From e8433b7fe6dd1dfa5ecf0633568cc3e34caeb0f9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 23 Mar 2023 23:18:24 +0800 Subject: Restructure documentation. Now the documentation has installation, administration, usage, development, contributing the 5 main parts (#23629) - **Installation**: includes how to install Gitea and related other tools, also includes upgrade Gitea - **Administration**: includes how to configure Gitea, customize Gitea and manage Gitea instance out of Gitea admin UI - **Usage**: includes how to use Gitea's functionalities. A sub documentation is about packages, in future we could also include CI/CD and others. - **Development**: includes how to integrate with Gitea's API, how to develop new features within Gitea - **Contributing**: includes how to contribute code to Gitea repositories. After this is merged, I think we can have a sub-documentation of `Usage` part named `Actions` to describe how to use Gitea actions --------- Co-authored-by: John Olheiser --- docs/content/doc/administration.en-us.md | 14 + docs/content/doc/administration.fr-fr.md | 13 + docs/content/doc/administration.zh-cn.md | 13 + docs/content/doc/administration.zh-tw.md | 13 + .../doc/administration/adding-legal-pages.en-us.md | 38 + .../doc/administration/backup-and-restore.en-us.md | 170 +++ .../doc/administration/backup-and-restore.zh-cn.md | 66 + .../doc/administration/backup-and-restore.zh-tw.md | 66 + .../doc/administration/cmd-embedded.en-us.md | 121 ++ .../doc/administration/command-line.en-us.md | 553 ++++++++ .../doc/administration/config-cheat-sheet.en-us.md | 1395 ++++++++++++++++++++ .../doc/administration/config-cheat-sheet.zh-cn.md | 487 +++++++ .../doc/administration/customizing-gitea.en-us.md | 372 ++++++ .../doc/administration/customizing-gitea.zh-cn.md | 88 ++ .../doc/administration/email-setup.en-us.md | 90 ++ .../administration/environment-variables.en-us.md | 63 + .../administration/environment-variables.zh-cn.md | 55 + .../doc/administration/external-renderers.en-us.md | 196 +++ .../doc/administration/fail2ban-setup.en-us.md | 125 ++ .../doc/administration/fail2ban-setup.zh-cn.md | 92 ++ .../doc/administration/git-lfs-support.en-us.md | 30 + .../doc/administration/https-support.en-us.md | 102 ++ .../administration/logging-documentation.en-us.md | 522 ++++++++ .../doc/administration/mail-templates.en-us.md | 280 ++++ .../doc/administration/repo-indexer.en-us.md | 62 + .../doc/administration/reverse-proxies.en-us.md | 387 ++++++ .../doc/administration/reverse-proxies.zh-cn.md | 138 ++ .../search-engines-indexation.en-us.md | 38 + docs/content/doc/administration/signing.en-us.md | 177 +++ docs/content/doc/advanced.en-us.md | 13 - docs/content/doc/advanced.fr-fr.md | 13 - docs/content/doc/advanced.zh-cn.md | 13 - docs/content/doc/advanced.zh-tw.md | 13 - .../doc/advanced/adding-legal-pages.en-us.md | 38 - docs/content/doc/advanced/clone-filter.en-us.md | 37 - docs/content/doc/advanced/cmd-embedded.en-us.md | 121 -- .../doc/advanced/config-cheat-sheet.en-us.md | 1395 -------------------- .../doc/advanced/config-cheat-sheet.zh-cn.md | 487 ------- .../doc/advanced/customizing-gitea.en-us.md | 372 ------ .../doc/advanced/customizing-gitea.zh-cn.md | 88 -- .../doc/advanced/environment-variables.en-us.md | 63 - .../doc/advanced/environment-variables.zh-cn.md | 55 - .../doc/advanced/external-renderers.en-us.md | 196 --- .../doc/advanced/logging-documentation.en-us.md | 522 -------- docs/content/doc/advanced/mail-templates.en-us.md | 280 ---- docs/content/doc/advanced/protected-tags.en-us.md | 57 - docs/content/doc/advanced/repo-indexer.en-us.md | 62 - docs/content/doc/advanced/repo-mirror.en-us.md | 92 -- .../advanced/search-engines-indexation.en-us.md | 38 - docs/content/doc/advanced/signing.en-us.md | 177 --- docs/content/doc/contributing.en-us.md | 13 + docs/content/doc/contributing.fr-fr.md | 13 + docs/content/doc/contributing.zh-tw.md | 13 + .../doc/contributing/guidelines-backend.en-us.md | 123 ++ .../doc/contributing/guidelines-frontend.en-us.md | 136 ++ .../contributing/guidelines-refactoring.en-us.md | 51 + .../content/doc/contributing/localization.en-us.md | 33 + .../content/doc/contributing/localization.zh-cn.md | 32 + .../content/doc/contributing/localization.zh-tw.md | 32 + docs/content/doc/contributing/translation.de-de.md | 63 + docs/content/doc/contributing/translation.en-us.md | 17 + docs/content/doc/developers.en-us.md | 13 - docs/content/doc/developers.zh-cn.md | 13 - docs/content/doc/developers.zh-tw.md | 13 - docs/content/doc/developers/api-usage.en-us.md | 137 -- docs/content/doc/developers/api-usage.zh-cn.md | 71 - .../doc/developers/guidelines-backend.en-us.md | 123 -- .../doc/developers/guidelines-frontend.en-us.md | 136 -- .../doc/developers/guidelines-refactoring.en-us.md | 51 - .../doc/developers/hacking-on-gitea.en-us.md | 379 ------ .../doc/developers/hacking-on-gitea.zh-cn.md | 349 ----- docs/content/doc/developers/integrations.en-us.md | 45 - docs/content/doc/developers/integrations.zh-tw.md | 22 - docs/content/doc/developers/migrations.en-us.md | 41 - docs/content/doc/developers/migrations.zh-tw.md | 39 - .../doc/developers/oauth2-provider.en-us.md | 139 -- .../doc/developers/oauth2-provider.zh-tw.md | 96 -- docs/content/doc/development.en-us.md | 13 + docs/content/doc/development.zh-cn.md | 13 + docs/content/doc/development.zh-tw.md | 13 + docs/content/doc/development/api-usage.en-us.md | 137 ++ docs/content/doc/development/api-usage.zh-cn.md | 71 + .../doc/development/hacking-on-gitea.en-us.md | 379 ++++++ .../doc/development/hacking-on-gitea.zh-cn.md | 349 +++++ docs/content/doc/development/integrations.en-us.md | 45 + docs/content/doc/development/integrations.zh-tw.md | 22 + docs/content/doc/development/migrations.en-us.md | 41 + docs/content/doc/development/migrations.zh-tw.md | 39 + .../doc/development/oauth2-provider.en-us.md | 139 ++ .../doc/development/oauth2-provider.zh-tw.md | 96 ++ docs/content/doc/features.en-us.md | 13 - docs/content/doc/features.zh-cn.md | 13 - docs/content/doc/features.zh-tw.md | 13 - docs/content/doc/features/authentication.en-us.md | 350 ----- docs/content/doc/features/authentication.zh-cn.md | 35 - docs/content/doc/features/authentication.zh-tw.md | 18 - docs/content/doc/features/comparison.en-us.md | 146 -- docs/content/doc/features/comparison.zh-cn.md | 131 -- docs/content/doc/features/comparison.zh-tw.md | 132 -- docs/content/doc/features/localization.en-us.md | 33 - docs/content/doc/features/localization.zh-cn.md | 32 - docs/content/doc/features/localization.zh-tw.md | 32 - docs/content/doc/features/webhooks.en-us.md | 194 --- docs/content/doc/features/webhooks.zh-cn.md | 32 - docs/content/doc/features/webhooks.zh-tw.md | 188 --- docs/content/doc/help.en-us.md | 2 +- docs/content/doc/help.fr-fr.md | 2 +- docs/content/doc/help.zh-cn.md | 2 +- docs/content/doc/help.zh-tw.md | 2 +- docs/content/doc/help/faq.en-us.md | 30 +- docs/content/doc/installation/comparison.en-us.md | 146 ++ docs/content/doc/installation/comparison.zh-cn.md | 131 ++ docs/content/doc/installation/comparison.zh-tw.md | 132 ++ .../doc/installation/database-preparation.en-us.md | 2 +- docs/content/doc/installation/from-binary.en-us.md | 6 +- docs/content/doc/installation/from-binary.zh-cn.md | 4 +- docs/content/doc/installation/from-source.en-us.md | 4 +- .../doc/installation/upgrade-from-gitea.en-us.md | 93 ++ .../doc/installation/upgrade-from-gogs.en-us.md | 114 ++ .../doc/installation/upgrade-from-gogs.fr-fr.md | 83 ++ .../doc/installation/upgrade-from-gogs.zh-cn.md | 26 + .../doc/installation/upgrade-from-gogs.zh-tw.md | 107 ++ .../doc/installation/with-docker-rootless.en-us.md | 2 +- docs/content/doc/installation/with-docker.en-us.md | 2 +- docs/content/doc/installation/with-docker.fr-fr.md | 2 +- docs/content/doc/installation/with-docker.zh-cn.md | 2 +- docs/content/doc/installation/with-docker.zh-tw.md | 2 +- docs/content/doc/packages.en-us.md | 9 +- docs/content/doc/packages/cargo.en-us.md | 4 +- docs/content/doc/packages/chef.en-us.md | 2 +- docs/content/doc/packages/composer.en-us.md | 4 +- docs/content/doc/packages/conan.en-us.md | 4 +- docs/content/doc/packages/conda.en-us.md | 2 +- docs/content/doc/packages/container.en-us.md | 4 +- docs/content/doc/packages/generic.en-us.md | 6 +- docs/content/doc/packages/helm.en-us.md | 4 +- docs/content/doc/packages/maven.en-us.md | 4 +- docs/content/doc/packages/npm.en-us.md | 4 +- docs/content/doc/packages/nuget.en-us.md | 6 +- docs/content/doc/packages/overview.en-us.md | 2 +- docs/content/doc/packages/pub.en-us.md | 4 +- docs/content/doc/packages/pypi.en-us.md | 4 +- docs/content/doc/packages/rubygems.en-us.md | 4 +- docs/content/doc/packages/storage.en-us.md | 6 +- docs/content/doc/packages/swift.en-us.md | 6 +- docs/content/doc/packages/vagrant.en-us.md | 4 +- docs/content/doc/secrets/overview.en-us.md | 36 - docs/content/doc/translation.de-de.md | 13 - docs/content/doc/translation.en-us.md | 13 - docs/content/doc/translation.zh-tw.md | 13 - docs/content/doc/translation/guidelines.de-de.md | 63 - docs/content/doc/translation/guidelines.en-us.md | 17 - docs/content/doc/upgrade.en-us.md | 13 - docs/content/doc/upgrade.fr-fr.md | 13 - docs/content/doc/upgrade.zh-cn.md | 13 - docs/content/doc/upgrade.zh-tw.md | 13 - docs/content/doc/upgrade/from-gitea.en-us.md | 95 -- docs/content/doc/upgrade/from-gogs.en-us.md | 114 -- docs/content/doc/upgrade/from-gogs.fr-fr.md | 83 -- docs/content/doc/upgrade/from-gogs.zh-cn.md | 26 - docs/content/doc/upgrade/from-gogs.zh-tw.md | 107 -- docs/content/doc/usage.en-us.md | 2 +- docs/content/doc/usage.zh-cn.md | 2 +- docs/content/doc/usage.zh-tw.md | 2 +- docs/content/doc/usage/authentication.en-us.md | 350 +++++ docs/content/doc/usage/authentication.zh-cn.md | 35 + docs/content/doc/usage/authentication.zh-tw.md | 18 + docs/content/doc/usage/backup-and-restore.en-us.md | 170 --- docs/content/doc/usage/backup-and-restore.zh-cn.md | 66 - docs/content/doc/usage/backup-and-restore.zh-tw.md | 66 - docs/content/doc/usage/clone-filter.en-us.md | 37 + docs/content/doc/usage/command-line.en-us.md | 553 -------- docs/content/doc/usage/email-setup.en-us.md | 90 -- docs/content/doc/usage/fail2ban-setup.en-us.md | 125 -- docs/content/doc/usage/fail2ban-setup.zh-cn.md | 92 -- docs/content/doc/usage/git-lfs-support.en-us.md | 30 - docs/content/doc/usage/https-support.en-us.md | 102 -- docs/content/doc/usage/linked-references.en-us.md | 2 +- docs/content/doc/usage/protected-tags.en-us.md | 57 + docs/content/doc/usage/push-to-create.en-us.md | 2 +- docs/content/doc/usage/repo-mirror.en-us.md | 92 ++ docs/content/doc/usage/reverse-proxies.en-us.md | 387 ------ docs/content/doc/usage/reverse-proxies.zh-cn.md | 138 -- docs/content/doc/usage/secrets.en-us.md | 36 + docs/content/doc/usage/webhooks.en-us.md | 194 +++ docs/content/doc/usage/webhooks.zh-cn.md | 32 + docs/content/doc/usage/webhooks.zh-tw.md | 188 +++ 187 files changed, 9599 insertions(+), 9690 deletions(-) create mode 100644 docs/content/doc/administration.en-us.md create mode 100644 docs/content/doc/administration.fr-fr.md create mode 100644 docs/content/doc/administration.zh-cn.md create mode 100644 docs/content/doc/administration.zh-tw.md create mode 100644 docs/content/doc/administration/adding-legal-pages.en-us.md create mode 100644 docs/content/doc/administration/backup-and-restore.en-us.md create mode 100644 docs/content/doc/administration/backup-and-restore.zh-cn.md create mode 100644 docs/content/doc/administration/backup-and-restore.zh-tw.md create mode 100644 docs/content/doc/administration/cmd-embedded.en-us.md create mode 100644 docs/content/doc/administration/command-line.en-us.md create mode 100644 docs/content/doc/administration/config-cheat-sheet.en-us.md create mode 100644 docs/content/doc/administration/config-cheat-sheet.zh-cn.md create mode 100644 docs/content/doc/administration/customizing-gitea.en-us.md create mode 100644 docs/content/doc/administration/customizing-gitea.zh-cn.md create mode 100644 docs/content/doc/administration/email-setup.en-us.md create mode 100644 docs/content/doc/administration/environment-variables.en-us.md create mode 100644 docs/content/doc/administration/environment-variables.zh-cn.md create mode 100644 docs/content/doc/administration/external-renderers.en-us.md create mode 100644 docs/content/doc/administration/fail2ban-setup.en-us.md create mode 100644 docs/content/doc/administration/fail2ban-setup.zh-cn.md