed to a production environment.
 | |
| * `SSH_DOMAIN`: **localhost**: Domain name of this server, used for the displayed clone URL in Gitea's UI.
 | |
| * `SSH_PORT`: **2222**: SSH port displayed in clone URL.
 | |
| * `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
 | |
| * `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 | |
| * `HTTP_PORT`: **3000**: HTTP listen port.
 | |
| * `ROOT_URL`: **""**: Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match (e.g. in Docker).
 | |
| * `LFS_START_SERVER`: **false**: Enables git-lfs support.
 | |
| * `DB_TYPE`: **sqlite3**: The database type in use \[mysql, postgres, mssql, sqlite3\].
 | |
| * `DB_HOST`: **localhost:3306**: Database host address and port.
 | |
| * `DB_NAME`: **gitea**: Database name.
 | |
| * `DB_USER`: **root**: Database username.
 | |
| * `DB_PASSWD`: **"\<empty>"**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
 | |
| * `INSTALL_LOCK`: **false**: Disallow access to the install page.
 | |
| * `SECRET_KEY`: **""**: Global secret key. This should be changed. If this has a value and `INSTALL_LOCK` is empty, `INSTALL_LOCK` will automatically set to `true`.
 | |
| * `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create accounts for users.
 | |
| * `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
 | |
| 
 | |
| # Customization
 | |
| 
 | |
| Customization files described [here](https://docs.gitea.io/en-us/customizing-gitea/) should
 | |
| be placed in `/var/lib/gitea/custom` directory. If using host volumes, it's quite easy to access these
 | |
| files; for named volumes, this is done through another container or by direct access at
 | |
| `/var/lib/docker/volumes/gitea_gitea/_/var_lib_gitea`. The configuration file will be saved at
 | |
| `/etc/gitea/app.ini` after the installation.
 | |
| 
 | |
| # Upgrading
 | |
| 
 | |
| :exclamation::exclamation: **Make sure you have volumed data to somewhere outside Docker container** :exclamation::exclamation:
 | |
| 
 | |
| To upgrade your installation to the latest release:
 | |
| ```
 | |
| # Edit `docker-compose.yml` to update the version, if you have one specified
 | |
| # Pull new images
 | |
| docker-compose pull
 | |
| # Start a new container, automatically removes old one
 | |
| docker-compose up -d
 | |
| ```
 | |
| 
 | |
| # Upgrading from standard image
 | |
| 
 | |
| - Backup your setup
 | |
| - Change volume mountpoint from /data to /var/lib/gitea
 | |
| - If you used a custom app.ini move it to a new volume mounted to /etc/gitea
 | |
| - Rename folder (inside volume) gitea to custom
 | |
| - Edit app.ini if needed
 | |
|   - Set START_SSH_SERVER = true
 | |
| - Use image gitea/gitea:latest-rootless
 | |
| 
 | |
| # SSH Container Passthrough (not tested)
 | |
| 
 | |
| This should be possible by forcing `authorized_keys` generation via `gitea admin regenerate keys`.
 | |
| 
 | |
| We should use directly [SSH AuthorizedKeysCommand](https://docs.gitea.io/en-us/command-line/#keys) when it will be based on internal api.
 |