使用gitea搭建Git服务

简述

使用gitea搭建Git服务，本文已有internal版本，具体看文件

前情提示

系统：

一说

• 同步更新最新版、完整版请移步PUSDN Powered By PUSDN - 平行宇宙软件开发者网www.pusdn.com ，转载请标明出处！

• 部分截图、链接等因过期、更换域名、MD语法等可能不显示，可联系反馈（备注好博文地址），谢谢❤

• 带有#号、删除线、不操作、不执行字样的为提示或者备份bash，实际不执行

前情提示

阿里、tx、西数centOS6.4，6系列均可cat /etc/redhat-release

gitea1.12

Git 2.26.2最新稳定版本；

MySQL8社区版：mysql-8.0.20-1.el6.x86_64.rpm-bundle.tar；

废话说在前面

已从gogs转移至gitea。为什么？这么说吧，给你个Google pixel手机（原生安卓系统），一个小米手机（基于Android，定制化，更人性）。哪个用的舒服？gitea和其他对比，可以看官网横向对比。gitea的好可以自己看官网特性，这里不再赘述。

至于为什么换成gitea，当初因为组织团队权限推送问题和批量绑定仓库问题，这两点gogs是没有的，另外，两者个人感觉都活跃，gitea更加频繁，毕竟是社区化的合作开发。

两者都有try，自己体验，尝试。

更新说明

1. 去除普通图片截图，保留部分核心截图；详细截图可参考：https://blog.csdn.net/qq_31708763/article/details/104814669
2. gitea1.11.5到1.12从80M到120M，看来更新不少。
3. 本文仅内部搭建环境使用，本文不再更新，有问题留言，或移步新地址。

软件准备

软件下载，官网下载或云盘下载。步骤略。

将下载好的软件上传到服务器。

mkdir -p /server/backup/gs
# scp -P 22000 -r -v /server/backup/gs/* root@211.149.239.182:/server/backup/gs
scp -P 22 -r -v /server/backup/gs/* root@59.110.21.159:/server/backup/gs
# scp -P 22 -r -v /server/backup/gs/gitea-1.12-linux-amd64 root@59.110.21.159:/server/backup/gs
#如果重装
ssh-keygen -R 59.110.21.159

更新yum（可选）

yum -y update

swap创建（可选）

sudo dd if=/dev/zero of=/swapfile count=2048 bs=1M
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile   none    swap    sw    0   0' | sudo tee -a /etc/fstab
free -m
history | grep 'swap'
删除
1. 停止正在使用的swap分区
$ swapoff /root/swap

2. 删除swap分区文件
$ rm /root/swap

3. 删除或注释在/etc/fstab文件中的以下开机自动挂载内容：
$ vim /etc/fstab 在该文件中删除如下内容

更新内核

gitea必须，否则centos6下报错：kernel too old。

解决：https://janeyork.blog.csdn.net/article/details/106496370

MySQL安装

rpm -qa|grep mysql
# 如果有，卸载
yum -y remove mysql mysql-server mysql-libs compat-mysql51
rm -rf /var/lib/mysql
##可能cannot remove ‘/etc/my.cnf’: No such file or directory
rm /etc/my.cnf
rpm -e mysql-community-client-8.0.20-1.el6.x86_64 --nodeps
rpm -e mysql-community-libs-8.0.20-1.el6.x86_64 --nodeps
rpm -e mysql-community-server-8.0.20-1.el6.x86_64 --nodeps
rpm -e mysql-community-common-8.0.20-1.el6.x86_64 --nodeps

安装依赖

yum -y install wget gcc-c++ ncurses ncurses-devel cmake make perl bison openssl openssl-devel gcc* libxml2 libxml2-devel curl-devel libjpeg* libpng* freetype* make gcc-c++ cmake bison-devel ncurses-devel bison perl perl-devel perl perl-devel net-tools* numactl* 

安装MySQL

cd /server/backup/gs/
rpm -ivh mysql-community-common-8.0.20-1.el6.x86_64.rpm --nodeps --force
rpm -ivh mysql-community-libs-8.0.20-1.el6.x86_64.rpm --nodeps --force
rpm -ivh mysql-community-client-8.0.20-1.el6.x86_64.rpm --nodeps --force
rpm -ivh mysql-community-server-8.0.20-1.el6.x86_64.rpm --nodeps --force

配置/etc/my.cnf，添加如下：

lower_case_table_names=1
sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'