create mode 100644 docs/content/doc/administration/git-lfs-support.en-us.md create mode 100644 docs/content/doc/administration/https-support.en-us.md create mode 100644 docs/content/doc/administration/logging-documentation.en-us.md create mode 100644 docs/content/doc/administration/mail-templates.en-us.md create mode 100644 docs/content/doc/administration/repo-indexer.en-us.md create mode 100644 docs/content/doc/administration/reverse-proxies.en-us.md create mode 100644 docs/content/doc/administration/reverse-proxies.zh-cn.md create mode 100644 docs/content/doc/administration/search-engines-indexation.en-us.md create mode 100644 docs/content/doc/administration/signing.en-us.md delete mode 100644 docs/content/doc/advanced.en-us.md delete mode 100644 docs/content/doc/advanced.fr-fr.md delete mode 100644 docs/content/doc/advanced.zh-cn.md delete mode 100644 docs/content/doc/advanced.zh-tw.md delete mode 100644 docs/content/doc/advanced/adding-legal-pages.en-us.md delete mode 100644 docs/content/doc/advanced/clone-filter.en-us.md delete mode 100644 docs/content/doc/advanced/cmd-embedded.en-us.md delete mode 100644 docs/content/doc/advanced/config-cheat-sheet.en-us.md delete mode 100644 docs/content/doc/advanced/config-cheat-sheet.zh-cn.md delete mode 100644 docs/content/doc/advanced/customizing-gitea.en-us.md delete mode 100644 docs/content/doc/advanced/customizing-gitea.zh-cn.md delete mode 100644 docs/content/doc/advanced/environment-variables.en-us.md delete mode 100644 docs/content/doc/advanced/environment-variables.zh-cn.md delete mode 100644 docs/content/doc/advanced/external-renderers.en-us.md delete mode 100644 docs/content/doc/advanced/logging-documentation.en-us.md delete mode 100644 docs/content/doc/advanced/mail-templates.en-us.md delete mode 100644 docs/content/doc/advanced/protected-tags.en-us.md delete mode 100644 docs/content/doc/advanced/repo-indexer.en-us.md delete mode 100644 docs/content/doc/advanced/repo-mirror.en-us.md delete mode 100644 docs/content/doc/advanced/search-engines-indexation.en-us.md delete mode 100644 docs/content/doc/advanced/signing.en-us.md create mode 100644 docs/content/doc/contributing.en-us.md create mode 100644 docs/content/doc/contributing.fr-fr.md create mode 100644 docs/content/doc/contributing.zh-tw.md create mode 100644 docs/content/doc/contributing/guidelines-backend.en-us.md create mode 100644 docs/content/doc/contributing/guidelines-frontend.en-us.md create mode 100644 docs/content/doc/contributing/guidelines-refactoring.en-us.md create mode 100644 docs/content/doc/contributing/localization.en-us.md create mode 100644 docs/content/doc/contributing/localization.zh-cn.md create mode 100644 docs/content/doc/contributing/localization.zh-tw.md create mode 100644 docs/content/doc/contributing/translation.de-de.md create mode 100644 docs/content/doc/contributing/translation.en-us.md delete mode 100644 docs/content/doc/developers.en-us.md delete mode 100644 docs/content/doc/developers.zh-cn.md delete mode 100644 docs/content/doc/developers.zh-tw.md delete mode 100644 docs/content/doc/developers/api-usage.en-us.md delete mode 100644 docs/content/doc/developers/api-usage.zh-cn.md delete mode 100644 docs/content/doc/developers/guidelines-backend.en-us.md delete mode 100644 docs/content/doc/developers/guidelines-frontend.en-us.md delete mode 100644 docs/content/doc/developers/guidelines-refactoring.en-us.md delete mode 100644 docs/content/doc/developers/hacking-on-gitea.en-us.md delete mode 100644 docs/content/doc/developers/hacking-on-gitea.zh-cn.md delete mode 100644 docs/content/doc/developers/integrations.en-us.md delete mode 100644 docs/content/doc/developers/integrations.zh-tw.md delete mode 100644 docs/content/doc/developers/migrations.en-us.md delete mode 100644 docs/content/doc/developers/migrations.zh-tw.md delete mode 100644 docs/content/doc/developers/oauth2-provider.en-us.md delete mode 100644 docs/content/doc/developers/oauth2-provider.zh-tw.md create mode 100644 docs/content/doc/development.en-us.md create mode 100644 docs/content/doc/development.zh-cn.md create mode 100644 docs/content/doc/development.zh-tw.md create mode 100644 docs/content/doc/development/api-usage.en-us.md create mode 100644 docs/content/doc/development/api-usage.zh-cn.md create mode 100644 docs/content/doc/development/hacking-on-gitea.en-us.md create mode 100644 docs/content/doc/development/hacking-on-gitea.zh-cn.md create mode 100644 docs/content/doc/development/integrations.en-us.md create mode 100644 docs/content/doc/development/integrations.zh-tw.md create mode 100644 docs/content/doc/development/migrations.en-us.md create mode 100644 docs/content/doc/development/migrations.zh-tw.md create mode 100644 docs/content/doc/development/oauth2-provider.en-us.md create mode 100644 docs/content/doc/development/oauth2-provider.zh-tw.md delete mode 100644 docs/content/doc/features.en-us.md delete mode 100644 docs/content/doc/features.zh-cn.md delete mode 100644 docs/content/doc/features.zh-tw.md delete mode 100644 docs/content/doc/features/authentication.en-us.md delete mode 100644 docs/content/doc/features/authentication.zh-cn.md delete mode 100644 docs/content/doc/features/authentication.zh-tw.md delete mode 100644 docs/content/doc/features/comparison.en-us.md delete mode 100644 docs/content/doc/features/comparison.zh-cn.md delete mode 100644 docs/content/doc/features/comparison.zh-tw.md delete mode 100644 docs/content/doc/features/localization.en-us.md delete mode 100644 docs/content/doc/features/localization.zh-cn.md delete mode 100644 docs/content/doc/features/localization.zh-tw.md delete mode 100644 docs/content/doc/features/webhooks.en-us.md delete mode 100644 docs/content/doc/features/webhooks.zh-cn.md delete mode 100644 docs/content/doc/features/webhooks.zh-tw.md create mode 100644 docs/content/doc/installation/comparison.en-us.md create mode 100644 docs/content/doc/installation/comparison.zh-cn.md create mode 100644 docs/content/doc/installation/comparison.zh-tw.md create mode 100644 docs/content/doc/installation/upgrade-from-gitea.en-us.md create mode 100644 docs/content/doc/installation/upgrade-from-gogs.en-us.md create mode 100644 docs/content/doc/installation/upgrade-from-gogs.fr-fr.md create mode 100644 docs/content/doc/installation/upgrade-from-gogs.zh-cn.md create mode 100644 docs/content/doc/installation/upgrade-from-gogs.zh-tw.md delete mode 100644 docs/content/doc/secrets/overview.en-us.md delete mode 100644 docs/content/doc/translation.de-de.md delete mode 100644 docs/content/doc/translation.en-us.md delete mode 100644 docs/content/doc/translation.zh-tw.md delete mode 100644 docs/content/doc/translation/guidelines.de-de.md delete mode 100644 docs/content/doc/translation/guidelines.en-us.md delete mode 100644 docs/content/doc/upgrade.en-us.md delete mode 100644 docs/content/doc/upgrade.fr-fr.md delete mode 100644 docs/content/doc/upgrade.zh-cn.md delete mode 100644 docs/content/doc/upgrade.zh-tw.md delete mode 100644 docs/content/doc/upgrade/from-gitea.en-us.md delete mode 100644 docs/content/doc/upgrade/from-gogs.en-us.md delete mode 100644 docs/content/doc/upgrade/from-gogs.fr-fr.md delete mode 100644 docs/content/doc/upgrade/from-gogs.zh-cn.md delete mode 100644 docs/content/doc/upgrade/from-gogs.zh-tw.md create mode 100644 docs/content/doc/usage/authentication.en-us.md create mode 100644 docs/content/doc/usage/authentication.zh-cn.md create mode 100644 docs/content/doc/usage/authentication.zh-tw.md delete mode 100644 docs/content/doc/usage/backup-and-restore.en-us.md delete mode 100644 docs/content/doc/usage/backup-and-restore.zh-cn.md delete mode 100644 docs/content/doc/usage/backup-and-restore.zh-tw.md create mode 100644 docs/content/doc/usage/clone-filter.en-us.md delete mode 100644 docs/content/doc/usage/command-line.en-us.md delete mode 100644 docs/content/doc/usage/email-setup.en-us.md delete mode 100644 docs/content/doc/usage/fail2ban-setup.en-us.md delete mode 100644 docs/content/doc/usage/fail2ban-setup.zh-cn.md delete mode 100644 docs/content/doc/usage/git-lfs-support.en-us.md delete mode 100644 docs/content/doc/usage/https-support.en-us.md create mode 100644 docs/content/doc/usage/protected-tags.en-us.md create mode 100644 docs/content/doc/usage/repo-mirror.en-us.md delete mode 100644 docs/content/doc/usage/reverse-proxies.en-us.md delete mode 100644 docs/content/doc/usage/reverse-proxies.zh-cn.md create mode 100644 docs/content/doc/usage/secrets.en-us.md create mode 100644 docs/content/doc/usage/webhooks.en-us.md create mode 100644 docs/content/doc/usage/webhooks.zh-cn.md create mode 100644 docs/content/doc/usage/webhooks.zh-tw.md (limited to 'docs/content') diff --git a/docs/content/doc/administration.en-us.md b/docs/content/doc/administration.en-us.md new file mode 100644 index 0000000000..5d3ba385d9 --- /dev/null +++ b/docs/content/doc/administration.en-us.md @@ -0,0 +1,14 @@ +--- +date: "2016-12-01T16:00:00+02:00" +title: "Administration" +slug: "administration" +weight: 30 +toc: false +draft: false +menu: + sidebar: + name: "Administration" + weight: 20 + collapse: true + identifier: "administration" +--- diff --git a/docs/content/doc/administration.fr-fr.md b/docs/content/doc/administration.fr-fr.md new file mode 100644 index 0000000000..957ff7b194 --- /dev/null +++ b/docs/content/doc/administration.fr-fr.md @@ -0,0 +1,13 @@ +--- +date: "2017-08-23T09:00:00+02:00" +title: "Avancé" +slug: "administration" +weight: 30 +toc: false +draft: false +menu: + sidebar: + name: "Avancé" + weight: 20 + identifier: "administration" +--- diff --git a/docs/content/doc/administration.zh-cn.md b/docs/content/doc/administration.zh-cn.md new file mode 100644 index 0000000000..6e032d3266 --- /dev/null +++ b/docs/content/doc/administration.zh-cn.md @@ -0,0 +1,13 @@ +--- +date: "2016-12-01T16:00:00+02:00" +title: "运维" +slug: "administration" +weight: 30 +toc: false +draft: false +menu: + sidebar: + name: "运维" + weight: 20 + identifier: "administration" +--- diff --git a/docs/content/doc/administration.zh-tw.md b/docs/content/doc/administration.zh-tw.md new file mode 100644 index 0000000000..daf8e3f105 --- /dev/null +++ b/docs/content/doc/administration.zh-tw.md @@ -0,0 +1,13 @@ +--- +date: "2016-12-01T16:00:00+02:00" +title: "運維" +slug: "administration" +weight: 30 +toc: false +draft: false +menu: + sidebar: + name: "運維" + weight: 20 + identifier: "administration" +--- diff --git a/docs/content/doc/administration/adding-legal-pages.en-us.md b/docs/content/doc/administration/adding-legal-pages.en-us.md new file mode 100644 index 0000000000..9ba8c4fd81 --- /dev/null +++ b/docs/content/doc/administration/adding-legal-pages.en-us.md @@ -0,0 +1,38 @@ +--- +date: "2019-12-28" +title: "Adding Legal Pages" +slug: adding-legal-pages +weight: 9 +toc: false +draft: false +menu: + sidebar: + parent: "administration" + name: "Adding Legal Pages" + identifier: "adding-legal-pages" + weight: 110 +--- + +Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Policy) to be added to website. Follow these steps to add them to your Gitea instance. + +## Getting Pages + +Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy: + +``` +wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample +``` + +Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation. + +You absolutely must not place a general ToS or privacy statement that implies that the Gitea project is responsible for your server. + +## Make it Visible + +Create or append to `/path/to/custom/templates/custom/extra_links_footer.tmpl`: + +```go +Privacy Policy +``` + +Restart Gitea to see the changes. diff --git a/docs/content/doc/administration/backup-and-restore.en-us.md b/docs/content/doc/administration/backup-and-restore.en-us.md new file mode 100644 index 0000000000..16e8654b74 --- /dev/null +++ b/docs/content/doc/administration/backup-and-restore.en-us.md @@ -0,0 +1,170 @@ +--- +date: "2017-01-01T16:00:00+02:00" +title: "Usage: Backup and Restore" +slug: "backup-and-restore" +weight: 11 +toc: false +draft: false +menu: + sidebar: + parent: "administration" + name: "Backup and Restore" + weight: 11 + identifier: "backup-and-restore" +--- + +# Backup and Restore + +Gitea currently has a `dump` command that will save the installation to a ZIP file. This +file can be unpacked and used to restore an instance. + +**Table of Contents** + +{{< toc >}} + +## Backup Consistency + +To ensure the consistency of the Gitea