aboutsummaryrefslogtreecommitdiff
path: root/docker
AgeCommit message (Collapse)Author
2023-02-22Wrap unless-check in docker manifests (#23079)John Olheiser
Should fix the following: > failed to render template: Evaluation error: Helper 'unless' called with wrong number of arguments, needed 2 but got 3 Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-02-19Adjust manifest to prevent tagging latest on rcs (#22811)zeripath
2023-01-31Rootless Docker - Mistake with the repo-avatars parent folder name (#22637)Melroy van den Berg
There was a mistake when choosing the structure for the repo avatars parent folder and it added a spurious /gitea. The `data` directory should contain folders like: - `attachments/` - `avatars/` - `log/` - `repo-avatars/`
2022-11-03Remove deprecated DSA host key from Docker Container (#21522)Xinyu Zhou
Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html ## :warning: BREAKING :warning: This patch will remove DSA host key form OpenSSH daemon configuration file. Signed-off-by: baronbunny <its@baronbunny.cn> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-08-19Fix the mode of custom dir to 0700 in docker-rootless (#20861)wxiaoguang
2022-05-31feat: Add support for extra sshd_config parameters via 'Include' file (#19842)Thomas Andrade
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-05-24Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for ↵wxiaoguang
Docker (#19794) * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` in Docker * Update docs/content/doc/installation/with-docker.zh-cn.md
2022-03-31Configure OpenSSH log level via Environment in Docker (#19274)Gusted
Introduce a new environment variable: SSH_LOG_LEVEL
2022-02-10Fix issue with docker-rootless shimming script (#18690)zeripath
2022-02-03Fix pushing to 1-x-dev docker tag (#18578)zeripath
* Fix pushing to 1-x-dev docker tag It appears that #18551 and #18573 have a mistake in that raymond does not have an {{else}} on {{#equal}}. This PR notes that Sprig has a hasPrefix function and so we use this with another if. Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix pushing to 1-x-dev docker tag (part 2) Although we now have the manifest working, we need to create the images. Here we adjust the .drone.yml to force building of the images Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix pushing to 1-x-dev docker tag OK now we have the images building we should make sure that the main ones stays dev and the release/v* ones become *-dev-* Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review
2022-02-03Fix manifest.tmpl (#18573)zeripath
A spurious {{/if}} appeared on the manifest.tmpl - this PR simply removes this. Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-03Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that ↵zeripath
branch (#18551) * Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch One of the problems with our current docker tagging is that although we have strict version tags, latest and dev we do not have a way for docker users to track the current release branch. This PR simply suggests that we use the 1.x-dev tag for these and we build and push these. This will give users who want or need unreleased bug fixes the option of tracking the pre-release version instead of simply jumping to dev. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-01In docker rootless use $GITEA_APP_INI if provided (#18524)Michael Kriese
2022-01-23Switch to non-deprecation setting (#18358)Gusted
* Switch to non-deprecation setting (Avoid by-default: "Deprecated fallback `[server]` `LFS_CONTENT_PATH` present. Use `[lfs]` `PATH` instead. This fallback will be removed in v1.18.0") * Update all references
2022-01-19Upgrade Alpine from 3.13 to 3.15 (#18050)v1.17.0-devGrzegorz Alibożek
* Upgrade alpine to 3.15 * Add executability test to entrypoint for too old dockers Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docker/rootless/usr/local/bin/docker-entrypoint.sh Co-authored-by: zeripath <art27@cantab.net>
2021-12-01Use shadowing script for docker (#17846)zeripath
Too many docker users are caught out by the default location for the app.ini file being environment dependent so that when they docker exec into the container the gitea commands do not work properly and require additional -c arguments to correctly pick up the configuration. This PR simply shadows the gitea binary using variants of the FHS compatible script to make the command gitea have the default locations by default. Fix #14468 Reference #17497 Reference #12082 Reference #8941 ... amongst others ... Replace #17501 Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-14Change docker tag logic (#16421)techknowlogick
* Change docker logic * Apply suggestions from code review Co-authored-by: Kyle D. <kdumontnu@gmail.com> * docs Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Kyle D. <kdumontnu@gmail.com>
2021-07-08Fix various documentation, user-facing, and source comment typos (#16367)luzpaz
* Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-06-01Fix bug due to missing MaxStartups and MaxSessions (#16046)zeripath
Unforunately #16009 makes these settings mandatory. This PR uses the same technique as used for the certificates to make these settings non-mandatory. Fix #16044 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-05-31Make sshd_config more flexible regarding connections (#16009)Dario Louzado
* Make sshd_config more flexible regarding MaxStartups and MaxSessions. See https://man.openbsd.org/sshd_config for more information. * make property prefix equals other existing Gitea SSH properties. Co-authored-by: dlouzado <dlouzado@senado.leg.br>
2021-05-13Only offer hostcertificates if they exist (#15849)zeripath
A common bug report is the otherwise harmless sshd logging: ``` Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory ``` This PR simply checks if these files exist before creation of sshd_config and if they do not exist, doesn't add a reference to them. Fix #14110 amongst others. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-16Add reverse proxy configuration support for remote IP address (#14959)Lauris BH
* Add reverse proxy configuration support for remote IP address validation * Trust all IP addresses in containerized environments by default * Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-23Add environment-to-ini to docker image (#14762)Kyle D
* Add environment-to-app.ini routine * Call environment-to-ini in docker setup scripts * Automatically convert section vars to lower case to match documentation * Remove git patch instructions * Add env variable documentation to Install Docker
2021-01-29Update docs and comments to remove macaron (#14491)Lunny Xiao
