summaryrefslogtreecommitdiffstats
path: root/docker
Commit message (Collapse)AuthorAgeFilesLines
* Change docker tag logic (#16421)techknowlogick2021-07-142-7/+9
| | | | | | | | | | | | | * Change docker logic * Apply suggestions from code review Co-authored-by: Kyle D. <kdumontnu@gmail.com> * docs Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Kyle D. <kdumontnu@gmail.com>
* Fix various documentation, user-facing, and source comment typos (#16367)luzpaz2021-07-082-2/+2
| | | | | * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
* Fix bug due to missing MaxStartups and MaxSessions (#16046)zeripath2021-06-012-2/+4
| | | | | | | | | | Unforunately #16009 makes these settings mandatory. This PR uses the same technique as used for the certificates to make these settings non-mandatory. Fix #16044 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Make sshd_config more flexible regarding connections (#16009)Dario Louzado2021-05-311-0/+3
| | | | | | | | | | | | * Make sshd_config more flexible regarding MaxStartups and MaxSessions. See https://man.openbsd.org/sshd_config for more information. * make property prefix equals other existing Gitea SSH properties. Co-authored-by: dlouzado <dlouzado@senado.leg.br>
* Only offer hostcertificates if they exist (#15849)zeripath2021-05-132-4/+24
| | | | | | | | | | | | | | | | | A common bug report is the otherwise harmless sshd logging: ``` Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory ``` This PR simply checks if these files exist before creation of sshd_config and if they do not exist, doesn't add a reference to them. Fix #14110 amongst others. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add reverse proxy configuration support for remote IP address (#14959)Lauris BH2021-03-162-0/+4
| | | | | | | | | * Add reverse proxy configuration support for remote IP address validation * Trust all IP addresses in containerized environments by default * Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add environment-to-ini to docker image (#14762)Kyle D2021-02-232-0/+6
| | | | | | | | | | | * Add environment-to-app.ini routine * Call environment-to-ini in docker setup scripts * Automatically convert section vars to lower case to match documentation * Remove git patch instructions * Add env variable documentation to Install Docker
* Update docs and comments to remove macaron (#14491)Lunny Xiao2021-01-291-2/+0
|
* Set RUN_MODE prod by default (#13765)silverwind2020-11-302-2/+2
| | | | | | | I think it's a bad default to have "dev" as the default run mode which enables debugging and now also disables HTTP caching. It's better to just default to a value suitable for general deployments. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Format files (#13698)65432020-11-282-4/+4
| | | | | | | | | | | | | | | | * align "make help" * format * untouch build/generate-svg.js * untouch .eslintrc * combine editorconfig's * rm editorconfig Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* fix docker rootless manifest (#13386)Antoine GIRARD2020-11-021-1/+1
|
* Remove specific indexer path (#13388)Antoine GIRARD2020-11-011-3/+0
| | | Co-authored-by: Lauris BH <lauris@nix.lv>
* docker: rootless image (#10154)Antoine GIRARD2020-10-314-0/+136
| | | | | | | | | * docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
* Update sshd_config (#13143)Anders Eurenius Runvald2020-10-141-0/+4
| | | | | Afaik, adding these lines does nothing unless the file(s) are present. Having them in let's admins supply certs instead of relying on TOFU. Co-authored-by: zeripath <art27@cantab.net>
* Add ssh certificate support (#12281)Wim2020-10-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Change default log configuration (#13088)zeripath2020-10-101-0/+6
| | | | | | | | | | | | | | | * Change default log configuration This PR changes the install page and the docker default logging configuration to match the suggested configuration that I repeatedly end up suggesting on issues. It further improves the logging configuration docs to recommend specific instructions for how to configure logs for posting to issues. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/logging-documentation.en-us.md