instance, it must be shutdown during backup. + +Gitea consists of a database, files and git repositories, all of which change when it is used. For instance, when a migration is in progress, a transaction is created in the database while the git repository is being copied over. If the backup happens in the middle of the migration, the git repository may be incomplete although the database claims otherwise because it was dumped afterwards. The only way to avoid such race conditions is by stopping the Gitea instance during the backups. + +## Backup Command (`dump`) + +Switch to the user running Gitea: `su git`. Run `./gitea dump -c /path/to/app.ini` in the Gitea installation +directory. There should be some output similar to the following: + +```none +2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001 +2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories +2016/12/27 22:32:22 Dumping database... +2016/12/27 22:32:22 Packing dump files... +2016/12/27 22:32:34 Removing tmp work dir: /tmp/gitea-dump-417443001 +2016/12/27 22:32:34 Finish dumping in file gitea-dump-1482906742.zip +``` + +Inside the `gitea-dump-1482906742.zip` file, will be the following: + +- `app.ini` - Optional copy of configuration file if originally stored outside of the default `custom/` directory +- `custom` - All config or customization files in `custom/`. +- `data` - Data directory in , except sessions if you are using file session. This directory includes `attachments`, `avatars`, `lfs`, `indexers`, SQLite file if you are using SQLite. +- `gitea-db.sql` - SQL dump of database +- `gitea-repo.zip` - Complete copy of the repository directory. +- `log/` - Various logs. They are not needed for a recovery or migration. + +Intermediate backup files are created in a temporary directory specified either with the +`--tempdir` command-line parameter or the `TMPDIR` environment variable. + +## Backup the database + +The SQL dump created by `gitea dump` uses XORM and Gitea admins may prefer to use the native the MySQL and PostgreSQL dump tools instead. There are still open issues when using XORM for dumping the database that may cause problems when attempting to restore it. + +```sh +# mysql +mysqldump -u$USER -p$PASS --database $DATABASE > gitea-db.sql +# postgres +pg_dump -U $USER $DATABASE > gitea-db.sql +``` + +### Using Docker (`dump`) + +There are a few caveats for using the `dump` command with Docker. + +The command has to be executed with the `RUN_USER = ` specified in `gitea/conf/app.ini`; and, for the zipping of the backup folder to occur without permission error the command `docker exec` must be executed inside of the `--tempdir`. + +Example: + +```none +docker exec -u -it -w <--tempdir> $(docker ps -qf 'name=^$') bash -c '/usr/local/bin/gitea dump -c ' +``` + +\*Note: `--tempdir` refers to the temporary directory of the docker environment used by Gitea; if you have not specified a custom `--tempdir`, then Gitea uses `/tmp` or the `TMPDIR` environment variable of the docker container. For `--tempdir` adjust your `docker exec` command options accordingly. + +The result should be a file, stored in the `--tempdir` specified, along the lines of: `gitea-dump-1482906742.zip` + +## Restore Command (`restore`) + +There is currently no support for a recovery command. It is a manual process that mostly +involves moving files to their correct locations and restoring a database dump. + +Example: + +```sh +unzip gitea-dump-1610949662.zip +cd gitea-dump-1610949662 +mv data/conf/app.ini /etc/gitea/conf/app.ini +mv data/* /var/lib/gitea/data/ +mv log/* /var/lib/gitea/log/ +mv repos/* /var/lib/gitea/repositories/ +chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea + +# mysql +mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE Docker), or if Gitea is installed to a different directory than the previous installation. + +With Gitea running, and from the directory Gitea's binary is located, execute: `./gitea admin regenerate hooks` + +This ensures that application and configuration file paths in repository Git Hooks are consistent and applicable to the current installation. If these paths are not updated, repository `push` actions will fail. + +### Using Docker (`restore`) + +There is also no support for a recovery command in a Docker-based gitea instance. The restore process contains the same steps as described in the previous section but with different paths. + +Example: + +```sh +# open bash session in container +docker exec --user git -it 2a83b293548e bash +# unzip your backup file within the container +unzip gitea-dump-1610949662.zip +cd gitea-dump-1610949662 +# restore the gitea data +mv data/* /data/gitea +# restore the repositories itself +mv repos/* /data/git/repositories/ +# adjust file permissions +chown -R git:git /data +# Regenerate Git Hooks +/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks +``` + +The default user in the gitea container is `git` (1000:1000). Please replace `2a83b293548e` with your gitea container id or name. + +These are the default paths used in the container: + +```text +DEFAULT CONFIGURATION: + CustomPath: /data/gitea (GITEA_CUSTOM) + CustomConf: /data/gitea/conf/app.ini + AppPath: /usr/local/bin/gitea + AppWorkPath: /usr/local/bin +``` + +### Using Docker-rootless (`restore`) + +The restore workflow in Docker-rootless containers differs only in the directories to be used: + +```sh +# open bash session in container +docker exec --user git -it 2a83b293548e bash +# unzip your backup file within the container +unzip gitea-dump-1610949662.zip +cd gitea-dump-1610949662 +# restore the app.ini +mv data/conf/app.ini /etc/gitea/app.ini +# restore the gitea data +mv data/* /var/lib/gitea +# restore the repositories itself +mv repos/* /var/lib/gitea/git/repositories +# adjust file permissions +chown -R git:git /etc/gitea/app.ini /var/lib/gitea +# Regenerate Git Hooks +/usr/local/bin/gitea -c '/etc/gitea/app.ini' admin regenerate hooks +``` diff --git a/docs/content/doc/administration/backup-and-restore.zh-cn.md b/docs/content/doc/administration/backup-and-restore.zh-cn.md new file mode 100644 index 0000000000..602657f419 --- /dev/null +++ b/docs/content/doc/administration/backup-and-restore.zh-cn.md @@ -0,0 +1,66 @@ +--- +date: "2018-06-06T09:33:00+08:00" +title: "使用:备份与恢复" +slug: "backup-and-restore" +weight: 11 +toc: false +draft: false +menu: + sidebar: + parent: "administration" + name: "备份与恢复" + weight: 11 + identifier: "backup-and-restore" +--- + +# 备份与恢复 + +Gitea 已经实现了 `dump` 命令可以用来备份所有需要的文件到一个zip压缩文件。该压缩文件可以被用来进行数据恢复。 + +## 备份命令 (`dump`) + +先转到git用户的权限: `su git`. 再Gitea目录运行 `./gitea dump`。一般会显示类似如下的输出: + +``` +2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001 +2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories +2016/12/27 22:32:22 Dumping database... +2016/12/27 22:32:22 Packing dump files... +2016/12/27 22:32:34 Removing tmp work dir: /tmp/gitea-dump-417443001 +2016/12/27 22:32:34 Finish dumping in file gitea-dump-1482906742.zip +``` + +最后生成的 `gitea-dump-1482906742.zip` 文件将会包含如下内容: + +* `custom` - 所有保存在 `custom/` 目录下的配置和自定义的文件。 +* `data` - 数据目录下的所有内容不包含使用文件session的文件。该目录包含 `attachments`, `avatars`, `lfs`, `indexers`, 如果使用sqlite 还会包含 sqlite 数据库文件。 +* `gitea-db.sql` - 数据库dump出来的 SQL。 +* `gitea-repo.zip` - Git仓库压缩文件。 +* `log/` - Logs文件,如果用作迁移不是必须的。 + +中间备份文件将会在临时目录进行创建,如果您要重新指定临时目录,可以用 `--tempdir` 参数,或者用 `TMPDIR` 环境变量。 + +## Restore Command (`restore`) + +当前还没有恢复命令,恢复需要人工进行。主要是把文件和数据库进行恢复。 + +例如: + +```sh +unzip gitea-dump-1610949662.zip +cd gitea-dump-1610949662 +mv data/conf/app.ini /etc/gitea/conf/app.ini +mv data/* /var/lib/gitea/data/ +mv log/* /var/lib/gitea/log/ +mv repos/* /var/lib/gitea/repositories/ +chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea + +# mysql +mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE repository -> `ROOT` 所設定的路徑。 +* `log/` - 全部 logs 檔案,如果你要 migrate 到其他伺服器,此目錄不用保留。 + +你可以透過設定 `--tempdir` 指令參數來指定備份檔案目錄,或者是設定 `TMPDIR` 環境變數來達到此功能。 + +## 還原指令 (`restore`) + +持續更新中: 此文件尚未完成. + +例: + +```sh +unzip gitea-dump-1610949662.zip +cd gitea-dump-1610949662 +mv data/conf/app.ini /etc/gitea/conf/app.ini +mv data/* /var/lib/gitea/data/ +mv log/* /var/lib/gitea/log/ +mv repos/* /var/lib/gitea/repositories/ +chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea + +# mysql +mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE }} + +Gitea's executable contains all the resources required to run: templates, images, style-sheets +and translations. Any of them can be overridden by placing a replacement in a matching path +inside the `custom` directory (see [Customizing Gitea]({{< relref "doc/administration/customizing-gitea.en-us.md" >}})). + +To obtain a copy of the embedded resources ready for editing, the `embedded` command from the CLI +can be used from the OS shell interface. + +**NOTE:** The embedded data extraction tool is included in Gitea versions 1.12 and above. + +## Listing resources + +To list resources embedded in Gitea's executable, use the following syntax: + +```sh +gitea embedded list [--include-vendored] [patterns...] +``` + +The `--include-vendored` flag makes the command include vendored files, which are +normally excluded; that is, files from external libraries that are required for Gitea +(e.g. [font-awesome](https://fontawesome.com/), [octicons](https://octicons.github.com/), etc). + +A list of file search patterns can be provided. Gitea uses [gobwas/glob](https://github.com/gobwas/glob) +for its glob syntax. Here are some examples: + +- List all template files, in any virtual directory: `**.tmpl` +- List all mail template files: `templates/mail/**.tmpl` +- List all files inside `public/img`: `public/img/**` + +Don't forget to use quotes for the patterns, as spaces, `*` and other characters might have +a special meaning for your command shell. + +If no pattern is provided, all files are listed. + +### Example + +Listing all embedded files with `openid` in their path: + +```sh +$ gitea embedded list '**openid**' +public/img/auth/openid_connect.svg +public/img/openid-16x16.png +templates/user/auth/finalize_openid.tmpl +templates/user/auth/signin_openid.tmpl +templates/user/auth/signup_openid_connect.tmpl +templates/user/auth/signup_openid_navbar.tmpl +templates/user/auth/signup_openid_register.tmpl +templates/user/settings/security_openid.tmpl +``` + +## Extracting resources + +To extract resources embedded in Gitea's executable, use the following syntax: + +```sh +gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overwrite|--rename] [--include-vendored] {patterns...} +``` + +The `--config` option tells Gitea the location of the `app.ini` configuration file if +it's not in its default location. This option is only used with the `--custom` flag. + +The `--destination` option tells Gitea the directory where the files must be extracted to. +The default is the current directory. + +The `--custom` flag tells Gitea to extract the files directly into the `custom` directory. +For this to work, the command needs to know the location of the `app.ini` configuration +file (`--config`) and, depending of the configuration, be ran from the directory where +Gitea normally starts. See [Customizing Gitea]({{< relref "doc/administration/customizing-gitea.en-us.md" >}}) for details. + +The `--overwrite` flag allows any existing files in the destination directory to be overwritten. + +The `--rename` flag tells Gitea to rename any existing files in the destination directory +as `filename.bak`. Previous `.bak` files are overwritten. + +At least one file search pattern must be provided; see `list` subcomand above for pattern +syntax and examples. + +### Important notice + +Make sure to **only extract those files that require customization**. Files that +are present in the `custom` directory are not upgraded by Gitea's upgrade process. +When Gitea is upgraded to a new version (by replacing the executable), many of the +embedded files will suffer changes. Gitea will honor and use any files found +in the `custom` directory, even if they are old and incompatible. + +### Example + +Extracting mail templates to a temporary directory: + +```sh +$ mkdir tempdir +$ gitea embedded extract --destination tempdir 'templates/mail/**.tmpl' +Extracting to tempdir: +tempdir/templates/mail/auth/activate.tmpl +tempdir/templates/mail/auth/activate_email.tmpl +tempdir/templates/mail/auth/register_notify.tmpl +tempdir/templates/mail/auth/reset_passwd.tmpl +tempdir/templates/mail/issue/assigned.tmpl +tempdir/templates/mail/issue/default.tmpl +tempdir/templates/mail/notify/collaborator.tmpl +``` diff --git a/docs/content/doc/administration/command-line.en-us.md b/docs/content/doc/administration/command-line.en-us.md new file mode 100644 index 0000000000..3dfad62f3d --- /dev/null +++ b/docs/content/doc/administration/command-line.en-us.md @@ -0,0 +1,553 @@ +--- +date: "2017-01-01T16:00:00+02:00" +title: "Usage: Command Line" +slug: "command-line" +weight: 10 +toc: false +draft: false +menu: + sidebar: + parent: "administration" + name: "Command Line" + weight: 1 + identifier: "command-line" +--- + +# Command Line + +**Table of Contents** + +{{< toc >}} + +## Usage + +`gitea [global options] command [command or global options] [arguments...]