2020-11-30Set RUN_MODE prod by default (#13765)silverwind
I think it's a bad default to have "dev" as the default run mode which enables debugging and now also disables HTTP caching. It's better to just default to a value suitable for general deployments. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28Format files (#13698)6543
* align "make help" * format * untouch build/generate-svg.js * untouch .eslintrc * combine editorconfig's * rm editorconfig Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-02fix docker rootless manifest (#13386)Antoine GIRARD
2020-11-01Remove specific indexer path (#13388)Antoine GIRARD
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-31docker: rootless image (#10154)Antoine GIRARD
* docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
2020-10-14Update sshd_config (#13143)Anders Eurenius Runvald
Afaik, adding these lines does nothing unless the file(s) are present. Having them in let's admins supply certs instead of relying on TOFU. Co-authored-by: zeripath <art27@cantab.net>
2020-10-10Add ssh certificate support (#12281)Wim
* Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10Change default log configuration (#13088)zeripath
* Change default log configuration This PR changes the install page and the docker default logging configuration to match the suggested configuration that I repeatedly end up suggesting on issues. It further improves the logging configuration docs to recommend specific instructions for how to configure logs for posting to issues. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/logging-documentation.en-us.md
2020-10-09Disable DSA ssh keys by default (#13056)zeripath
* Disable DSA ssh keys by default OpenSSH has disabled DSA keys since version 7.0 As the docker runs openssh > v7.0 we should just disable DSA keys by default. Refers to #11417 Signed-off-by: Andrew Thornton <art27@cantab.net> * Just disable DSA keys by default Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove DSA type * Fix Tests Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-07-29Fix typo in README.md (#12369)Kevin Schweikert
Changed Dockefile to Dockerfile
2020-07-21merge docker makefile into main one (#12289)techknowlogick
* merge docker makefile into main one * add readme for docker folder * don't include a file that doesn't exist anymore Co-authored-by: Lauris BH <lauris@nix.lv>
2020-06-06Fix missing CGO_EXTRA_FLAGS build arg for docker (#11782)Cirno the Strongest
Co-authored-by: zeripath <art27@cantab.net>
2020-05-04Fix; declare DOMAIN variable for docker setup (#10780)Adrian POIGET
In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable and overwrites SSH_DOMAIN environment variable set the first time if nothing done Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
2019-12-05Fix latest docker image haven't include static files. (#9252)Lunny Xiao
* add warnging on docs * fix docs
2019-11-27docker: ask s6 to stop all service when gitea stop (#9171)Antoine GIRARD
* fix: ask s6 to stop all service when gitea stop https://github.com/just-containers/s6-overlay#writing-an-optional-finish-script * change service folder
2019-10-12Fix #8453 by making openssh listen on SSH_LISTEN_PORT not SSH_PORT (#8477)zeripath
2019-09-05Make AllowedUsers configurable in sshd_config (#8094)jpellegrini
docker/root/usr/bin/entrypoint already allows for the specification of USER, USER_UID, USER_GID. But since AllowedUsers is hardcoded in sshd_config, one cannot log in as a user different ftom git. This change substitutes ${USER} for git in the sshd_config template. Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
2019-08-24Support SSH_LISTEN_PORT env var in docker app.ini template (#7829)leigh capili
Signed-off-by: leigh capili <leigh@null.net>
2019-07-24drone/docker: prepare multi-arch release + provide arm64 image (#7571)Antoine GIRARD
* drone/docker: prepare multi-arch release * Add docker-linux-arm64 pipeline * add arm 64 build to manifest * tag dry-run + indent * Fix notify dependency
2019-07-06Implement the ability to change the ssh port to match what is in the gitea ↵Christopher Thomas
config (#7286) * - rearrange the templates to make it more logical because now ssh_config is a template - implemented the updating of the port to the same as the port sent to the gitea config * change the filename back
2019-06-24[docker] Add LFS_START_SERVER option to control git-lfs support (#7281)Marat Radchenko
2019-05-29Repository avatars (#6986)Sergey Dryabzhinsky
* Repository avatars - first variant of code from old work for gogs - add migration 87 - add new option in app.ini - add en-US locale string - add new class in repository.less * Add changed index.css, remove unused template name * Update en-us doc about configuration options * Add comments to new functions, add new option to docker app.ini * Add comment for lint * Remove variable, not needed * Fix formatting * Update swagger api template * Check if avatar exists * Fix avatar link/path checks * Typo * TEXT column can't have a default value * Fixes: - remove old avatar file on upload - use ID in name of avatar file - users may upload same files - add simple tests * Fix fmt check * Generate PNG instead of "static" GIF * More informative comment * Fix error message * Update avatar upload checks: - add file size check - add new option - update config docs - add new string to en-us locale * Fixes: - use FileHEader field for check file size - add new test - upload big image * Fix formatting * Update comments * Update log message * Removed wrong style - not needed * Use Sync2 to migrate * Update repos list view - bigger avatar - fix html blocks alignment * A little adjust avatar size * Use small icons for explore/repo list * Use new cool avatar preparation func by @lafriks * Missing changes for new function * Remove unused import, move imports * Missed new option definition in app.ini Add file size check in user/profile avatar upload * Use smaller field length for Avatar * Use session to update repo DB data, update DeleteAvatar - use session too * Fix err variable definition * As suggested @lafriks - return as soon as possible, code readability
2019-05-13[docker] support for custom GITEA_CUSTOM env var (#6608)Jakob Ackermann
2019-05-05[docker] drop the docker Makefile from the image (#6507)Jakob Ackermann
2019-04-29Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)zeripath
2019-04-16[docker] let the ssh daemon speak for itself and drop the syslog daemon (#6529)Jakob Ackermann
The sshd flag `-e` instructs sshd to output any logs to stderr instead of the syslog. Redirect this output to stdout then. Signed-off-by: Jakob Ackermann <das7pad@outlook.com>