| backup | ||
| etc | ||
| logo | ||
| mod_delete | ||
| mod_forgotten_password | ||
| mod_landing_page | ||
| mod_upload | ||
| templates | ||
| README.md | ||
Note
We use
https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo
instead of the vanilla forgejo. The reason is that our data hungry research discipines need git-annex ( https://git-annex.branchable.com/ ).
forgejo-aneksajo is always a bit behind the main. However, the want to be part of the vanilla forgejo. I hope they will be able to do that. This would be nice for us because then we don't need to compile the source code ourselfs. :-)
Firewall
ufw allow 80
ufw allow 443
ufw allow 11080
ufw allow 22
ufw enable
Package installation
add-apt-repository ppa:git-core/ppa
apt update
apt upgrade
apt -y install mc net-tools nginx micro mariadb-server mariadb-client git git-lfs make curl lynx git-annex
SSH Port
We need to change the ssh port. We need it for git.
micro /etc/ssh/sshd_config
Replace
#Port 22
with
Port 11080
Restart service
systemctl restart sshd
Maria DB
systemctl enable mariadb
mysql_secure_installation
- Switch to unix_socket authentication [Y/n] Y
- Change the root password? [Y/n] n
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y
mysql
Under mysql:
SET old_passwords=0;
CREATE USER 'forgejo'@'%' IDENTIFIED BY '[REDACTED]';
CREATE DATABASE forgejodb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_bin';
GRANT ALL PRIVILEGES ON forgejodb.* TO 'forgejo';
FLUSH PRIVILEGES;
exit
Install go lang >= 1.23
Add the go complier path to the bash rc
echo "export PATH=\$PATH:/usr/local/go/bin" >> /root/.bashrc
export PATH=$PATH:/usr/local/go/bin
cd /root
wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
rm -rf /usr/local/go
tar -C /usr/local -xzf go1.23.5.linux-amd64.tar.gz
Install nodejs 22
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install 22
Some checks
node -v # Should print "v22.13.0"
nvm current # Should print "v22.13.0"
npm -v # Should print "10.9.2"
Install forgejo-aneksajo (v9.0.3-git-annex0 on the 16.01.2025)
Prepare the user
sudo adduser --system --shell /bin/bash --gecos 'Git Version Control' \
--group --disabled-password --home /home/git git
Make the necessary directories
mkdir /var/lib/forgejo
chown git:git /var/lib/forgejo
chmod 750 /var/lib/forgejo
mkdir -p /var/lib/forgejo/custom/public/assets
chown -R git:git /var/lib/forgejo/custom
chmod -R 750 /var/lib/forgejo/custom
mkdir /etc/forgejo
chown root:git /etc/forgejo
chmod 770 /etc/forgejo
Place the forgejo.service the systemd script to
/etc/systemd/system/forgejo.service
Compile the software
cd /root
https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo.git
cd forgejo-aneksajo
TAGS="bindata timetzdata" make build
cp gitea /usr/local/bin/forgejo
chmod 755 /usr/local/bin/forgejo
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/forgejo
systemctl enable forgejo.service
systemctl start forgejo.service
Check
systemctl status forgejo.service
SSL Certifcate
I placed the SSL certificates into /etc/nginx (ca.pem: certifcate bundle, key.pem: private key)
cd /etc/nginx
chmod 0400 key.pem
chmod 0444 ca.pem
nginx
cd /etc/nginx
mv nginx.conf nginx.conf_old
wget -O/etc/nginx/nginx.conf https://git.neuro.uni-bremen.de/git_rot/forgejo_installation_process/raw/branch/main/etc/nginx/nginx.conf
Test if everything is okay:
nginx -t
systemctl stop nginx
systemctl start nginx
systemctl enable nginx
systemctl status nginx
Configure forgejo
chmod 777 /etc/forgejo
touch /etc/forgejo/app.ini
chmod 777 /etc/forgejo/app.ini
systemctl enable forgejo.service
systemctl start forgejo.service
Check the status of forgejo
systemctl status forgejo.service
go to https://git.neuro.uni-bremen.de
Working on the forgejo config:
systemctl stop forgejo.service
chmod 755 /etc/forgejo
chmod 644 /etc/forgejo/app.ini
mkdir -p /var/lib/forgejo/uploads
chmod -R 0777 /var/lib/forgejo/uploads
systemctl stop forgejo.service
app.ini changes (Round 1):
For reference use /etc/forgejo/app.ini in this repo but with ALLOW_ONLY_EXTERNAL_REGISTRATION = false and the secrets from your installation.
systemctl restart forgejo.service
systemctl status forgejo.service
Anmelden und Admin-User erzeugen.
Now we go to https://git.neuro.uni-bremen.de/admin/auths
Create a new source of authentication
For the moment I am using the itexchange.neuro.uni-bremen.de/sso. Will be changed.
- Type: OAuth2
- Name: UniBremenSSO
- OAuth2-Provide: OpenID Connect
- Client-ID: git
- Client-Secret: [REDACTED]
- OpenID-Connect-Auto-Discovery-URL: https://itexchange.neuro.uni-bremen.de/sso/realms/master/.well-known/openid-configuration
app.ini changes (Round 2):
[service]
[...]
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
mkdir -p /var/lib/forgejo/custom/public/assets/img
Put the logos into /var/lib/forgejo/custom/public/assets/img
mkdir -p /var/lib/forgejo/custom/templates/user/auth
chmod -R 777 /var/lib/forgejo/custom
Put the files custom template files /var/lib/forgejo/custom/templates/
systemctl stop forgejo.service
systemctl start forgejo.service
systemctl status forgejo.service