aboutsummaryrefslogtreecommitdiffstats
path: root/docker
Commit message (Collapse)AuthorAgeFilesLines
* Remove deprecated DSA host key from Docker Container (#21522)Xinyu Zhou2022-11-032-12/+0
| | | | | | | | | | | | | | | Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html ## :warning: BREAKING :warning: This patch will remove DSA host key form OpenSSH daemon configuration file. Signed-off-by: baronbunny <its@baronbunny.cn> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix the mode of custom dir to 0700 in docker-rootless (#20861)wxiaoguang2022-08-191-1/+1
|
* feat: Add support for extra sshd_config parameters via 'Include' file (#19842)Thomas Andrade2022-05-312-0/+3
| | | Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for ↵wxiaoguang2022-05-241-2/+0
| | | | | | | Docker (#19794) * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` in Docker * Update docs/content/doc/installation/with-docker.zh-cn.md
* Configure OpenSSH log level via Environment in Docker (#19274)Gusted2022-03-312-1/+2
| | | Introduce a new environment variable: SSH_LOG_LEVEL
* Fix issue with docker-rootless shimming script (#18690)zeripath2022-02-101-4/+2
|
* Fix pushing to 1-x-dev docker tag (#18578)zeripath2022-02-032-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | * Fix pushing to 1-x-dev docker tag It appears that #18551 and #18573 have a mistake in that raymond does not have an {{else}} on {{#equal}}. This PR notes that Sprig has a hasPrefix function and so we use this with another if. Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix pushing to 1-x-dev docker tag (part 2) Although we now have the manifest working, we need to create the images. Here we adjust the .drone.yml to force building of the images Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix pushing to 1-x-dev docker tag OK now we have the images building we should make sure that the main ones stays dev and the release/v* ones become *-dev-* Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review
* Fix manifest.tmpl (#18573)zeripath2022-02-031-1/+1
| | | | | | A spurious {{/if}} appeared on the manifest.tmpl - this PR simply removes this. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that ↵zeripath2022-02-032-7/+7
| | | | | | | | | | | | | | | | branch (#18551) * Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch One of the problems with our current docker tagging is that although we have strict version tags, latest and dev we do not have a way for docker users to track the current release branch. This PR simply suggests that we use the 1.x-dev tag for these and we build and push these. This will give users who want or need unreleased bug fixes the option of tracking the pre-release version instead of simply jumping to dev. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* In docker rootless use $GITEA_APP_INI if provided (#18524)Michael Kriese2022-02-011-1/+1
|
* Switch to non-deprecation setting (#18358)Gusted2022-01-232-2/+6
| | | | | | * Switch to non-deprecation setting (Avoid by-default: "Deprecated fallback `[server]` `LFS_CONTENT_PATH` present. Use `[lfs]` `PATH` instead. This fallback will be removed in v1.18.0") * Update all references
* Upgrade Alpine from 3.13 to 3.15 (#18050)v1.17.0-devGrzegorz Alibożek2022-01-192-0/+12
| | | | | | | | | | | * Upgrade alpine to 3.15 * Add executability test to entrypoint for too old dockers Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docker/rootless/usr/local/bin/docker-entrypoint.sh Co-authored-by: zeripath <art27@cantab.net>
* Use shadowing script for docker (#17846)zeripath2021-12-013-1/+60
| | | | | | | | | | | | | | | | | | | | Too many docker users are caught out by the default location for the app.ini file being environment dependent so that when they docker exec into the container the gitea commands do not work properly and require additional -c arguments to correctly pick up the configuration. This PR simply shadows the gitea binary using variants of the FHS compatible script to make the command gitea have the default locations by default. Fix #14468 Reference #17497 Reference #12082 Reference #8941 ... amongst others ... Replace #17501 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change docker tag logic (#16421)techknowlogick2021-07-142-7/+9
| | | | | | | | | | | | | * Change docker logic * Apply suggestions from code review Co-authored-by: Kyle D. <kdumontnu@gmail.com> * docs Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Kyle D. <kdumontnu@gmail.com>
* Fix various documentation, user-facing, and source comment typos (#16367)luzpaz2021-07-082-2/+2
| | | | | * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
* Fix bug due to missing MaxStartups and MaxSessions (#16046)zeripath2021-06-012-2/+4