` + +## Global options + +All global options can be placed at the command level. + +- `--help`, `-h`: Show help text and exit. Optional. +- `--version`, `-v`: Show version and exit. Optional. (example: `Gitea version 1.1.0+218-g7b907ed built with: bindata, sqlite`). +- `--custom-path path`, `-C path`: Location of the Gitea custom folder. Optional. (default: `AppWorkPath`/custom or `$GITEA_CUSTOM`). +- `--config path`, `-c path`: Gitea configuration file path. Optional. (default: `custom`/conf/app.ini). +- `--work-path path`, `-w path`: Gitea `AppWorkPath`. Optional. (default: LOCATION_OF_GITEA_BINARY or `$GITEA_WORK_DIR`) + +NB: The defaults custom-path, config and work-path can also be +changed at build time (if preferred). + +## Commands + +### web + +Starts the server: + +- Options: + - `--port number`, `-p number`: Port number. Optional. (default: 3000). Overrides configuration file. + - `--install-port number`: Port number to run the install page on. Optional. (default: 3000). Overrides configuration file. + - `--pid path`, `-P path`: Pidfile path. Optional. + - `--quiet`, `-q`: Only emit Fatal logs on the console for logs emitted before logging set up. + - `--verbose`: Emit tracing logs on the console for logs emitted before logging is set-up. +- Examples: + - `gitea web` + - `gitea web --port 80` + - `gitea web --config /etc/gitea.ini --pid /some/custom/gitea.pid` +- Notes: + - Gitea should not be run as root. To bind to a port below 1024, you can use setcap on + Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be + redone every time you update Gitea. + +### admin + +Admin operations: + +- Commands: + - `user`: + - `list`: + - Options: + - `--admin`: List only admin users. Optional. + - Description: lists all users that exist + - Examples: + - `gitea admin user list` + - `delete`: + - Options: + - `--email`: Email of the user to be deleted. + - `--username`: Username of user to be deleted. + - `--id`: ID of user to be deleted. + - One of `--id`, `--username` or `--email` is required. If more than one is provided then all have to match. + - Examples: + - `gitea admin user delete --id 1` + - `create`: + - Options: + - `--name value`: Username. Required. As of Gitea 1.9.0, use the `--username` flag instead. + - `--username value`: Username. Required. New in Gitea 1.9.0. + - `--password value`: Password. Required. + - `--email value`: Email. Required. + - `--admin`: If provided, this makes the user an admin. Optional. + - `--access-token`: If provided, an access token will be created for the user. Optional. (default: false). + - `--must-change-password`: If provided, the created user will be required to choose a newer password after the + initial login. Optional. (default: true). + - `--random-password`: If provided, a randomly generated password will be used as the password of the created + user. The value of `--password` will be discarded. Optional. + - `--random-password-length`: If provided, it will be used to configure the length of the randomly generated + password. Optional. (default: 12) + - Examples: + - `gitea admin user create --username myname --password asecurepassword --email me@example.com` + - `change-password`: + - Options: + - `--username value`, `-u value`: Username. Required. + - `--password value`, `-p value`: New password. Required. + - Examples: + - `gitea admin user change-password --username myname --password asecurepassword` + - `must-change-password`: + - Args: + - `[username...]`: Users that must change their passwords + - Options: + - `--all`, `-A`: Force a password change for all users + - `--exclude username`, `-e username`: Exclude the given user. Can be set multiple times. + - `--unset`: Revoke forced password change for the given users + - `regenerate` + - Options: + - `hooks`: Regenerate Git Hooks for all repositories + - `keys`: Regenerate authorized_keys file + - Examples: + - `gitea admin regenerate hooks` + - `gitea admin regenerate keys` + - `auth`: + - `list`: + - Description: lists all external authentication sources that exist + - Examples: + - `gitea admin auth list` + - `delete`: + - Options: + - `--id`: ID of source to be deleted. Required. + - Examples: + - `gitea admin auth delete --id 1` + - `add-oauth`: + - Options: + - `--name`: Application Name. + - `--provider`: OAuth2 Provider. + - `--key`: Client ID (Key). + - `--secret`: Client Secret. + - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider). + - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints. + - `--custom-tenant-id`: Use custom Tenant ID for OAuth endpoints. + - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub). + - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub). + - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub). + - `--custom-email-url`: Use a custom Email URL (option for GitHub). + - `--icon-url`: Custom icon URL for OAuth2 login source. + - `--skip-local-2fa`: Allow source to override local 2FA. (Optional) + - `--scopes`: Additional scopes to request for this OAuth2 source. (Optional) + - `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional) + - `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional) + - `--group-claim-name`: Claim name providing group names for this source. (Optional) + - `--admin-group`: Group Claim value for administrator users. (Optional) + - `--restricted-group`: Group Claim value for restricted users. (Optional) + - `--group-team-map`: JSON mapping between groups and org teams. (Optional) + - `--group-team-map-removal`: Activate automatic team membership removal depending on groups. (Optional) + - Examples: + - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE` + - `update-oauth`: + - Options: + - `--id`: ID of source to be updated. Required. + - `--name`: Application Name. + - `--provider`: OAuth2 Provider. + - `--key`: Client ID (Key). + - `--secret`: Client Secret. + - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider). + - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints. + - `--custom-tenant-id`: Use custom Tenant ID for OAuth endpoints. + - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub). + - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub). + - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub). + - `--custom-email-url`: Use a custom Email URL (option for GitHub). + - `--icon-url`: Custom icon URL for OAuth2 login source. + - `--skip-local-2fa`: Allow source to override local 2FA. (Optional) + - `--scopes`: Additional scopes to request for this OAuth2 source. + - `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional) + - `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional) + - `--group-claim-name`: Claim name providing group names for this source. (Optional) + - `--admin-group`: Group Claim value for administrator users. (Optional) + - `--restricted-group`: Group Claim value for restricted users. (Optional) + - Examples: + - `gitea admin auth update-oauth --id 1 --name external-github-updated` + - `add-smtp`: + - Options: + - `--name`: Application Name. Required. + - `--auth-type`: SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5). Default to PLAIN. + - `--host`: SMTP host. Required. + - `--port`: SMTP port. Required. + - `--force-smtps`: SMTPS is always used on port 465. Set this to force SMTPS on other ports. + - `--skip-verify`: Skip TLS verify. + - `--helo-hostname`: Hostname sent with HELO. Leave blank to send current hostname. + - `--disable-helo`: Disable SMTP helo. + - `--allowed-domains`: Leave empty to allow all domains. Separate multiple domains with a comma (','). + - `--skip-local-2fa`: Skip 2FA to log on. + - `--active`: This Authentication Source is Activated. + Remarks: + `--force-smtps`, `--skip-verify`, `--disable-helo`, `--skip-loca-2fs` and `--active` options can be used in form: + - `--option`, `--option=true` to enable + - `--option=false` to disable + If those options are not specified value would not be changed in `update-smtp` or would use default `false` value in `add-smtp` + - Examples: + - `gitea admin auth add-smtp --name ldap --host smtp.mydomain.org --port 587 --skip-verify --active` + - `update-smtp`: + - Options: + - `--id`: ID of source to be updated. Required. + - other options are shared with `add-smtp` + - Examples: + - `gitea admin auth update-smtp --id 1 --host smtp.mydomain.org --port 587 --skip-verify=false` + - `gitea admin auth update-smtp --id 1 --active=false` + - `add-ldap`: Add new LDAP (via Bind DN) authentication source + - Options: + - `--name value`: Authentication name. Required. + - `--not-active`: Deactivate the authentication source. + - `--security-protocol value`: Security protocol name. Required. + - `--skip-tls-verify`: Disable TLS verification. + - `--host value`: The address where the LDAP server can be reached. Required. + - `--port value`: The port to use when connecting to the LDAP server. Required. + - `--user-search-base value`: The LDAP base at which user accounts will be searched for. Required. + - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required. + - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges. + - `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status. + - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name. + - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name. + - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname. + - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required. + - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key. + - `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar. + - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user. + - `--bind-password value`: The password for the Bind DN, if any. + - `--attributes-in-bind`: Fetch attributes in bind DN context. + - `--synchronize-users`: Enable user synchronization. + - `--page-size value`: Search page size. + - Examples: + - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail` + - `update-ldap`: Update existing LDAP (via Bind DN) authentication source + - Options: + - `--id value`: ID of authentication source. Required. + - `--name value`: Authentication name. + - `--not-active`: Deactivate the authentication source. + - `--security-protocol value`: Security protocol name. + - `--skip-tls-verify`: Disable TLS verification. + - `--host value`: The address where the LDAP server can be reached. + - `--port value`: The port to use when connecting to the LDAP server. + - `--user-search-base value`: The LDAP base at which user accounts will be searched for. + - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. + - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges. + - `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status. + - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name. + - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name. + - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname. + - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. + - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key. + - `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar. + - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user. + - `--bind-password value`: The password for the Bind DN, if any. + - `--attributes-in-bind`: Fetch attributes in bind DN context. + - `--synchronize-users`: Enable user synchronization. + - `--page-size value`: Search page size. + - Examples: + - `gitea admin auth update-ldap --id 1 --name "my ldap auth source"` + - `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn` + - `add-ldap-simple`: Add new LDAP (simple auth) authentication source + - Options: + - `--name value`: Authentication name. Required. + - `--not-active`: Deactivate