Switch gitea to TLS

Gitea supports internal TLS termination as well as redirection of
http to https.  That may be simpler than terminating in a reverse
proxy.  Let's try it.

Also, make the dockerfile match the expectation of the job that
there will be a gitea-init stage.

Also, fix the repository root setting in app.ini.

Change-Id: Ia6b66b53cebdb1afa49fef89a0559615f98052f1
This commit is contained in:
James E. Blair 2019-02-14 12:45:15 -08:00
parent 1c7032b859
commit 4ae46fd9c3
6 changed files with 24 additions and 3 deletions

View File

@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
FROM opendevorg/jinja-init
FROM opendevorg/jinja-init as gitea-init
COPY entrypoint.sh /

View File

@ -21,6 +21,12 @@ chown 1000:1000 /data/git
mkdir -p /data/gitea
chown 1000:1000 /data/gitea
mkdir -p /data/gitea/ssl
chown 1000:1000 /data/gitea/ssl
chmod 0500 /data/gitea/ssl
cp /secrets/gitea_tls_cert /data/gitea/ssl/cert.pem
cp /secrets/gitea_tls_key /data/gitea/ssl/key.pem
# This one is used by openssh and can remain root-owned
mkdir -p /data/ssh

View File

@ -5,8 +5,9 @@ RUN_USER = git
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = http://38.108.68.64/
ROOT_URL = https://38.108.68.64/
DISABLE_SSH = false
SSH_PORT = 22
LFS_CONTENT_PATH = /data/git/lfs
@ -14,6 +15,10 @@ DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /data/gitea/ssl/cert.pem
KEY_FILE = /data/gitea/ssl/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
@ -24,6 +29,9 @@ PASSWD = {{ db_password }}
SSL_MODE = disable
LOG_SQL = false
[repository]
ROOT = /data/git/repositories
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
@ -50,7 +58,7 @@ SECRET_KEY = {{ secret_key }}
INTERNAL_TOKEN = {{ internal_token }}
[service]
DISABLE_REGISTRATION = false
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false

View File

@ -34,6 +34,7 @@ spec:
value: '2' # Increment to trigger a deployment.
ports:
- containerPort: 3000
- containerPort: 3080
volumeMounts:
- name: gitea-data
mountPath: /data

View File

@ -10,3 +10,5 @@ stringData:
lfs_jwt_secret: {{ gitea_lfs_jwt_secret }}
db_username: {{ gitea_db_username }}
db_password: {{ gitea_db_password }}
gitea_tls_cert: {{ gitea_tls_cert }}
gitea_tls_key: {{ gitea_tls_key }}

View File

@ -9,6 +9,10 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 3080
name: http
- protocol: TCP
port: 443
targetPort: 3000
name: http
- protocol: TCP