前言
早期写过一篇
Gitlab
的代码仓库安装教程,但是 Gitlab 还是太重,不太适合个人或者小型团队使用.于是最近尝试使用了一下
gitea
,并结合
drone
来实现
CI/CD
需求.
本文为 Stille 原创文章.经实践,测试,整理发布.如需转载请联系作者获得授权,并注明转载地址.
部署
注意:本文示例是将服务器
22
端口预留给
Gitea
的
SSH
使用,如果
22
端口已被其他程序占用,可以参考官方文档配置端口转发.
docker-compose 部署 Gitea
本节仅部署
Gitea
代码仓库和
MariaDB
数据库,如需搭配
Drone
,请继续阅读下文.
docker-compose.yml
version: "3" services: server: image: gitea/gitea:1.15.7 container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - DB_TYPE=mysql - DB_HOST=db:3306 - DB_NAME=gitea - DB_USER=gitea - DB_PASSWD=your_database_passwd restart: always volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "22:22" depends_on: - db db: image: mariadb restart: always environment: - MYSQL_ROOT_PASSWORD=your_root_passwd - MYSQL_USER=gitea - MYSQL_PASSWORD=your_database_passwd - MYSQL_DATABASE=gitea volumes: - ./db:/var/lib/mysqlnginx 反向代理
配置
nginx反向代理,本文以
dnmp环境的配置为例,请根据实际环境来修改相关路径配置.
upstream gitea { server 172.17.0.1:3000; } server { listen 80; server_name git.ioiox.com; return 301 https://git.ioiox.com$request_uri; } server { listen 443 ssl; server_name git.ioiox.com; gzip on; ssl_certificate /ssl/ioiox.com.cer; ssl_certificate_key /ssl/ioiox.com.key; ssl_trusted_certificate /ssl/ioiox.com.cer; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_redirect off; proxy_pass http://gitea; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; client_max_body_size 100m; client_body_buffer_size 128k; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }docker-compose 部署 Gitea 及 Drone
docker-compose.yml
version: "3" services: server: image: gitea/gitea:1.15.7 container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - DB_TYPE=mysql - DB_HOST=db:3306 - DB_NAME=gitea - DB_USER=gitea - DB_PASSWD=your_database_passwd restart: always volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "22:22" depends_on: - db db: image: mariadb restart: always environment: - MYSQL_ROOT_PASSWORD=your_root_passwd - MYSQL_USER=gitea - MYSQL_PASSWORD=your_database_passwd - MYSQL_DATABASE=gitea volumes: - ./db:/var/lib/mysql drone: image: drone/drone container_name: drone ports: - "44480:80" - "44443:443" volumes: - ./drone:/data environment: - DRONE_GITEA_SERVER=https://git.ioiox.com - DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17 - DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8 - DRONE_RPC_SECRET=your_drone_rpc_scret - DRONE_SERVER_HOST=drone.ioiox.com - DRONE_SERVER_PROTO=https restart: always depends_on: - server runner: image: drone/drone-runner-docker:1 container_name: runner ports: - "43000:3000" volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - DRONE_RPC_PROTO=https - DRONE_RPC_HOST=drone.ioiox.com - DRONE_RPC_SECRET=your_drone_rpc_scret - DRONE_RUNNER_CAPACITY=2 - DRONE_RUNNER_NAME=IOIOX-RUNNER restart: always depends_on: - dronenginx 反向代理
配置
nginx反向代理,本文以
dnmp环境的配置为例,请根据实际环境来修改相关路径配置.
Gitea的
git.ioiox.com反向代理配置参考上节.
Drone的
drone.ioiox.com反向代理配置参考如下:
upstream drone { server 172.17.0.1:44480; } server { listen 80; server_name drone.ioiox.com; return 301 https://drone.ioiox.com$request_uri; } server { listen 443 ssl; server_name drone.ioiox.com; gzip on; ssl_certificate /ssl/ioiox.com.cer; ssl_certificate_key /ssl/ioiox.com.key; ssl_trusted_certificate /ssl/ioiox.com.cer; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_redirect off; proxy_pass http://drone; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; client_max_body_size 100m; client_body_buffer_size 128k; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }安装配置
Gitea 配置
访问域名
https://git.ioiox.com开始配置
Gitea.
首次访问首页会自动填充数据库密码,参考下图继续配置:SSH 服务域名 参考下图仅填写域名,注意不要填写
https协议.
SSH 服务端口 填写22端口,由于本文示例是将
22端口给
Gitea使用,所以此处无需修改.
HTTP 服务端口 默认3000,根据上文
docker-compose.yml配置,无需修改,由
nginx反向代理即可.
基础URL 填写完整的https://git.ioiox.com域名.
注意以上这些设置将会影响系统服务,仓库页面的命令显示,邮件通知等等,请仔细填写.或后续在 app.ini 中修改.
配置电子邮件设置,此处需要注意的是 SMTP 主机名
需要指定端口,同时创建管理员账号.
点击
立即安装即可完成初始化配置并登陆.
Drone 配置
创建仓库
设置 – 应用 – 创建新的 OAuth2 应用程序
应用名称 – 随意命名
重定向 URI – 按照下图填写域名地址
创建应用获取客户端D和
客户端密钥此时需要
docker-compose down停止容器,并修改
docker-compose.yml中的:
- DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
- DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8
替换为上文生成的
客户端D
和
客户端密钥
,再次执行
docker-compose up -d
启动容器.
访问
drone.ioiox.com
登陆过
Gitea
后可以直接开始应用授权
完善信息
成功登陆并显示了
Gitea
里创建的仓库.
点击进去激活仓库
回到
Gitea
仓库,创建一个测试工作流,并提交代码.
Drone
监测到代码提交开始进行工作流.
测试完毕
其他相关配置
管理后台 – 应用配置
检查邮件服务是否成功,如配置有误,可以在
gitea/gitea/conf/app.ini
修改
[mailer]
设置 – SSH / GPG 密钥
将本地的
id_rsa.pub
添加到密钥中,即可使用
git clone git@git.ioiox.com:stille/test.git
来管理代码仓库.
由于使用时间过短,后续还有更多相关配置在更新本文.
本站提供免费和付费的技术支持.你可以通过留言,邮件,TG群的方式来技术交流和免费咨询.同时也可以付费支持的方式获得相关的技术支持,项目部署配置等服务.具体相关详情请点击查看 技术支持页面
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