the authentication source. + - `--security-protocol value`: Security protocol name. Required. + - `--skip-tls-verify`: Disable TLS verification. + - `--host value`: The address where the LDAP server can be reached. Required. + - `--port value`: The port to use when connecting to the LDAP server. Required. + - `--user-search-base value`: The LDAP base at which user accounts will be searched for. + - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required. + - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges. + - `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status. + - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name. + - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name. + - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname. + - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required. + - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key. + - `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar. + - `--user-dn value`: The user’s DN. Required. + - Examples: + - `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail` + - `update-ldap-simple`: Update existing LDAP (simple auth) authentication source + - Options: + - `--id value`: ID of authentication source. Required. + - `--name value`: Authentication name. + - `--not-active`: Deactivate the authentication source. + - `--security-protocol value`: Security protocol name. + - `--skip-tls-verify`: Disable TLS verification. + - `--host value`: The address where the LDAP server can be reached. + - `--port value`: The port to use when connecting to the LDAP server. + - `--user-search-base value`: The LDAP base at which user accounts will be searched for. + - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. + - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges. + - `--restricted-filter value`: An LDAP filter specifying if a user should be given restricted status. + - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name. + - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name. + - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname. + - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. + - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key. + - `--avatar-attribute value`: The attribute of the user’s LDAP record containing the user’s avatar. + - `--user-dn value`: The user’s DN. + - Examples: + - `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"` + - `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn` + +### cert + +Generates a self-signed SSL certificate. Outputs to `cert.pem` and `key.pem` in the current +directory and will overwrite any existing files. + +- Options: + - `--host value`: Comma separated hostnames and ips which this certificate is valid for. + Wildcards are supported. Required. + - `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options + are P224, P256, P384, P521. + - `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is + set. (default: 2048). + - `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`). + - `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s) + - `--ca`: If provided, this cert generates it's own certificate authority. Optional. +- Examples: + - `gitea cert --host git.example.com,example.com,www.example.com --ca` + +### dump + +Dumps all files and databases into a zip file. Outputs into a file like `gitea-dump-1482906742.zip` +in the current directory. + +- Options: + - `--file name`, `-f name`: Name of the dump file with will be created. Optional. (default: gitea-dump-[timestamp].zip). + - `--tempdir path`, `-t path`: Path to the temporary directory used. Optional. (default: /tmp). + - `--skip-repository`, `-R`: Skip the repository dumping. Optional. + - `--skip-custom-dir`: Skip dumping of the custom dir. Optional. + - `--skip-lfs-data`: Skip dumping of LFS data. Optional. + - `--skip-attachment-data`: Skip dumping of attachment data. Optional. + - `--skip-package-data`: Skip dumping of package data. Optional. + - `--skip-log`: Skip dumping of log data. Optional. + - `--database`, `-d`: Specify the database SQL syntax. Optional. + - `--verbose`, `-V`: If provided, shows additional details. Optional. + - `--type`: Set the dump output format. Optional. (default: zip) +- Examples: + - `gitea dump` + - `gitea dump --verbose` + +### generate + +Generates random values and tokens for usage in configuration file. Useful for generating values +for automatic deployments. + +- Commands: + - `secret`: + - Options: + - `INTERNAL_TOKEN`: Token used for an internal API call authentication. + - `JWT_SECRET`: LFS & OAUTH2 JWT authentication secret (LFS_JWT_SECRET is aliased to this option for backwards compatibility). + - `SECRET_KEY`: Global secret key. + - Examples: + - `gitea generate secret INTERNAL_TOKEN` + - `gitea generate secret JWT_SECRET` + - `gitea generate secret SECRET_KEY` + +### keys + +Provides an SSHD AuthorizedKeysCommand. Needs to be configured in the sshd config file: + +```ini +... +# The value of -e and the AuthorizedKeysCommandUser should match the +# username running Gitea +AuthorizedKeysCommandUser git +AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k +``` + +The command will return the appropriate authorized_keys line for the +provided key. You should also set the value +`SSH_CREATE_AUTHORIZED_KEYS_FILE=false` in the `[server]` section of +`app.ini`. + +NB: opensshd requires the Gitea program to be owned by root and not +writable by group or others. The program must be specified by an absolute +path. +NB: Gitea must be running for this command to succeed. + +### migrate + +Migrates the database. This command can be used to run other commands before starting the server for the first time. +This command is idempotent. + +### convert + +Converts an existing MySQL database from utf8 to utf8mb4. + +### doctor + +Diagnose the problems of current Gitea instance according the given configuration. +Currently there are a check list below: + +- Check if OpenSSH authorized_keys file id correct + When your Gitea instance support OpenSSH, your Gitea instance binary path will be written to `authorized_keys` + when there is any public key added or changed on your Gitea instance. + Sometimes if you moved or renamed your Gitea binary when upgrade and you haven't run `Update the '.ssh/authorized_keys' file with Gitea SSH keys. (Not needed for the built-in SSH server.)` on your Admin Panel. Then all pull/push via SSH will not be work. + This check will help you to check if it works well. + +For contributors, if you want to add more checks, you can write a new function like `func(ctx *cli.Context) ([]string, error)` and +append it to `doctor.go`. + +```go +var checklist = []check{ + { + title: "Check if OpenSSH authorized_keys file id correct", + f: runDoctorLocationMoved, + }, + // more checks please append here +} +``` + +This function will receive a command line context and return a list of details about the problems or error. + +#### doctor recreate-table + +Sometimes when there are migrations the old columns and default values may be left +unchanged in the database schema. This may lead to warning such as: + +``` +2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0 +``` + +You can cause Gitea to recreate these tables and copy the old data into the new table +with the defaults set appropriately by using: + +``` +gitea doctor recreate-table user +``` + +You can ask Gitea to recreate multiple tables using: + +``` +gitea doctor recreate-table table1 table2 ... +``` + +And if you would like Gitea to recreate all tables simply call: + +``` +gitea doctor recreate-table +``` + +It is highly recommended to back-up your database before running these commands. + +### manager + +Manage running server operations: + +- Commands: + - `shutdown`: Gracefully shutdown the running process + - `restart`: Gracefully restart the running process - (not implemented for windows servers) + - `flush-queues`: Flush queues in the running process + - Options: + - `--timeout value`: Timeout for the flushing process (default: 1m0s) + - `--non-blocking`: Set to true to not wait for flush to complete before returning + - `logging`: Adjust logging commands + - Commands: + - `pause`: Pause logging + - Notes: + - The logging level will be raised to INFO temporarily if it is below this level. + - Gitea will buffer logs up to a certain point and will drop them after that point. + - `resume`: Resume logging + - `release-and-reopen`: Cause Gitea to release and re-open files and connections used for logging (Equivalent to sending SIGUSR1 to Gitea.) + - `remove name`: Remove the named logger + - Options: + - `--group group`, `-g group`: Set the group to remove the sublogger from. (defaults to `default`) + - `add`: Add a logger + - Commands: + - `console`: Add a console logger + - Options: + - `--group value`, `-g value`: Group to add logger to - will default to "default" + - `--name value`, `-n value`: Name of the new logger - will default to mode + - `--level value`, `-l value`: Logging level for the new logger + - `--stacktrace-level value`, `-L value`: Stacktrace logging level + - `--flags value`, `-F value`: Flags for the logger + - `--expression value`, `-e value`: Matching expression for the logger + - `--prefix value`, `-p value`: Prefix for the logger + - `--color`: Use color in the logs + - `--stderr`: Output console logs to stderr - only relevant for console + - `file`: Add a file logger + - Options: + - `--group value`, `-g value`: Group to add logger to - will default to "default" + - `--name value`, `-n value`: Name of the new logger - will default to mode + - `--level value`, `-l value`: Logging level for the new logger + - `--stacktrace-level value`, `-L value`: Stacktrace logging level + - `--flags value`, `-F value`: Flags for the logger + - `--expression value`, `-e value`: Matching expression for the logger + - `--prefix value`, `-p value`: Prefix for the logger + - `--color`: Use color in the logs + - `--filename value`, `-f value`: Filename for the logger - + - `--rotate`, `-r`: Rotate logs + - `--max-size value`, `-s value`: Maximum size in bytes before rotation + - `--daily`, `-d`: Rotate logs daily + - `--max-days value`, `-D value`: Maximum number of daily logs to keep + - `--compress`, `-z`: Compress rotated logs + - `--compression-level value`, `-Z value`: Compression level to use + - `conn`: Add a network connection logger + - Options: + - `--group value`, `-g value`: Group to add logger to - will default to "default" + - `--name value`, `-n value`: Name of the new logger - will default to mode + - `--level value`, `-l value`: Logging level for the new logger + - `--stacktrace-level value`, `-L value`: Stacktrace logging level + - `--flags value`, `-F value`: Flags for the logger + - `--expression value`, `-e value`: Matching expression for the logger + - `--prefix value`, `-p value`: Prefix for the logger + - `--color`: Use color in the logs + - `--reconnect-on-message`, `-R`: Reconnect to host for every message + - `--reconnect`, `-r`: Reconnect to host when connection is dropped + - `--protocol value`, `-P value`: Set protocol to use: tcp, unix, or udp (defaults to tcp) + - `--address value`, `-a value`: Host address and port to connect to (defaults to :7020) + - `smtp`: Add an SMTP logger + - Options: + - `--group value`, `-g value`: Group to add logger to - will default to "default" + - `--name value`, `-n value`: Name of the new logger - will default to mode + - `--level value`, `-l value`: Logging level for the new logger + - `--stacktrace-level value`, `-L value`: Stacktrace logging level + - `--flags value`, `-F value`: Flags for the logger + - `--expression value`, `-e value`: Matching expression for the logger + - `--prefix value`, `-p value`: Prefix for the logger + - `--color`: Use color in the logs + - `--username value`, `-u value`: Mail server username + - `--password value`, `-P value`: Mail server password + - `--host value`, `-H value`: Mail server host (defaults to: 127.0.0.1:25) + - `--send-to value`, `-s value`: Email address(es) to send to + - `--subject value`, `-S value`: Subject header of sent emails + - `processes`: Display Gitea processes and goroutine information + - Options: + - `--flat`: Show processes as flat table rather than as tree + - `--no-system`: Do not show system processes + - `--stacktraces`: Show stacktraces for goroutines associated with processes + - `--json`: Output as json + - `--cancel