完整内容：

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove the leading "# " to disable binary logging
# Binary logging captures changes between backups and is enabled by
# default. It's default setting is log_bin=binlog
# disable_log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
#
# Remove leading # to revert to previous value for default_authentication_plugin,
# this will increase compatibility with older clients. For background, see:
# https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_default_authentication_plugin
# default-authentication-plugin=mysql_native_password

datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

lower_case_table_names=1
sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'

启动：

groupadd mysql
useradd -g mysql mysql
mkdir -p /var/lib/mysql


mysqld --initialize --user=mysql
chown -R mysql:mysql /var/lib/mysql
chmod -R 777 /var/lib/mysql

centOS6:
service mysqld start
查看启动状态
service mysqld status
# 设置开机启动（可不用，rmp安装完，默认自启）
# chkconfig mysqld on

以下为备份内容，并未执行：
如果以root用户身份登录CentOS 6.8服务器，可以执行如下命令。
mysqld --initialize --user=mysql
mysqld --initialize-insecure --user=mysql
如果以mysql用户身份登录CentOS 6.8服务器，可以执行如下命令。
mysqld --initialize
mysqld --initialize-insecure
因为我这里使用的是root账户登录CentOS 6.8服务器，所以，初始化数据库时，我执行的是如下命令。
mkdir -p /usr/local/mysql
chown -R mysql.mysql /usr/local/mysql
mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
注意：这里，我在执行mysqld --initialize命令时，指定了MySQL的安装目录。 在MySQL的安装过程中，建议指定MySQL的安装目录。当/usr/local/mysql目录下存在data目录时，会初始化失败，必须确保/usr/local/mysql下没有data目录。

查看临时生成的密码：

cat /var/log/mysqld.log | grep password

修改初始密码：

mysql -u root -p
DhPO0Wr-#kqp
# 高版本数据库使用强密码规则，密码设置尽可能麻烦，大写+小写+数字+符号
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Woshihenfuzademima$_$';
exit;

创建远程账号：

mysql -u root -p
Woshihenfuzademima$_$
CREATE USER 'remote'@'%' IDENTIFIED BY 'Woshihenfuzademima$_$';
GRANT ALL PRIVILEGES ON *.* TO 'remote'@'%'WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;

配置防火墙

vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9527 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

修改完成后，重启防火墙：service iptables restart，如果有必要，请登录云安全组开放端口。

说明：rpm方式安装mysql默认位置：

1、数据库目录
/var/lib/mysql/
2、配置文件
/usr/share/mysql(mysql.server命令及配置文件)
3、相关命令
/usr/bin(mysqladmin mysqldump等命令)
4、启动脚本
/etc/rc.d/init.d/(启动脚本文件mysql的目录)

Git安装

卸载旧版本：

查看源版本信息：
yum info git
git --version
如果安装了，卸载：
yum remove git

安装依赖：

yum install -y asciidoc docbook2X xmlto texinfo sgml2xml autoconf openjade curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker

上传git安装包，并解压：

cd /server/backup/gs/
tar -zxvf git-2.26.2.tar.gz
cd git-2.26.2
make configure
./configure --prefix=/usr/local/git
make && make install
sudo echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/profile
source /etc/profile

验证Git是否安装成功：

输入git --version试试安装成功。

Gitea安装

创建git用户：

sudo useradd git

创建gitea，mysql用户密码，专门用于gitea本地访问：

mysql -u root -p
Woshihenfuzademima$_$
CREATE USER 'gitea'@'localhost' IDENTIFIED BY 'Woshihenfuzademima$_$';
GRANT ALL PRIVILEGES ON *.* TO 'gitea'@'localhost'WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;
# 高版本建库或者导入gitea.mysql.sql都会报错，建议手动建
#SET GLOBAL innodb_file_per_table = ON,innodb_file_format = Barracuda,innodb_large_prefix = ON;                                                            
# DROP DATABASE IF EXISTS gitea;                                                                   
# CREATE DATABASE IF NOT EXISTS gitea CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

手动创建数据库（导入gitea自带sql文件报错，0.13版本修复）：

新建数据库，这里建议直接新建数据库，设置好编码格式utf8mb4，上面我们不是用navicate测试远程链接了吗，最好使用客户端进行直接新建数据库gitea，

上传二进制文件。

mkdir /home/git/gitea
chown -R git:git /home/git/gitea
# wget -O gitea https://dl.gitea.io/gitea/1.12/gitea-1.12-linux-amd64
mv /server/backup/gs/gitea-1.12-linux-amd64 /home/git/gitea/gitea
chmod +x /home/git/gitea/gitea
chown -R git:git /home/git/gitea/gitea