| | | | | | | | | | Unforunately #16009 makes these settings mandatory. This PR uses the same technique as used for the certificates to make these settings non-mandatory. Fix #16044 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Make sshd_config more flexible regarding connections (#16009)Dario Louzado2021-05-311-0/+3
| | | | | | | | | | | | * Make sshd_config more flexible regarding MaxStartups and MaxSessions. See https://man.openbsd.org/sshd_config for more information. * make property prefix equals other existing Gitea SSH properties. Co-authored-by: dlouzado <dlouzado@senado.leg.br>
* Only offer hostcertificates if they exist (#15849)zeripath2021-05-132-4/+24
| | | | | | | | | | | | | | | | | A common bug report is the otherwise harmless sshd logging: ``` Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory ``` This PR simply checks if these files exist before creation of sshd_config and if they do not exist, doesn't add a reference to them. Fix #14110 amongst others. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add reverse proxy configuration support for remote IP address (#14959)Lauris BH2021-03-162-0/+4
| | | | | | | | | * Add reverse proxy configuration support for remote IP address validation * Trust all IP addresses in containerized environments by default * Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add environment-to-ini to docker image (#14762)Kyle D2021-02-232-0/+6
| | | | | | | | | | | * Add environment-to-app.ini routine * Call environment-to-ini in docker setup scripts * Automatically convert section vars to lower case to match documentation * Remove git patch instructions * Add env variable documentation to Install Docker
* Update docs and comments to remove macaron (#14491)Lunny Xiao2021-01-291-2/+0
|
* Set RUN_MODE prod by default (#13765)silverwind2020-11-302-2/+2
| | | | | | | I think it's a bad default to have "dev" as the default run mode which enables debugging and now also disables HTTP caching. It's better to just default to a value suitable for general deployments. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Format files (#13698)65432020-11-282-4/+4
| | | | | | | | | | | | | | | | * align "make help" * format * untouch build/generate-svg.js * untouch .eslintrc * combine editorconfig's * rm editorconfig Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* fix docker rootless manifest (#13386)Antoine GIRARD2020-11-021-1/+1
|
* Remove specific indexer path (#13388)Antoine GIRARD2020-11-011-3/+0
| | | Co-authored-by: Lauris BH <lauris@nix.lv>
* docker: rootless image (#10154)Antoine GIRARD2020-10-314-0/+136
| | | | | | | | | * docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
* Update sshd_config (#13143)Anders Eurenius Runvald2020-10-141-0/+4
| | | | | Afaik, adding these lines does nothing unless the file(s) are present. Having them in let's admins supply certs instead of relying on TOFU. Co-authored-by: zeripath <art27@cantab.net>
* Add ssh certificate support (#12281)Wim2020-10-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Change default log configuration (#13088)zeripath2020-10-101-0/+6
| | | | | | | | | | | | | | | * Change default log configuration This PR changes the install page and the docker default logging configuration to match the suggested configuration that I repeatedly end up suggesting on issues. It further improves the logging configuration docs to recommend specific instructions for how to configure logs for posting to issues. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/logging-documentation.en-us.md
* Disable DSA ssh keys by default (#13056)zeripath2020-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Disable DSA ssh keys by default OpenSSH has disabled DSA keys since version 7.0 As the docker runs openssh > v7.0 we should just disable DSA keys by default. Refers to #11417 Signed-off-by: Andrew Thornton <art27@cantab.net> * Just disable DSA keys by default Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove DSA type * Fix Tests Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix typo in README.md (#12369)Kevin Schweikert2020-07-291-2/+2
| | | Changed Dockefile to Dockerfile
* merge docker makefile into main one (#12289)techknowlogick2020-07-212-14/+7
| | | | | | | | | * merge docker makefile into main one * add readme for docker folder * don't include a file that doesn't exist anymore Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix missing CGO_EXTRA_FLAGS build arg for docker (#11782)Cirno the Strongest2020-06-061-1/+1
| | | Co-authored-by: zeripath <art27@cantab.net>
* Fix; declare DOMAIN variable for docker setup (#10780)Adrian POIGET2020-05-042-0/+2
