Browse Source

Added documentation for multiple instances of Gitea.

dev
Franco Masotti 8 months ago
parent
commit
77bcc5a2cb
Signed by: frnmst
GPG Key ID: 24116ED85666780A
  1. 244
      _posts/2021-09-13-problems-and-solutions-with-gitea-1-15.md

244
_posts/2021-09-13-problems-and-solutions-with-gitea-1-15.md

@ -1,7 +1,7 @@
---
title: Problems and solutions with Gitea 1.15
tags: [tutorial, gitea, mariadb, postgresql]
updated: 2021-12-10 17:28:08
updated: 2021-12-13 11:32:45
description: This blog is now self-hosted
---
@ -35,9 +35,16 @@ to something more scalable: [MariaDB](https://mariadb.org/).
- [Gitea configuration](#gitea-configuration)
- [Updating gitea next time](#updating-gitea-next-time)
- [Apache2 reverse proxy for Gitea](#apache2-reverse-proxy-for-gitea)
- [Multiple Gitea instances on the same host](#multiple-gitea-instances-on-the-same-host)
- [Gitea configuration](#gitea-configuration-1)
- [Databases](#databases)
- [Systemd service file](#systemd-service-file)
- [Apache virtual host extract](#apache-virtual-host-extract)
- [Listening ports for SSH](#listening-ports-for-ssh)
- [Redis databases](#redis-databases)
- [Updates](#updates)
- [1.15.2 -> 1.15.6](#1152---1156)
- [1.15.6 -> 1.15.7](#1156---1157)
- [1.15.2 -> 1.15.6](#1152---1156)
- [GitHub issues](#github-issues)
<!--TOC-->
@ -772,23 +779,223 @@ See these links for the UNIX socket explanation:
- [https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass](https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass)
- [https://wiki.archlinux.org/title/Talk:Gitea#Apache_Reverse_Proxy_Over_Unix_Socket](https://wiki.archlinux.org/title/Talk:Gitea#Apache_Reverse_Proxy_Over_Unix_Socket)
## Updates
## Multiple Gitea instances on the same host
### 1.15.2 -> 1.15.6
With a few tricks you can manage any number of gitea instances on the same hosts.
I'm running two at the moment.
After updating from 1.15.2 to 1.15.6, when running:
Using all the above configurations you will need the following:
```shell
HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea /usr/bin/gitea -c /etc/gitea/app.ini doctor --all --fix
```
- 2 databases
- 2 Gitea sockets. This step is very important
otherwise nothing works
- 2 listening ports for SSH-based operations
- 2 app.ini configuration files
- 2 (* n) Redis databases
- 2 Gitea Systemd service unit files
I get this:
In this example we have two instances running at:
- `my.domain.org`, SSH port 2112
- `my.other.domain.org`, SSH port 2222
Domains are called `FQDN` in variables from now on.
### Gitea configuration
1. copy the configuration file.
```shell
cp -aR /etc/gitea/app.ini /etc/gitea/${FQDN}.app.ini
```
2. edit these values as explained later:
| app.ini variable name | Description | Value | Scope |
|-----------------------|-------------|-------|-------|
| `APP_NAME` | - | `${FQDN}` | - |
| `repository.ROOT` | - | `/var/lib/gitea/${FQDN}/repos` | - |
| `server.ROOT_URL` | - | `https://${FQDN}/` | Apache |
| `server.HTTP_ADDR` | the UNIX socket path of the new Gitea instance | `/var/run/${FQDN}.gitea/gitea.sock` | Apache, Systemd (as `RuntimeDirectory`) |
| `server.SSH_DOMAIN` | same as the domain in the HTTP URL | `${FQDN}` | OpenSSH |
| `server.SSH_PORT` | see the SSH port section below | 2112 and 2222 in this example | OpenSSH |
| `server.SSH_ROOT_PATH` | - | `/var/lib/gitea/${FQDN}/.ssh` | OpenSSH |
| `server.APP_DATA_PATH` | - | `/var/lib/gitea/${FQDN}/data` | - |
| `log.file.FILE_NAME` | - | `/var/log/gitea/${FQDN}.log` | Fail2ban (if you use it) |
| `database.NAME` | the name of the new Gitea database | `echo giteadb_"$(echo -n "${FQDN}" | tr '.' '_')"` | PostgreSQL |
| `cache.HOST` | change the redis `db` value | - | Redis |
| `session.PROVIDER_CONFIG` | change the redis `db` value | - | Redis |
| `queue.CONN_STR` | change the redis `db` value | - | Redis |
| `queue.task.QUEUE_CONN_STR` | change the redis `db` value | - | Redis |
| `task.QUEUE_CONN_STR` | change the redis `db` value | - | Redis |
### Databases
1. create a second database as usual
(see the [instructions on Gitea docs](https://docs.gitea.io/en-us/database-prep/#postgresql)).