安装：

cd /home/git/gitea/
su git
./gitea web --port 3001
# 或者./gitea web  别问我为啥指定端口，因为3000占用了，或者你临时把3000停止
211.149.239.182:3001
59.110.21.159:3001

安装完成：根据页面填写参数：

APP_NAME = Git
RUN_USER = git
RUN_MODE = prod

[oauth2]
JWT_SECRET = 2n0Rpw8v2KZ4pnGeIPpQX5bLrhNepBOgMSg

[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODk5OTQwMzh9.5RMyVTbX4M5FycJOwtf8oO4DH87N38fHui-NbItoaVY
INSTALL_LOCK   = true
SECRET_KEY     = fZA30Uegc1Gt6pUTYBej7ahOoL7GPNR6Tl4ZgFkT3xgdkZuNLRJb3icWD

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = Woshihenfuzademima$_$
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8mb4
PATH     = /home/git/gitea/data/gitea.db

[repository]
ROOT = /home/git/gitea-repositories

[server]
SSH_DOMAIN       = git.yourdomain.com
DOMAIN           = git.yourdomain.com
HTTP_PORT        = 3001
ROOT_URL         = http://git.yourdomain.com:3001/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /home/git/gitea/data/lfs
LFS_JWT_SECRET   = JGZ83tOyD4gcR5q3F6Odc7rajn_b3_mJdr_t2xEcKVQ
OFFLINE_MODE     = false

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /home/git/gitea/log

加入开机启动：su root（此处默认执行了以下，因为gogs有问题，怕也有问题）

ln -s /usr/local/git/bin/git /bin/git
ln -s /usr/local/git/bin/git-upload-pack /bin/git-upload-pack
ln -s /usr/local/git/bin/git-cvsserver /bin/git-cvsserver
ln -s /usr/local/git/bin/gitk /bin/gitk
ln -s /usr/local/git/bin/git-receive-pack /bin/git-receive-pack
ln -s /usr/local/git/bin/git-shell /bin/git-shell
ln -s /usr/local/git/bin/git-upload-archive /bin/git-upload-archive

https://github.com/go-gitea/gitea/blob/master/contrib/init/centos/gitea

# su root
mkdir -p /home/git/gitea/myscripts/init/centos/
vi /home/git/gitea/myscripts/init/centos/gitea
文件内容下文。
centOS6:
cp /home/git/gitea/myscripts/init/centos/gitea /etc/rc.d/init.d/
chmod a+x /etc/rc.d/init.d/gitea 
chkconfig gitea on
service gitea start    #启动服务
service gitea stop     #停止服务
service gitea restart  #重启服务
## 另一种临时启动可以进入安装目录~/gitea，执行：
./gitea web 不过这是关闭窗口就随之关闭

文本内容：

#!/bin/sh
#
#       /etc/rc.d/init.d/gitea
#
#       Runs the Gitea Git with a cup of tea.
#
#
# chkconfig:   - 85 15
#

### BEGIN INIT INFO
# Provides:          gitea
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start gitea at boot time.
# Description:       Control gitea.
### END INIT INFO

# Source function library.
. /etc/init.d/functions

# Default values

NAME=gitea
GITEA_HOME=/home/git/${NAME}
GITEA_PATH=/home/git/gitea/${NAME}
GITEA_USER=git
SERVICENAME="Gitea - Git with a cup of tea"
LOCKFILE=/var/lock/subsys/gitea
LOGPATH=${GITEA_HOME}/log
LOGFILE=${LOGPATH}/gitea.log
RETVAL=0

# Read configuration from /etc/sysconfig/gitea to override defaults
[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME

# Don't do anything if nothing is installed
[ -x ${GITEA_PATH} ] || exit 0
# exit if logpath dir is not created.
[ -x ${LOGPATH} ] || exit 0

DAEMON_OPTS="--check $NAME"

