loading...

Gitea On OpenBSD: Using Official Package

nabbisen profile image Heddi Nabbisen Updated on ・5 min read

Gitea On OpenBSD (2 Part Series)

1) Gitea On OpenBSD: Using Official Package 2) Gitea 1.11 on OpenBSD: Update Failure

Overview

"Git with a cup of tea" 🍵
Gitea is self-hosted Git service, lightweight code hosting solution, written in Go.
It is a community managed fork of Gogs and well-maintained nowadays.

OpenBSD provides the Gitea package (I really appreciate it!) which is very useful to save time : )
This post will show you how to install it and set it up.

Environment

  • OS: OpenBSD 6.4 amd64
  • Database: MariaDB 10.0
  • Web Server: OpenBSD httpd
  • Git Service: Gitea 1.5.0
✿ ✿ ✿

Installation

#1. Preparing Database

Gitea supports various databases such as MariaDB, PostgreSQL, SQLite3 and TiDB.

In case of MariaDB:

$ mysql -u root -p

Create database/user:

CREATE DATABASE %db-name% DEFAULT CHARACTER SET `utf8mb4` COLLATE `utf8mb4_unicode_ci`;
GRANT ALL PRIVILEGES ON %db-name%.* TO %db-user% IDENTIFIED BY '%db-pass%';
FLUSH PRIVILEGES;

#2. Installing Package

Just using pkg_add brings us to the gate instantly:

# pkg_add gitea
quirks-3.16 signed on 2018-10-12T15:26:25Z
gitea-1.5.0p0: ok
The following new rcscripts were installed: /etc/rc.d/gitea
See rcctl(8) for details.
New and changed readme(s):
        /usr/local/share/doc/pkg-readmes/gitea

Besides, the instructions in /usr/local/share/doc/pkg-readmes/gitea is clear and helpful.

# (note) GITEA_CUSTOM

Gitea's custom/conf isn't used this time, because /etc/rc.d/gitea is as follows:

#!/bin/ksh
#
# $OpenBSD: gitea.rc,v 1.4 2018/01/11 19:27:11 rpe Exp $

daemon="/usr/local/sbin/gitea"
daemon_user="_gitea"
daemon_flags="web"

. /etc/rc.d/rc.subr

rc_bg=YES
rc_reload=NO

rc_start() {
        ${rcexec} "env HOME=/var/gitea USER=${daemon_user} \
                GITEA_WORK_DIR=/usr/local/share/gitea \
                GITEA_CUSTOM=/etc/gitea \
                ${daemon} ${daemon_flags}"
}

rc_cmd $1

GITEA_CUSTOM is defined as /etc/gitea.


#3. Setting Up Gitea

Every step is about editing /etc/gitea/conf/app.ini.

Server

Go to [server] section, and change the settings as follows.

From:

; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
PROTOCOL = http
DOMAIN = localhost
ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
HTTP_ADDR = 0.0.0.0
HTTP_PORT = 3000
...
; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node.
; Do not set this variable if PROTOCOL is set to 'unix'.
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/

To:

; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
PROTOCOL = fcgi
DOMAIN = %your-domain%
ROOT_URL = https://%your-domain%
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
HTTP_ADDR = 127.0.0.1
HTTP_PORT = 10787
...
; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node.
; Do not set this variable if PROTOCOL is set to 'unix'.
LOCAL_ROOT_URL = https://%your-domain%/

Run User (Optional)

There is RUN_USER definition at the top of the file.

; This file lists the default values used by Gitea
; Copy required sections to your own app.ini (default is custom/conf/app.ini)
; and modify as needed.
; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
; App name that shows in every page title
APP_NAME = Gitea: Git with a cup of tea
; Change it if you run locally
RUN_USER = _gitea
; Either "dev", "prod" or "test", default is "dev"
RUN_MODE = prod

Repository (Optional)

If you want to have multiple services with different directories for the repositories in the future, go to [repository] section, and change the settings as follows.
This is for the purpose of letting the directory unique.

From:

ROOT = /var/gitea/gitea-repositories

To:

ROOT = /var/www/%documen-root%/gitea/gitea-repositories

Then prepare the directory for RUN_USER:

# mkdir /var/www/%document-root%/gitea/gitea-repositories
# chown _gitea:_gitea /var/www/%document-root%/gitea/gitea-repositories

Database (Optional)

If you use another database instead of SQLite3, go to [database] section, and change the settings as follows.

From:

; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
DB_TYPE = sqlite3

To:

; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
DB_TYPE = mysql

Well, other settings don't have to be editted, because they will be asked in the web installer later.

Suppressing U2F (Temporarily?)

According to the Github issue (and it actually happened to me!), U2F causes a critical error around a Segfault (SIGSEGV) on starting.
Therefore, we have to suppress it.

Go to [U2F] section, and comment out all of the settings as follows.

From:

[U2F]
; Two Factor authentication with security keys
; https://developers.yubico.com/U2F/App_ID.html
APP_ID         = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
; Comma seperated list of truisted facets
TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/

To:

[U2F]
;; Two Factor authentication with security keys
;; https://developers.yubico.com/U2F/App_ID.html
;APP_ID         = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
;; Comma seperated list of truisted facets
;TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/

Activating/Starting Daemon

Now Gitea is ready!

# rcctl enable gitea
# rcctl start gitea

Well, if something goes wrong here, using -d option would be helpful for debugging rcctl:


#4. Configure httpd

First of all, get the certification for HTTPS connection, because the passwords will be asked in the web installer later:

Then edit /etc/httpd.conf:

server "%your-domain%" {
        listen on $ext_addr port 80
        block return 301 "https://$SERVER_NAME$REQUEST_URI"
}
server "%your-domain%" {
        listen on $ext_addr tls port 443
        tls {
                certificate     "/etc/letsencrypt/live/%your-domain%/fullchain.pem"
                key             "/etc/letsencrypt/live/%your-domain%/privkey.pem"
        }
        connection { max requests 500, timeout 3600 }
        location "/*" {
                fastcgi socket ":10787"
        }
}

Restart the daemon:

# rcctl restart httpd

#5. Initialization Via Web Installer

The goal is almost there!
Let's access the website with web browser and go to /install.
Following the web installer brings us the goal gently:

web installer

I'm happy if you enjoy code hosting with Gitea : )

✿ ✿ ✿

Happy serving 🌿

Gitea On OpenBSD (2 Part Series)

1) Gitea On OpenBSD: Using Official Package 2) Gitea 1.11 on OpenBSD: Update Failure

Posted on by:

nabbisen profile

Heddi Nabbisen

@nabbisen

An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.

Discussion

markdown guide