git_rot/forgejo_installation_process
2
1
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions
forgejo_installation_process/README.md
davrot a1311e37de Update README.md
2025-05-15 16:01:30 +02:00

279 lines
5.4 KiB
Markdown
Raw Permalink Blame History

# Note
We use
```
https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo
```
instead of the vanilla forgejo. The reason is that our data hungry research discipines need git-annex ( https://git-annex.branchable.com/ ).
forgejo-aneksajo is always a bit behind the main. However, the want to be part of the vanilla forgejo. I hope they will be able to do that. This would be nice for us because then we don't need to compile the source code ourselfs. :-)
# Firewall
```
ufw allow 80
ufw allow 443
ufw allow 11080
ufw allow 22
ufw enable
```
# Package installation
```
add-apt-repository ppa:git-core/ppa
apt update
apt upgrade
apt -y install mc net-tools nginx micro mariadb-server mariadb-client git git-lfs make curl lynx git-annex
```
# SSH Port
We need to change the ssh port. We need it for git.
```
micro /etc/ssh/sshd_config
```
Replace
```
#Port 22
```
with
```
Port 11080
```
Restart service
```
systemctl restart sshd
```
# Maria DB
```
systemctl enable mariadb
mysql_secure_installation
```
* Switch to unix_socket authentication [Y/n] Y
* Change the root password? [Y/n] n
* Remove anonymous users? [Y/n] Y
* Disallow root login remotely? [Y/n] Y
* Remove test database and access to it? [Y/n] Y
* Reload privilege tables now? [Y/n] Y
```
mysql
```
Under mysql:
```
SET old_passwords=0;
CREATE USER 'forgejo'@'%' IDENTIFIED BY '[REDACTED]';
CREATE DATABASE forgejodb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_bin';
GRANT ALL PRIVILEGES ON forgejodb.* TO 'forgejo';
FLUSH PRIVILEGES;
exit
```
# Install go lang >= 1.23
Add the go complier path to the bash rc
```
echo "export PATH=\$PATH:/usr/local/go/bin" >> /root/.bashrc
export PATH=$PATH:/usr/local/go/bin
```
```
cd /root
wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
rm -rf /usr/local/go
tar -C /usr/local -xzf go1.23.5.linux-amd64.tar.gz
```
# Install nodejs 22
```
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install 22
```
## Some checks
```
node -v # Should print "v22.13.0"
nvm current # Should print "v22.13.0"
npm -v # Should print "10.9.2"
```
# Install forgejo-aneksajo (v9.0.3-git-annex0 on the 16.01.2025)
Prepare the user
```
sudo adduser --system --shell /bin/bash --gecos 'Git Version Control' \
--group --disabled-password --home /home/git git
```
Make the necessary directories
```
mkdir /var/lib/forgejo
chown git:git /var/lib/forgejo
chmod 750 /var/lib/forgejo
mkdir -p /var/lib/forgejo/custom/public/assets
chown -R git:git /var/lib/forgejo/custom
chmod -R 750 /var/lib/forgejo/custom
mkdir /etc/forgejo
chown root:git /etc/forgejo
chmod 770 /etc/forgejo
```
Place the forgejo.service the systemd script to
```
/etc/systemd/system/forgejo.service
```
Compile the software
```
cd /root
https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo.git
cd forgejo-aneksajo
TAGS="bindata timetzdata" make build
cp gitea /usr/local/bin/forgejo
chmod 755 /usr/local/bin/forgejo
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/forgejo
```
```
systemctl enable forgejo.service
systemctl start forgejo.service
```
Check
```
systemctl status forgejo.service
```
# SSL Certifcate
I placed the SSL certificates into /etc/nginx (ca.pem: certifcate bundle, key.pem: private key)
```
cd /etc/nginx
chmod 0400 key.pem
chmod 0444 ca.pem
```
# nginx
```
cd /etc/nginx
mv nginx.conf nginx.conf_old
wget -O/etc/nginx/nginx.conf https://git.neuro.uni-bremen.de/git_rot/forgejo_installation_process/raw/branch/main/etc/nginx/nginx.conf
```
Test if everything is okay:
```
nginx -t
systemctl stop nginx
systemctl start nginx
systemctl enable nginx
systemctl status nginx
```
# Configure forgejo
```
chmod 777 /etc/forgejo
touch /etc/forgejo/app.ini
chmod 777 /etc/forgejo/app.ini
systemctl enable forgejo.service
systemctl start forgejo.service
```
Check the status of forgejo
```
systemctl status forgejo.service
```
go to https://git.neuro.uni-bremen.de
Working on the forgejo config:
```
systemctl stop forgejo.service
chmod 755 /etc/forgejo
chmod 644 /etc/forgejo/app.ini
```
```
mkdir -p /var/lib/forgejo/uploads
chmod -R 0777 /var/lib/forgejo/uploads
```
```
systemctl stop forgejo.service
```
## app.ini changes (Round 1):
For reference use /etc/forgejo/app.ini in this repo but with ALLOW_ONLY_EXTERNAL_REGISTRATION = false and the secrets from your installation.
```
systemctl restart forgejo.service
systemctl status forgejo.service
```
Anmelden und Admin-User erzeugen.
Now we go to https://git.neuro.uni-bremen.de/admin/auths
Create a new source of authentication
For the moment I am using the itexchange.neuro.uni-bremen.de/sso. Will be changed.
* Type: OAuth2
* Name: UniBremenSSO
* OAuth2-Provide: OpenID Connect
* Client-ID: git
* Client-Secret: [REDACTED]
* OpenID-Connect-Auto-Discovery-URL: https://itexchange.neuro.uni-bremen.de/sso/realms/master/.well-known/openid-configuration
app.ini changes (Round 2):
```
[service]
[...]
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
```
```
mkdir -p /var/lib/forgejo/custom/public/assets/img
```
Put the logos into /var/lib/forgejo/custom/public/assets/img
```
mkdir -p /var/lib/forgejo/custom/templates/user/auth
chmod -R 777 /var/lib/forgejo/custom
```
Put the files custom template files /var/lib/forgejo/custom/templates/
```
systemctl stop forgejo.service
systemctl start forgejo.service
systemctl status forgejo.service
```
Reference in a new issue View git blame Copy permalink