# Set additional options, if any
[ ! -z "$GITEA_USER" ] && DAEMON_OPTS="$DAEMON_OPTS --user=${GITEA_USER}"

start() {
  cd ${GITEA_HOME}
  echo -n "Starting ${SERVICENAME}: "
  daemon $DAEMON_OPTS "${GITEA_PATH} web -c /home/git/gitea/custom/conf/app.ini > ${LOGFILE} 2>&1 &"
  RETVAL=$?
  echo
  [ $RETVAL = 0 ] && touch ${LOCKFILE}

  return $RETVAL
}

stop() {
  cd ${GITEA_HOME}
        echo -n "Shutting down ${SERVICENAME}: "
        killproc ${NAME}
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f ${LOCKFILE}
}

case "$1" in
    start)
        status ${NAME} > /dev/null 2>&1 && exit 0
        start
        ;;
    stop)
        stop
        ;;
    status)
        status ${NAME}
        ;;
    restart)
        stop
        start
        ;;
    reload)
        stop
        start
        ;;
    *)
        echo "Usage: ${NAME} {start|stop|status|restart}"
        exit 1
        ;;
esac
exit $RETVAL

Nginx安装

下载上传文件。

安装依赖：

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

# 如果已经安装，卸载原来的Nginx
find -name nginx
yum -y remove nginx

解压安装：

# 解压
cd /server/backup/gs/
tar -vxf nginx-1.18.0.tar.gz
cd nginx-1.18.0
# 指定位置安装并且开启ssl
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
whereis nginx

安装完成截图：

配置环境变量：

vim /etc/profile
##### nginx #####
export NGINX_HOME=/usr/local/nginx
export PATH=$NGINX_HOME/sbin:$PATH
# 使配置立即生效
source /etc/profile
 
# 测试是否生效
echo $PATH
/usr/local/nginx/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
nginx -s reload
nginx -v
nginx -t

开机启动：

# 加入开机自启
vi /etc/rc.local
/usr/local/nginx/sbin/nginx
chmod 755 /etc/rc.local
 
# 测试配置文件
/usr/local/nginx/sbin/nginx -t

Nginx配置SSL

获取证书，上传服务器。

配置Nginx.cnf：/usr/local/nginx/conf

 server_name  git.yourdomain.com;
 
ssl_certificate      /usr/local/nginx/cert/_.pusdn.com_chain.crt;
 ssl_certificate_key  /usr/local/nginx/cert/_.pusdn.com_key.key;

INSTALL_LOCK = true
SECRET_KEY   = Y81DPGiSppsWRED

Nginx配置文件

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
  client_max_body_size 1024M;
  client_body_buffer_size 10M;
            server {
       listen       443 ssl;
        server_name  git.yourdomain.com;
 
       ssl_certificate      /usr/local/nginx/cert/_.pusdn.com_chain.crt;
        ssl_certificate_key  /usr/local/nginx/cert/_.pusdn.com_key.key;

       ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;

        location / {
         proxy_set_header Host $host:3001;
         proxy_set_header X-Real-IP $remote_addr;
			proxy_pass   https://127.0.0.1:3001;
        }
        location /zhds {
alias /home/zhds/1;
index index.html;
        }
    }


    server {
        listen       80;
        server_name git.yourdomain.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

      #  location / {
		#	proxy_pass   http://127.0.0.1:3000;
      #  }

# 强制跳转https
   rewrite ^(.*) https://$server_name$1 permanent;
   

        error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    server {
        listen       80;
        server_name nb.nogit.top;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

      location / {
		#	proxy_pass   http://127.0.0.1:3000;
            root   /home/myblog/public;
            index   index.html;
      }

# 强制跳转https
   rewrite ^(.*) https://$server_name$1 permanent;
   

        error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


}

Gitea配置文件

https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample

https://docs.gitea.io/zh-cn/config-cheat-sheet/

# 应用名称，改成自己的或者公司名称
APP_NAME = Git
RUN_USER = git
RUN_MODE = prod

[repository]
ROOT = /home/git/gitea-repositories
# 强制所有仓库私有
FORCE_PRIVATE = false
# 全局最大每个用户创建的git工程数目， -1 表示都没限制，0超管不影响
MAX_CREATION_LIMIT = 0
# 禁用http，只能通过ssh协议操作
DISABLE_HTTP_GIT = false