PID`: Send cancel to process with PID. (Only for non-system processes.) + +### dump-repo + +Dump-repo dumps repository data from Git/GitHub/Gitea/GitLab: + +- Options: + - `--git_service service` : Git service, it could be `git`, `github`, `gitea`, `gitlab`, If clone_addr could be recognized, this could be ignored. + - `--repo_dir dir`, `-r dir`: Repository dir path to store the data + - `--clone_addr addr`: The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL. i.e. https://github.com/lunny/tango.git + - `--auth_username lunny`: The username to visit the clone_addr + - `--auth_password `: The password to visit the clone_addr + - `--auth_token `: The personal token to visit the clone_addr + - `--owner_name lunny`: The data will be stored on a directory with owner name if not empty + - `--repo_name tango`: The data will be stored on a directory with repository name if not empty + - `--units `: Which items will be migrated, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units. + +### restore-repo + +Restore-repo restore repository data from disk dir: + +- Options: + - `--repo_dir dir`, `-r dir`: Repository dir path to restore from + - `--owner_name lunny`: Restore destination owner name + - `--repo_name tango`: Restore destination repository name + - `--units `: Which items will be restored, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units. diff --git a/docs/content/doc/administration/config-cheat-sheet.en-us.md b/docs/content/doc/administration/config-cheat-sheet.en-us.md new file mode 100644 index 0000000000..886aa11186 --- /dev/null +++ b/docs/content/doc/administration/config-cheat-sheet.en-us.md @@ -0,0 +1,1395 @@ +--- +date: "2016-12-26T16:00:00+02:00" +title: "Config Cheat Sheet" +slug: "config-cheat-sheet" +weight: 20 +toc: false +draft: false +menu: + sidebar: + parent: "administration" + name: "Config Cheat Sheet" + weight: 30 + identifier: "config-cheat-sheet" +--- + +# Configuration Cheat Sheet + +This is a cheat sheet for the Gitea configuration file. It contains most of the settings +that can be configured as well as their default values. + +Any changes to the Gitea configuration file should be made in `custom/conf/app.ini` +or any corresponding location. When installing from a distribution, this will +typically be found at `/etc/gitea/conf/app.ini`. + +The defaults provided here are best-effort (not built automatically). They are +accurately recorded in [app.example.ini](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini) +(s/main/\). Any string in the format `%(X)s` is a feature powered +by [ini](https://github.com/go-ini/ini/#recursive-values), for reading values recursively. + +In the default values below, a value in the form `$XYZ` refers to an environment variable. (However, see `environment-to-ini`.) Values in the form _`XxYyZz`_ refer to values listed as part of the default configuration. These notation forms will not work in your own `app.ini` file and are only listed here as documentation. + +Values containing `#` or `;` must be quoted using `` ` `` or `"""`. + +**Note:** A full restart is required for Gitea configuration changes to take effect. + +{{< toc >}} + +## Default Configuration (non-`app.ini` configuration) + +These values are environment-dependent but form the basis of a lot of values. They will be +reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up. + +- _`AppPath`_: This is the absolute path of the running gitea binary. +- _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy: + - The `--work-path` flag passed to the binary + - The environment variable `$GITEA_WORK_DIR` + - A built-in value set at build time (see building from source) + - Otherwise it defaults to the directory of the _`AppPath`_ + - If any of the above are relative paths then they are made absolute against +the directory of the _`AppPath`_ +- _`CustomPath`_: This is the base directory for custom templates and other options. +It is determined by using the first set thing in the following hierarchy: + - The `--custom-path` flag passed to the binary + - The environment variable `$GITEA_CUSTOM` + - A built-in value set at build time (see building from source) + - Otherwise it defaults to _`AppWorkPath`_`/custom` + - If any of the above are relative paths then they are made absolute against the +the directory of the _`AppWorkPath`_ +- _`CustomConf`_: This is the path to the `app.ini` file. + - The `--config` flag passed to the binary + - A built-in value set at build time (see building from source) + - Otherwise it defaults to _`CustomPath`_`/conf/app.ini` + - If any of the above are relative paths then they are made absolute against the +the directory of the _`CustomPath`_ + +In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_ + +## Overall (`DEFAULT`) + +- `APP_NAME`: **Gitea: Git with a cup of tea**: Application name, used in the page title. +- `RUN_USER`: **_current OS username_/`$USER`/`$USERNAME` e.g. git**: The user Gitea will run as. + This should be a dedicated system (non-user) account. Setting this incorrectly will cause Gitea + to not start. +- `RUN_MODE`: **prod**: Application run mode, affects performance and debugging. Either "dev", "prod" or "test". + +## Repository (`repository`) + +- `ROOT`: **%(APP_DATA_PATH)s/gitea-repositories**: Root path for storing all repository data. + A relative path is interpreted as **_`AppWorkPath`_/%(ROOT)s**. +- `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`, + but some users report that only `sh` is available. +- `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point. +- `ANSI_CHARSET`: **\**: Default ANSI charset to override non-UTF-8 charsets to. +- `FORCE_PRIVATE`: **false**: Force every new repository to be private. +- `DEFAULT_PRIVATE`: **last**: Default private when creating a new repository. + \[last, private, public\] +- `DEFAULT_PUSH_CREATE_PRIVATE`: **true**: Default private when creating a new repository with push-to-create. +- `MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user, + `-1` means no limit. +- `PULL_REQUEST_QUEUE_LENGTH`: **1000**: Length of pull request patch test queue, make it. **DEPRECATED** use `LENGTH` in `[queue.pr_patch_checker]`. + as large as possible. Use caution when editing this value. +- `MIRROR_QUEUE_LENGTH`: **1000**: Patch test queue length, increase if pull request patch + testing starts hanging. **DEPRECATED** use `LENGTH` in `[queue.mirror]`. +- `PREFERRED_LICENSES`: **Apache License 2.0,MIT License**: Preferred Licenses to place at + the top of the list. Name must match file name in options/license or custom/options/license. +- `DISABLE_HTTP_GIT`: **false**: Disable the ability to interact with repositories over the + HTTP protocol. +- `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when + default SSH port is used. +- `ACCESS_CONTROL_ALLOW_ORIGIN`: **\**: Value for Access-Control-Allow-Origin header, + default is not to present. **WARNING**: This maybe harmful to you website if you do not + give it a right value. +- `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`: **false**: Close an issue if a commit on a non default branch marks it as closed. +- `ENABLE_PUSH_CREATE_USER`: **false**: Allow users to push local repositories to Gitea and have them automatically created for a user. +- `ENABLE_PUSH_CREATE_ORG`: **false**: Allow users to push local repositories to Gitea and have them automatically created for an org. +- `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects\] +- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list. +- `DEFAULT_FORK_REPO_UNITS`: **repo.code,repo.pulls**: Comma separated list of default forked repo units. The set of allowed values and rules is the same as `DEFAULT_REPO_UNITS`. +- `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository. +- `DISABLE_MIGRATIONS`: **false**: Disable migrating feature. +- `DISABLE_STARS`: **false**: Disable stars feature. +- `DEFAULT_BRANCH`: **main**: Default branch name of all repositories. +- `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories +- `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories +- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI +- `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT`: **true**: Allow fork repositories without maximum number limit + +### Repository - Editor (`repository.editor`) + +- `LINE_WRAP_EXTENSIONS`: **.txt,.md,.markdown,.mdown,.mkd,**: List of file extensions for which lines should be wrapped in the Monaco editor. Separate extensions with a comma. To line wrap files without an extension, just put a comma +- `PREVIEWABLE_FILE_MODES`: **markdown**: Valid file modes that have a preview API associated with them, such as `api/v1/markdown`. Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match. + +### Repository - Pull Request (`repository.pull-request`) + +- `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request + title to mark them as Work In Progress. These are matched in a case-insensitive manner. +- `CLOSE_KEYWORDS`: **close**, **closes**, **closed**, **fix**, **fixes**, **fixed**, **resolve**, **resolves**, **resolved**: List of + keywords used in Pull Request comments to automatically close a related issue +- `REOPEN_KEYWORDS`: **reopen**, **reopens**, **reopened**: List of keywords used in Pull Request comments to automatically reopen + a related issue +- `DEFAULT_MERGE_STYLE`: **merge**: Set default merge style for repository creating, valid options: `merge`, `rebase`, `rebase-merge`, `squash` +- `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT`: **50**: In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits +- `DEFAULT_MERGE_MESSAGE_SIZE`: **5120**: In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit. Only used if `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES` is `true`. +- `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS`: **false**: In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list +- `DEFAULT_MERGE_MESSAGE_MAX_APPROVERS`: **10**: In default merge messages limit the number of approvers listed as `Reviewed-by:`. Set to `-1` to include all. +- `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review. +- `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES`: **false**: In default squash-merge messages include the commit message of all commits comprising the pull request. +- `ADD_CO_COMMITTER_TRAILERS`: **true**: Add co-authored-by and co-committed-by trailers to merge commit messages if committer does not match author. +- `TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY`: **false**: PR patches are tested using a three-way merge method to discover if there are conflicts. If this setting is set to **true**, conflicting patches will be retested using `git apply` - This was the previous behaviour in 1.18 (and earlier) but is somewhat inefficient. Please report if you find that this setting is required. + +### Repository - Issue (`repository.issue`) + +- `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked + +### Repository - Upload (`repository.upload`) + +- `ENABLED`: **true**: Whether repository file uploads are enabled +- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart) +- `ALLOWED_TYPES`: **\**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. +- `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes. +- `MAX_FILES`: **5**: Max number of files per upload + +### Repository - Release (`repository.release`) + +- `ALLOWED_TYPES`: **\**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. +- `DEFAULT_PAGING_NUM`: **10**: The default paging number of releases user interface +- For settings related to file attachments on releases, see the `attachment` section. + +### Repository - Signing (`repository.signing`) + +- `SIGNING_KEY`: **default**: \[none, KEYID, default \]: Key to sign with. +- `SIGNING_NAME` & `SIGNING_EMAIL`: if a KEYID is provided as the `SIGNING_KEY`, use these as the Name and Email address of the signer. These should match publicized name and email address for the key. +- `INITIAL_COMMIT`: **always**: \[never, pubkey, twofa, always\]: Sign initial commit. + - `never`: Never sign + - `pubkey`: Only sign if the user has a public key + - `twofa`: Only sign if the user is logged in with twofa + - `always`: Always sign + - Options other than `never` and `always` can be combined as a comma separated list. +- `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits. + - `collaborator`: Trust signatures signed by keys of collaborators. + - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer). + - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer. +- `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki. +- `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions. + - Options as above, with the addition of: + - `parentsigned`: Only sign if the parent commit is signed. +- `MERGES`: **pubkey, twofa, basesigned, commitssigned**: \[never, pubkey, twofa, approved, basesigned, commitssigned, always\]: Sign merges. + - `approved`: Only sign approved merges to a protected branch. + - `basesigned`: Only sign if the parent commit in the base repo is signed. + - `headsigned`: Only sign if the head commit in the head branch is signed. + - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed. + +## Repository - Local (`repository.local`) + +- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo` (content gets deleted on Gitea restart) + +## Repository - MIME type mapping (`repository.mimetype_mapping`) + +Configuration for set the expected MIME type based on file extensions of downloadable files. Configuration presents in key-value pairs and file extensions starts with leading `.