2. add the Borgmatic backup service for the new database
### Systemd service file
```ini
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
After=postgresql.service
After=memcached.service
After=redis.service
# Comment or change these.
Requires=network.target
Requires=postgresql.service
Requires=redis.service
OnFailure=notify-unit-status@%n.service
[Service]
ExecStart=
ExecStart=/usr/bin/gitea web -c /etc/gitea/${FQDN}.app.ini
User=gitea
Group=gitea
Type=simple
WorkingDirectory=~
RuntimeDirectory=${FQDN}.gitea
LogsDirectory=gitea
StateDirectory=gitea
Environment=USER=gitea HOME=/var/lib/gitea/${FQDN} GITEA_WORK_DIR=/var/lib/gitea/${FQDN}
Restart=always
RestartSec=2s
CapabilityBoundingSet=
NoNewPrivileges=false
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/etc/gitea/${FQDN}.app.ini
PrivateTmp=true
PrivateDevices=false
PrivateUsers=false
ProtectHostname=false
ProtectClock=false
ProtectKernelTunables=false
ProtectKernelModules=false
ProtectKernelLogs=false
ProtectControlGroups=true
LockPersonality=false
MemoryDenyWriteExecute=false
RestrictRealtime=false
RestrictSUIDSGID=false
SystemCallArchitectures=
SystemCallFilter=
SystemCallErrorNumber=EPERM
ReadWriteDirectories=/var/spool/postfix/maildrop
```
[4] Check consistency of database
- [C] Error: pq: syntax error at or near "." whilst counting Collaborations without existing user
### Apache virtual host extract
Remember to change the port number. Here is set to `3000` as an example.
```apache
<IfModule mod_ssl.c>
<VirtualHost *:443>
UseCanonicalName on
ProxyPreserveHost On
Keepalive On
RewriteEngine on
AllowEncodedSlashes NoDecode
ServerName ${FQDN}
ProxyBadHeader Ignore
SSLCompression off
ProxyPass / unix:/var/run/${FQDN}.gitea/gitea.sock|http://127.0.0.1:3000/ nocanon
ProxyPassReverse / unix:/var/run/${FQDN}.gitea/gitea.sock|http://127.0.0.1:3000/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem
</VirtualHost>
</IfModule>
```
### Listening ports for SSH
1. separate the two authorized keys files based on port.
What follows is an example extract of `/etc/ssh/sshd_config` that enables
this setup. `user1`, `user2` and `user3` are example users
you might have in your sshd configuration file
```conf
Port 22
Port 33
# my.domain.org
Port 2112
# my.other.domain.org
Port 2222
#########
# Users #
#########
# Exclude all other from 30000 and 30001.
Match LocalPort 2112
DenyUsers user1 user2 user3
AllowUsers gitea
Match LocalPort 2222
DenyUsers user1 user2 user3
AllowUsers gitea
# Exclude gitea.
Match LocalPort 22
DenyUsers gitea
AllowUsers user1 user2 user3
# An extra SSH port.
Match LocalPort 33
DenyUsers gitea
AllowUsers user1 user2 user3
#######################
# Gitea my.domain.org #
#######################
Match User gitea LocalPort 2112
IPQoS throughput
X11Forwarding no
PermitTTY no
AllowTcpForwarding no
AuthorizedKeysFile .ssh/authorized_keys my.domain.org/.ssh/authorized_keys
#############################
# Gitea my.other.domain.org #
#############################
Match User gitea LocalPort 2222
IPQoS throughput
X11Forwarding no
PermitTTY no
AllowTcpForwarding no
AuthorizedKeysFile my.other.domain.org/.ssh/authorized_keys
```
2. remember to open the new SSH ports in iptables if needed
### Redis databases
1. increase the number of databases in `/etc/redis/redis.conf`:
```conf
databases 32
```
2. restart Redis
```shell
systemctl restart redis
```
## Updates
### 1.15.6 -> 1.15.7
Still the same error:
@ -810,6 +1017,21 @@ HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea /usr/bin/gitea -c /etc/gitea/a
2021/12/10 18:16:38 ...om/urfave/cli/app.go:277:Run() [W] Table external_login_user column avatar_url db type is TEXT, struct type is VARCHAR(255)
```
### 1.15.2 -> 1.15.6
After updating from 1.15.2 to 1.15.6, when running:
```shell
HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea /usr/bin/gitea -c /etc/gitea/app.ini doctor --all --fix
```
I get this:
```
[4] Check consistency of database
- [C] Error: pq: syntax error at or near "." whilst counting Collaborations without existing user
```
### GitHub issues
- [16992](https://github.com/go-gitea/gitea/issues/16992)

Loading…
Cancel
Save