[ui]
# 默认主题
DEFAULT_THEME = gitea
# 主题，覆盖默认
THEMES = gitea,arc-green

[ui.meta]
AUTHOR = Git
DESCRIPTION = Hi PGZ!
KEYWORDS = go,git,self-hosted,pgz

[server]
PROTOCOL = https
DOMAIN           = git.yourdomain.com
HTTP_PORT        = 3001
ROOT_URL         = https://git.yourdomain.com/
# 禁用SSH
DISABLE_SSH      = false
START_SSH_SERVER = false
SSH_DOMAIN       = git.yourdomain.com
SSH_PORT         = 22
OFFLINE_MODE     = false
CERT_FILE=/usr/local/nginx/cert/_.pusdn.com_chain.crt
KEY_FILE=/usr/local/nginx/cert/_.pusdn.com_key.key
# ENABLE_GZIP = true
# Landing page, can be "home", "explore", "organizations" or "login"
LANDING_PAGE = login
LFS_START_SERVER = true
LFS_CONTENT_PATH = /home/git/gitea/data/lfs
LFS_JWT_SECRET   = JGZ83tOyD4gcR5q3F6Odc7rajn_b3_mJdr_t2xEcKVQ

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = Woshihenfuzademima$_$
SCHEMA   = 
# For MySQL, either "false" (default), "true", or "skip-verify"
SSL_MODE = disable
CHARSET  = utf8mb4
PATH     = /home/git/gitea/data/gitea.db

[admin]
# 禁用普通用户创建组织
DISABLE_REGULAR_ORG_CREATION = true

[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODk5OTQwMzh9.5RMyVTbX4M5FycJOwtf8oO4DH87N38fHui-NbItoaVY
INSTALL_LOCK   = true
SECRET_KEY     = fZA30Uegc1GtaHX9cNL6pUTYBej7ahOoL7GPNR6Tl4ZgFkT3xgdkZuNLRJb3icWD
# How long to remember that a user is logged in before requiring relogin (in days)
LOGIN_REMEMBER_DAYS = 7

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[service]
# 登录验证码失效时间，单位分钟。
# ACTIVE_CODE_LIVE_MINUTES = 180
REGISTER_EMAIL_CONFIRM            = false
# 是否发送工单创建等提醒邮件，需要 Mailer 被激活
ENABLE_NOTIFY_MAIL                = false
# 禁用注册，启用后只能用管理员添加用户
DISABLE_REGISTRATION              = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
# 注册时使用图片验证码
ENABLE_CAPTCHA                    = false
# 是否所有页面都必须登录后才可访问
REQUIRE_SIGNIN_VIEW               = true
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost
# 是否显示注册按钮
SHOW_REGISTRATION_BUTTON = false

[mailer]
ENABLED = false

[session]
# Session 内容存储方式，可选 memory, file, redis 或 mysql
PROVIDER = file
# 如果是文件，那么这里填根目录；其他的要填主机地址和端口。
# PROVIDER_CONFIG = data/sessions

[picture]
# 开启则只使用内部头像
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /home/git/gitea/log

[api]
# Enables Swagger. True or false; default is true.
ENABLE_SWAGGER = false

[oauth2]
# ENABLE = false
JWT_SECRET = 2n0Rpw8v2KZ43D3V5nXzpnGeIPpQX5bLrhNepBOgMSg

[other]
SHOW_FOOTER_BRANDING = false
SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true

额外

卸载jdk（如果需要）

rpm -e --nodeps java_cup-0.10k-5.el6.x86_64
rpm -e --nodeps java-1.5.0-gcj-1.5.0.0-29.1.el6.x86_64
rpm -e --nodeps gcc-java-4.4.7-23.el6.x86_64

配置gitea模板

tips:简单配置，0.13后会移除首页footer部分。目前测试自定义模板暂时不管用，可采用直接更改源码，尽量微改动。

/home/git/gitea/templates/base

去掉顶部帮助链接：

mkdir -p /home/git/gitea/custom/templates/base
更改并上传head_navbar.tmpl
然后重启gitea

禁止搜索引擎收录（可选）

默认情况下Gitea开启了搜索引擎收录（截止1.12版本官网doc），不过也无所谓，反正需要登录可看。

在/home/git/gitea/custom目录下新建文件robots.txt，

vi /home/git/gitea/custom/robots.txt

内容如下：

User-agent: *
Disallow: /home/git/gitea/

Gitea自定义页面备份

提示：不同版本，文件内容不同，请使用相应版本！！！

https://www.yuque.com/docs/share/290c267a-e455-4c3f-a9fc-54dfa45872d9?#

Gitea的优势

个人总结：低配也可运行、核心功能有，够用、社区活跃，更新快
官网不完全横向对比：https://docs.gitea.io/zh-cn/comparison/

软件包备用下载地址

网盘有。链接：https://pan.baidu.com/s/17TlJyl7VzHzdYmWwo_sVhQ
提取码：1ihq

成功截图