* Disable DSA ssh keys by default (#13056)zeripath2020-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Disable DSA ssh keys by default OpenSSH has disabled DSA keys since version 7.0 As the docker runs openssh > v7.0 we should just disable DSA keys by default. Refers to #11417 Signed-off-by: Andrew Thornton <art27@cantab.net> * Just disable DSA keys by default Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove DSA type * Fix Tests Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix typo in README.md (#12369)Kevin Schweikert2020-07-291-2/+2
| | | Changed Dockefile to Dockerfile
* merge docker makefile into main one (#12289)techknowlogick2020-07-212-14/+7
| | | | | | | | | * merge docker makefile into main one * add readme for docker folder * don't include a file that doesn't exist anymore Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix missing CGO_EXTRA_FLAGS build arg for docker (#11782)Cirno the Strongest2020-06-061-1/+1
| | | Co-authored-by: zeripath <art27@cantab.net>
* Fix; declare DOMAIN variable for docker setup (#10780)Adrian POIGET2020-05-042-0/+2
| | | | | | | | In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable and overwrites SSH_DOMAIN environment variable set the first time if nothing done Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
* Fix latest docker image haven't include static files. (#9252)Lunny Xiao2019-12-051-1/+1
| | | | | | * add warnging on docs * fix docs
* docker: ask s6 to stop all service when gitea stop (#9171)Antoine GIRARD2019-11-271-1/+1
| | | | | | | | * fix: ask s6 to stop all service when gitea stop https://github.com/just-containers/s6-overlay#writing-an-optional-finish-script * change service folder
* Fix #8453 by making openssh listen on SSH_LISTEN_PORT not SSH_PORT (#8477)zeripath2019-10-122-2/+3
|
* Make AllowedUsers configurable in sshd_config (#8094)jpellegrini2019-09-052-3/+1
| | | | | | | | docker/root/usr/bin/entrypoint already allows for the specification of USER, USER_UID, USER_GID. But since AllowedUsers is hardcoded in sshd_config, one cannot log in as a user different ftom git. This change substitutes ${USER} for git in the sshd_config template. Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
* Support SSH_LISTEN_PORT env var in docker app.ini template (#7829)leigh capili2019-08-242-0/+2
| | | Signed-off-by: leigh capili <leigh@null.net>
* drone/docker: prepare multi-arch release + provide arm64 image (#7571)Antoine GIRARD2019-07-241-0/+19
| | | | | | | | | | | | * drone/docker: prepare multi-arch release * Add docker-linux-arm64 pipeline * add arm 64 build to manifest * tag dry-run + indent * Fix notify dependency
* Implement the ability to change the ssh port to match what is in the gitea ↵Christopher Thomas2019-07-062-1/+8
| | | | | | | | | config (#7286) * - rearrange the templates to make it more logical because now ssh_config is a template - implemented the updating of the port to the same as the port sent to the gitea config * change the filename back
* [docker] Add LFS_START_SERVER option to control git-lfs support (#7281)Marat Radchenko2019-06-242-0/+2
|
* Repository avatars (#6986)Sergey Dryabzhinsky2019-05-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Repository avatars - first variant of code from old work for gogs - add migration 87 - add new option in app.ini - add en-US locale string - add new class in repository.less * Add changed index.css, remove unused template name * Update en-us doc about configuration options * Add comments to new functions, add new option to docker app.ini * Add comment for lint * Remove variable, not needed * Fix formatting * Update swagger api template * Check if avatar exists * Fix avatar link/path checks * Typo * TEXT column can't have a default value * Fixes: - remove old avatar file on upload - use ID in name of avatar file - users may upload same files - add simple tests * Fix fmt check * Generate PNG instead of "static" GIF * More informative comment * Fix error message * Update avatar upload checks: - add file size check - add new option - update config docs - add new string to en-us locale * Fixes: - use FileHEader field for check file size - add new test - upload big image * Fix formatting * Update comments * Update log message * Removed wrong style - not needed * Use Sync2 to migrate * Update repos list view - bigger avatar - fix html blocks alignment * A little adjust avatar size * Use small icons for explore/repo list * Use new cool avatar preparation func by @lafriks * Missing changes for new function * Remove unused import, move imports * Missed new option definition in app.ini Add file size check in user/profile avatar upload * Use smaller field length for Avatar * Use session to update repo DB data, update DeleteAvatar - use session too * Fix err variable definition * As suggested @lafriks - return as soon as possible, code readability