`. + +The following configuration set `Content-Type: application/vnd.android.package-archive` header when downloading files with `.apk` file extension. + +```ini +.apk=application/vnd.android.package-archive +``` + +## CORS (`cors`) + +- `ENABLED`: **false**: enable cors headers (disabled by default) +- `SCHEME`: **http**: scheme of allowed requests +- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed +- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request +- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request +- `MAX_AGE`: **10m**: max time to cache response +- `ALLOW_CREDENTIALS`: **false**: allow request with credentials +- `HEADERS`: **Content-Type,User-Agent**: additional headers that are permitted in requests +- `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value. + +## UI (`ui`) + +- `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page. +- `ISSUE_PAGING_NUM`: **20**: Number of issues that are shown in one page (for all pages that list issues, milestones, projects). +- `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members. +- `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed. +- `FEED_PAGING_NUM`: **20**: Number of items that are displayed in home feed. +- `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap. +- `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph. +- `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment. +- `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: Set the default theme for the Gitea install. +- `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page. +- `THEMES`: **auto,gitea,arc-green**: All available themes. Allow users select personalized themes. + regardless of the value of `DEFAULT_THEME`. +- `THEME_COLOR_META_TAG`: **#6cc644**: Value of `theme-color` meta tag, used by Android >= 5.0. An invalid color like "none" or "disable" will have the default style. More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android +- `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB) +- `REACTIONS`: All available reactions users can choose on issues/prs and comments + Values can be emoji alias (:smile:) or a unicode emoji. + For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png +- `CUSTOM_EMOJIS`: **gitea, codeberg, gitlab, git, github, gogs**: Additional Emojis not defined in the utf8 standard. + By default we support Gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and + add it to this config. +- `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. +- `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page. +- `USE_SERVICE_WORKER`: **false**: Whether to enable a Service Worker to cache frontend assets. + +### UI - Admin (`ui.admin`) + +- `USER_PAGING_NUM`: **50**: Number of users that are shown in one page. +- `REPO_PAGING_NUM`: **50**: Number of repos that are shown in one page. +- `NOTICE_PAGING_NUM`: **25**: Number of notices that are shown in one page. +- `ORG_PAGING_NUM`: **50**: Number of organizations that are shown in one page. + +### UI - User (`ui.user`) + +- `REPO_PAGING_NUM`: **15**: Number of repos that are shown in one page. + +### UI - Metadata (`ui.meta`) + +- `AUTHOR`: **Gitea - Git with a cup of tea**: Author meta tag of the homepage. +- `DESCRIPTION`: **Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go**: Description meta tag of the homepage. +- `KEYWORDS`: **go,git,self-hosted,gitea**: Keywords meta tag of the homepage. + +### UI - Notification (`ui.notification`) + +- `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to -1 to turn off. +- `MAX_TIMEOUT`: **60s**. +- `TIMEOUT_STEP`: **10s**. +- `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker`, a `SharedWorker` will be used in preference to polling notification endpoint. Set to **-1** to disable the `EventSource`. + +### UI - SVG Images (`ui.svg`) + +- `ENABLE_RENDER`: **true**: Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images. + +### UI - CSV Files (`ui.csv`) + +- `MAX_FILE_SIZE`: **524288** (512kb): Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit). + +## Markdown (`markdown`) + +- `ENABLE_HARD_LINE_BREAK_IN_COMMENTS`: **true**: Render soft line breaks as hard line breaks in comments, which + means a single newline character between paragraphs will cause a line break and adding + trailing whitespace to paragraphs is not necessary to force a line break. +- `ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS`: **false**: Render soft line breaks as hard line breaks in documents, which + means a single newline character between paragraphs will cause a line break and adding + trailing whitespace to paragraphs is not necessary to force a line break. +- `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional + URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are + always displayed +- `ENABLE_MATH`: **true**: Enables detection of `\(...\)`, `\[...\]`, `$...$` and `$$...$$` blocks as math blocks. + +## Server (`server`) + +- `APP_DATA_PATH`: **_`AppWorkPath`_/data**: This is the default root path for storing data. +- `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\] +- `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections +- `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation. +- `PROXY_PROTOCOL_HEADER_TIMEOUT`: **5s**: Timeout to wait for PROXY protocol header (set to 0 to have no timeout) +- `PROXY_PROTOCOL_ACCEPT_UNKNOWN`: **false**: Accept PROXY protocol headers with Unknown type. +- `DOMAIN`: **localhost**: Domain name of this server. +- `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**: + Overwrite the automatically generated public URL. + This is useful if the internal and the external URL don't match (e.g. in Docker). +- `STATIC_URL_PREFIX`: **\**: + Overwrite this option to request static resources from a different URL. + This includes CSS files, images, JS files and web fonts. + Avatar images are dynamic resources and still served by Gitea. + The option can be just a different path, as in `/static`, or another domain, as in `https://cdn.example.com`. + Requests are then made as `%(ROOT_URL)s/static/assets/css/index.css` or `https://cdn.example.com/assets/css/index.css` respectively. + The static files are located in the `public/` directory of the Gitea source repository. + You can proxy the STATIC_URL_PREFIX requests to Gitea server to serve the static + assets, or copy the manually built Gitea assets from `$GITEA_BUILD/public` to + the assets location, eg: `/var/www/assets`, make sure `$STATIC_URL_PREFIX/assets/css/index.css` + points to `/var/www/assets/css/index.css`. + +- `HTTP_ADDR`: **0.0.0.0**: HTTP listen address. + - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket + defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings. + - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the _`AppWorkPath`_. +- `HTTP_PORT`: **3000**: HTTP listen port. + - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket + defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings. +- `UNIX_SOCKET_PERMISSION`: **666**: Permissions for the Unix socket. +- `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local + (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In + most cases you do not need to change the default value. Alter it only if + your SSH server node is not the same as HTTP node. Do not set this variable + if `PROTOCOL` is set to `http+unix`. +- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: When making local connections pass the PROXY protocol header. + This should be set to false if the local connection will go through the proxy. +- `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to + disable all timeouts.) +- `PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to connections. + +- `DISABLE_SSH`: **false**: Disable SSH feature when it's not available. +- `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server. +- `SSH_SERVER_USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol header on connections to the built-in SSH Server. +- `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server. +- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)s**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`. +- `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL. +- `SSH_PORT`: **22**: SSH port displayed in clone URL. +- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server. +- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server. +- `SSH_ROOT_PATH`: **~/.ssh**: Root path of SSH directory. +- `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. +- `SSH_AUTHORIZED_KEYS_BACKUP`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true. +- `SSH_TRUSTED_USER_CA_KEYS`: **\**: Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. Multiple keys should be comma separated. E.g.`ssh- ` or `ssh- , ssh- `. For more information see `TrustedUserCAKeys` in the sshd config man pages. When empty no file will be created and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` will default to `off`. +- `SSH_TRUSTED_USER_CA_KEYS_FILENAME`: **`RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem**: Absolute path of the `TrustedUserCaKeys` file Gitea will manage. If you're running your own ssh server and you want to use the Gitea managed file you'll also need to modify your sshd_config to point to this file. The official docker image will automatically work without further configuration. +- `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set. +- `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`. +- `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`. +- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted. +- `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect. +- `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect. +- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect +- `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you. +- `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory. +- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. +- `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false. +- `SSH_PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the SSH connections. (Set to + -1 to disable all timeouts.) +- `SSH_PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to SSH connections. +- `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type. + +- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures. +- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`. +- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`. +- `STATIC_ROOT_PATH`: **_`StaticRootPath`_**: Upper level of template and static files path. +- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data. Relative paths will be made absolute against _`AppWorkPath`_. +- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev". +- `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded. +- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)__` +- `PPROF_DATA_PATH`: **_`AppWorkPath`_/data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service +- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com` +- `LFS_START_SERVER`: **false**: Enables Git LFS support. +- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`. +- `LFS_JWT_SECRET`: **\**: LFS authentication secret, change this a unique