| | | | | | | | In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable and overwrites SSH_DOMAIN environment variable set the first time if nothing done Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
* Fix latest docker image haven't include static files. (#9252)Lunny Xiao2019-12-051-1/+1
| | | | | | * add warnging on docs * fix docs
* docker: ask s6 to stop all service when gitea stop (#9171)Antoine GIRARD2019-11-271-1/+1
| | | | | | | | * fix: ask s6 to stop all service when gitea stop https://github.com/just-containers/s6-overlay#writing-an-optional-finish-script * change service folder
* Fix #8453 by making openssh listen on SSH_LISTEN_PORT not SSH_PORT (#8477)zeripath2019-10-122-2/+3
|
* Make AllowedUsers configurable in sshd_config (#8094)jpellegrini2019-09-052-3/+1
| | | | | | | | docker/root/usr/bin/entrypoint already allows for the specification of USER, USER_UID, USER_GID. But since AllowedUsers is hardcoded in sshd_config, one cannot log in as a user different ftom git. This change substitutes ${USER} for git in the sshd_config template. Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
* Support SSH_LISTEN_PORT env var in docker app.ini template (#7829)leigh capili2019-08-242-0/+2
| | | Signed-off-by: leigh capili <leigh@null.net>
* drone/docker: prepare multi-arch release + provide arm64 image (#7571)Antoine GIRARD2019-07-241-0/+19
| | | | | | | | | | | | * drone/docker: prepare multi-arch release * Add docker-linux-arm64 pipeline * add arm 64 build to manifest * tag dry-run + indent * Fix notify dependency
* Implement the ability to change the ssh port to match what is in the gitea ↵Christopher Thomas2019-07-062-1/+8
| | | | | | | | | config (#7286) * - rearrange the templates to make it more logical because now ssh_config is a template - implemented the updating of the port to the same as the port sent to the gitea config * change the filename back
* [docker] Add LFS_START_SERVER option to control git-lfs support (#7281)Marat Radchenko2019-06-242-0/+2
|
* Repository avatars (#6986)Sergey Dryabzhinsky2019-05-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Repository avatars - first variant of code from old work for gogs - add migration 87 - add new option in app.ini - add en-US locale string - add new class in repository.less * Add changed index.css, remove unused template name * Update en-us doc about configuration options * Add comments to new functions, add new option to docker app.ini * Add comment for lint * Remove variable, not needed * Fix formatting * Update swagger api template * Check if avatar exists * Fix avatar link/path checks * Typo * TEXT column can't have a default value * Fixes: - remove old avatar file on upload - use ID in name of avatar file - users may upload same files - add simple tests * Fix fmt check * Generate PNG instead of "static" GIF * More informative comment * Fix error message * Update avatar upload checks: - add file size check - add new option - update config docs - add new string to en-us locale * Fixes: - use FileHEader field for check file size - add new test - upload big image * Fix formatting * Update comments * Update log message * Removed wrong style - not needed * Use Sync2 to migrate * Update repos list view - bigger avatar - fix html blocks alignment * A little adjust avatar size * Use small icons for explore/repo list * Use new cool avatar preparation func by @lafriks * Missing changes for new function * Remove unused import, move imports * Missed new option definition in app.ini Add file size check in user/profile avatar upload * Use smaller field length for Avatar * Use session to update repo DB data, update DeleteAvatar - use session too * Fix err variable definition * As suggested @lafriks - return as soon as possible, code readability
* [docker] support for custom GITEA_CUSTOM env var (#6608)Jakob Ackermann2019-05-132-6/+10
|
* [docker] drop the docker Makefile from the image (#6507)Jakob Ackermann2019-05-0512-0/+0
|
* Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)zeripath2019-04-291-2/+1
|
* [docker] let the ssh daemon speak for itself and drop the syslog daemon (#6529)Jakob Ackermann2019-04-164-10/+1
| | | | | | The sshd flag `-e` instructs sshd to output any logs to stderr instead of the syslog. Redirect this output to stdout then. Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker] drop the bits argument when generating an ed25519 key (#6504)Jakob Ackermann2019-04-041-1/+1
| | | | | | | | | From the man page of ssh-keygen:   Ed25519 keys have a fixed length and the -b flag will be ignored. [skip ci] Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Disable auto-migrate in docker container (#5730)techknowlogick2019-01-171-6/+0
|
* docker: stop modifying file permission before migrating database (#5707)Julian2019-01-121-1/+0
|