* [docker] support for custom GITEA_CUSTOM env var (#6608)Jakob Ackermann2019-05-132-6/+10
|
* [docker] drop the docker Makefile from the image (#6507)Jakob Ackermann2019-05-0512-0/+0
|
* Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)zeripath2019-04-291-2/+1
|
* [docker] let the ssh daemon speak for itself and drop the syslog daemon (#6529)Jakob Ackermann2019-04-164-10/+1
| | | | | | The sshd flag `-e` instructs sshd to output any logs to stderr instead of the syslog. Redirect this output to stdout then. Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker] drop the bits argument when generating an ed25519 key (#6504)Jakob Ackermann2019-04-041-1/+1
| | | | | | | | | From the man page of ssh-keygen:   Ed25519 keys have a fixed length and the -b flag will be ignored. [skip ci] Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Disable auto-migrate in docker container (#5730)techknowlogick2019-01-171-6/+0
|
* docker: stop modifying file permission before migrating database (#5707)Julian2019-01-121-1/+0
|
* migrate database if app.ini found (#5290)Pierre-Alexis Ciavaldini2019-01-051-0/+15
| | | | | | | | * migrate database if app.ini found * replacing hard-coded user id by env variable * Update per @zeripath's feedback
* Fix bug on modifying sshd username (#5624)Moshi Binyamini2019-01-021-1/+1
| | | Should fix #5623
* add git protocol v2 support via SSH on Docker image (#5520)Lunny Xiao2018-12-111-0/+2
| | | | | | * add git protocol v2 support via SSH on Docker image * remove new layer on dockerfile
* only chown directories during docker setup if necessary. Fix #4425 (#5064)Fabian Braun2018-10-301-1/+4
| | | Signed-off-by: Fabian Braun <fabian-braun@mailbox.org>
* Update build tags for sqlite_unlock_notify (#5144)Mura Li2018-10-231-1/+1
|
* Remove UsePrivilegeSeparation from the Docker sshd_config, see #2876 (#4722)Andrew Phillips2018-08-161-1/+0
| | | Signed-off-by: Andrew Phillips <theasp@gmail.com>
* Add missing path in the Docker app.ini template (#2181)Tao Wang2018-07-031-0/+7
|
* Remove call to update certs (#4296)techknowlogick2018-06-211-2/+0
|
* Add Environment Variables to Docker template (#4012)Fluf2018-05-232-0/+6
| | | | | | | | | | | | * Add disable registration as an environment variable for docker * Add REQUIRE_SIGNIN_VIEW as env var to docker * Add variables to template * Update docker docs
* Allow Gitea to run as different USER in Docker (#3961)techknowlogick2018-05-163-2/+9
| | | | | | | | | | | | * If using a different $USER then rename git user * Chown based on $USER env * Target only one part of passwd * su-exec based on $USER not a hardcoded value
* Update certificates to enable self-signed certs (#3708)Jone Marius Vignes2018-03-251-0/+2
| | | | | | | | | | | | | Why: * We are using self-signed ssl certificates for internal services, which results in failures when gitea tries to communicate through webhooks with these. We would like to enable gitea to be able to use these certificates without having to build custom docker images. How * We add the internal certificates to /usr/local/share/ca-certificates on the host * We read-only mount /usr/local/share/ca-certificates from the host to /usr/local/share/ca-certificates in the container * We do a update-ca-certificates in the alpine container before starting gitea This should have no consequence for users that do not have the need to handle self-signed certificates, as update-ca-certificates should be idempotent.
* Docker multi-stage (#2927)Antoine GIRARD2018-03-121-1/+5
| | | | | | | | | | | | * Setup docker multi-stage and little sugar at it * Make codacy happy ? * Revert back to what the official docker documentation suggest Codacy don't seems to follow https://docs.docker.com/engine/reference/builder/#maintainer-deprecated * Update golang version
* Enable content trust when building image (#2972)Piotr Orzechowski2017-12-031-1/+1
|