string. +- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail. +- `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit). +- `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page. + +- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on. +- `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: expect PROXY protocol header on connections to https redirector. +- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true. +- `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support. +- `SSL_MAX_VERSION`: **\**: Set the maximum version of ssl support. +- `SSL_CURVE_PREFERENCES`: **X25519,P256**: Set the preferred curves, +- `SSL_CIPHER_SUITES`: **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305**: Set the preferred cipher suites. + - If there is no hardware support for AES suites, by default the ChaCha suites will be preferred over the AES suites. + - supported suites as of Go 1.18 are: + - TLS 1.0 - 1.2 cipher suites + - "rsa_with_rc4_128_sha" + - "rsa_with_3des_ede_cbc_sha" + - "rsa_with_aes_128_cbc_sha" + - "rsa_with_aes_256_cbc_sha" + - "rsa_with_aes_128_cbc_sha256" + - "rsa_with_aes_128_gcm_sha256" + - "rsa_with_aes_256_gcm_sha384" + - "ecdhe_ecdsa_with_rc4_128_sha" + - "ecdhe_ecdsa_with_aes_128_cbc_sha" + - "ecdhe_ecdsa_with_aes_256_cbc_sha" + - "ecdhe_rsa_with_rc4_128_sha" + - "ecdhe_rsa_with_3des_ede_cbc_sha" + - "ecdhe_rsa_with_aes_128_cbc_sha" + - "ecdhe_rsa_with_aes_256_cbc_sha" + - "ecdhe_ecdsa_with_aes_128_cbc_sha256" + - "ecdhe_rsa_with_aes_128_cbc_sha256" + - "ecdhe_rsa_with_aes_128_gcm_sha256" + - "ecdhe_ecdsa_with_aes_128_gcm_sha256" + - "ecdhe_rsa_with_aes_256_gcm_sha384" + - "ecdhe_ecdsa_with_aes_256_gcm_sha384" + - "ecdhe_rsa_with_chacha20_poly1305_sha256" + - "ecdhe_ecdsa_with_chacha20_poly1305_sha256" + - TLS 1.3 cipher suites + - "aes_128_gcm_sha256" + - "aes_256_gcm_sha384" + - "chacha20_poly1305_sha256" + - Aliased names + - "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256" + - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256" +- `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this gitea server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively. +- `ACME_URL`: **\**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well). +- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf). +- `ACME_DIRECTORY`: **https**: Directory that the certificate manager will use to cache information such as certs and private keys. +- `ACME_EMAIL`: **\**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates. +- `ACME_CA_ROOT`: **\**: The CA's root certificate. If left empty, it defaults to using the system's trust chain. +- `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP +- `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time. +- `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts. + +## Database (`database`) + +- `DB_TYPE`: **mysql**: The database type in use \[mysql, postgres, mssql, sqlite3\]. +- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock). +- `NAME`: **gitea**: Database name. +- `USER`: **root**: Database username. +- `PASSWD`: **\**: Database user password. Use \`your password\` or """your password""" for quoting if you use special characters in the password. +- `SCHEMA`: **\**: For PostgreSQL only, schema to use if different from "public". The schema must exist beforehand, + the user must have creation privileges on it, and the user search path must be set to the look into the schema first + (e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`). +- `SSL_MODE`: **disable**: SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL. + - Valid values for MySQL: + - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store. + - `false`: Disable TLS. + - `disable`: Alias for `false`, for compatibility with PostgreSQL. + - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server. + - `prefer`: Enable TLS with fallback to non-TLS connection. + - Valid values for PostgreSQL: + - `disable`: Disable TLS. + - `require`: Enable TLS without any verifications. + - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate. + - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields. +- `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only. +- `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE. +- `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating. +- `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this. +- `PATH`: **data/gitea.db**: For SQLite3 only, the database file path. +- `LOG_SQL`: **true**: Log the executed SQL. +- `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed. +- `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occurred. +- `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit. +- `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`. +- `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071). +- `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically. + +Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their +relation to port exhaustion. + +## Indexer (`indexer`) + +- `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db` or `elasticsearch`. +- `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch. i.e. http://elastic:changeme@localhost:9200 +- `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch +- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_. +- The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility: +- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`. **DEPRECATED** use settings in `[queue.issue_indexer]`. +- `ISSUE_INDEXER_QUEUE_DIR`: **queues/common**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved. **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`. +- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`. **DEPRECATED** use settings in `[queue.issue_indexer]`. +- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number. **DEPRECATED** use settings in `[queue.issue_indexer]`. + +- `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size). +- `REPO_INDEXER_TYPE`: **bleve**: Code search engine type, could be `bleve` or `elasticsearch`. +- `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search. +- `REPO_INDEXER_CONN_STR`: ****: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200 +- `REPO_INDEXER_NAME`: **gitea_codes**: Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch + +- `REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files. +- `REPO_INDEXER_EXCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE`. +- `REPO_INDEXER_EXCLUDE_VENDORED`: **true**: Exclude vendored files from index. +- `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request. **DEPRECATED** use settings in `[queue.issue_indexer]`. +- `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed. +- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to -1 to never timeout. + +## Queue (`queue` and `queue.*`) + +Configuration at `[queue]` will set defaults for queues with overrides for individual queues at `[queue.*]`. (However see below.) + +- `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel` (uses a LevelDB internally), `channel`, `level`, `redis`, `dummy` +- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`common`**. (Previously each queue would default to `DATADIR/`**`name`**.) Relative paths will be made absolute against `%(APP_DATA_PATH)s`. +- `LENGTH`: **20**: Maximal queue size before channel queues block +- `BATCH_LENGTH`: **20**: Batch data before passing to the handler +- `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. Options can be set using query params. Similarly LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR` +- `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section. +- `SET_NAME`: **_unique**: The suffix that will be added to the default redis and disk queue `set` name for unique queues. Individual queues will default to + **`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section. +- `WRAP_IF_NECESSARY`: **true**: Will wrap queues with a timeoutable queue if the selected queue is not ready to be created - (Only relevant for the level queue.) +- `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue +- `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create. +- Queues by default come with a dynamically scaling worker pool. The following settings configure this: +- `WORKERS`: **0**: Number of initial workers for the queue. +- `MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue. +- `BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing. +- `BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long. +- `BOOST_WORKERS`: **1**: This many workers will be added to the worker pool if there is a boost. + +Gitea creates the following non-unique queues: + +- `code_indexer` +- `issue_indexer` +- `notification-service` +- `task` +- `mail` +- `push_update` + +And the following unique queues: + +- `repo_stats_update` +- `repo-archive` +- `mirror` +- `pr_patch_checker` + +Certain queues have defaults that override the defaults set in `[queue]` (this occurs mostly to support older configuration): + +- `[queue.issue_indexer]` + - `TYPE` this will default to `[queue]` `TYPE` if it is set but if not it will appropriately convert `[indexer]` `ISSUE_INDEXER_QUEUE_TYPE` if that is set. + - `LENGTH` will default to `[indexer]` `UPDATE_BUFFER_LEN` if that is set. + - `BATCH_LENGTH` will default to `[indexer]` `ISSUE_INDEXER_QUEUE_BATCH_NUMBER` if that is set. + - `DATADIR` will default to `[indexer]` `ISSUE_INDEXER_QUEUE_DIR` if that is set. + - `CONN_STR` will default to `[indexer]` `ISSUE_INDEXER_QUEUE_CONN_STR` if that is set. +- `[queue.mailer]` + - `LENGTH` will default to **100** or whatever `[mailer]` `SEND_BUFFER_LEN` is. +- `[queue.pr_patch_checker]` + - `LENGTH` will default to **1000** or whatever `[repository]` `PULL_REQUEST_QUEUE_LENGTH` is. +- `[queue.mirror]` + - `LENGTH` will default to **1000** or whatever `[repository]` `MIRROR_QUEUE_LENGTH` is. + +## Admin (`admin`) + +- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled +- `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations. + +## Security (`security`) + +- `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible. +- `SECRET_KEY`: **\**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. +- `SECRET_KEY_URI`: ****: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY. +- `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days. +- `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username. +- `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication + information. +- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy + authentication. +- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy + authentication provided email. +- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy + authentication provided full name. +- `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request. + Number of trusted proxy count. Set to zero to not use these headers. +- `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all. +- `DISABLE_GIT_HOOKS`: **true**: Set to `false` to enable users with Git Hook privilege to create custom Git Hooks. + WARNING: Custom Git Hooks can be used to perform arbitrary code execution on the host operating system. + This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service. + By modifying the Gitea database, users can gain Gitea administrator privileges. + It also enables them to access other resources available to the user on the operating system that is running the + Gitea instance and perform arbitrary actions in the name of the Gitea OS user. + This maybe harmful to you website or your operating system. + Setting this to true does not change existing hooks in git repos; adjust it before if necessary. +- `DISABLE_WEBHOOKS`: **false**: Set to `true` to disable webhooks feature. +- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately. +- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server. +- `INTERNAL_TOKEN`: **\**: Secret used to validate communication within Gitea binary. +- `INTERNAL_TOKEN_URI`: ****: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`) +- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, pbkdf2_v1, pbkdf2_hi, scrypt, bcrypt\], argon2 and scrypt will spend significant amounts of memory. + - Note: The default parameters for `pbkdf2` hashing have changed - the previous settings are available as `pbkdf2_v1` but are not recommended. + - The hash functions may be tuned by using `$` after the algorithm: + - `argon2$