場(chǎng)景:因?yàn)閷W(xué)校有流量限制施禾,晚上還斷網(wǎng),同學(xué)間代碼協(xié)作也很麻煩宣蠕,文件老是上傳Github不方便例隆,所以在內(nèi)網(wǎng)部署Gogs解決這個(gè)問題。
零抢蚀、安裝 Docker 和 Compsoe
- 首先安裝 Docker:
$ curl -sSL https://get.docker.com/ | sh
$ sudo usermod -aG docker YOURUSERNAME
YOURUSERNAME 為你的用戶名镀层。
- 然后安裝 Compsoe:
$ sudo curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
一、HTTP 運(yùn)行 Gogs
使用 HTTPS 直接看第二部分皿曲。
準(zhǔn)備唱逢、Nginx 配置
雖然每個(gè)人的配置不一樣,但是還是貼一個(gè)簡(jiǎn)單的模板:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /app;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
# 上面是默認(rèn)的不用管也可以屋休。
server
{
listen 80;
server_name git.example.com; # 這里填自定義域名
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.17.0.3:8181; # 這里填容器地址坞古,如果不知道填寫公網(wǎng)IP也是可以的。
}
}
保存這個(gè)文件為 Nginx 配置文件劫樟,目錄你自己喜歡痪枫,哪都可以。
版本一叠艳、Gogs + Sqlite + Nginx
Gogs 支持 Sqlite奶陈,對(duì)于個(gè)人用戶,Sqlite 足以應(yīng)付附较,所以硬件資源有限的情況下不妨選擇 Sqlite吃粒。
Gogs 默認(rèn)端口是 3000,打算把 git.example.com 解析到 3000 端口翅睛。
新建一個(gè)文件命名為 docker-compose.yml 声搁,然后復(fù)制粘貼下面的代碼并保存黑竞。
version: '2'
services:
nginx:
container_name: [nginx]
image: nginx:alpine
volumes:
- "[~/nginx/]:/etc/nginx/conf.d/"
ports:
- "80:80"
restart: always
gogs:
container_name: [gogs]
image: gogs/gogs
volumes:
- [~/gogs]:/data
ports:
- "[3000]:3000"
- "[3022]:22"
restart: always
如你所見 “[]” 里面的內(nèi)容你自己決定,可以自由修改疏旨。保存上面代碼為 docker-compose.yml 文件之后很魂,使用命令:
$ docker-compose up -d
即可運(yùn)行。
默認(rèn)容器叫做 gogs 檐涝,數(shù)據(jù)保存在 ~/gogs遏匆,端口是 3000 和 3022。
-
- 3022:22會(huì)將 3022 暴露給外網(wǎng)谁榜,用于 Git 的 SSH 協(xié)議, 不用 SSH 可以去掉幅聘。 -
- [~/gogs]:/data將映射本地的~/gogs目錄作為 volume 給容器使用, 根據(jù)自己創(chuàng)建的目錄修改此項(xiàng)。
然后檢查一下容器有沒有正常在運(yùn)行:
$ docker ps
訪問網(wǎng)站進(jìn)行初次的配置, 配置中需要注意的是這兩項(xiàng)不用修改:
Repository Root Path(倉庫根目錄)
Run User(運(yùn)行用戶)HTTP Port(HTTP端口)設(shè)置為3000SSH Port(SSH端口)設(shè)置為你-p參數(shù)設(shè)定的值(比如3002)Application URL(應(yīng)用網(wǎng)址)設(shè)置為你的http://你的域名
nginx 已經(jīng)幫我們把容器內(nèi)的3000端口在服務(wù)器上代理給80端口了窃植。
選擇 sqlite3 作為數(shù)據(jù)庫帝蒿,那么一切都搞定了(Linux 大部分都裝了 sqlite3),不需要去考慮更多的事情巷怜,剩下的便是登錄你的管理員賬號(hào)然后在后臺(tái)設(shè)置好你 SSH 登錄用的公鑰(如果用 SSH 的話)葛超。
哦,對(duì)了延塑,域名要設(shè)置好解析到你的 IP~~(這個(gè)提醒會(huì)不會(huì)有點(diǎn)多余绣张,笑)
版本二、Gogs + Mysql + Nginx
如果你不希望使用 Sqlite关带,而是使用 Mysql侥涵,可以使用下面這份 docker-compose.yml。
你不需要在本地安裝 Nginx 和 Mysql宋雏,全文都通過 Docker 來完成芜飘。
version: '2'
services:
nginx:
container_name: [nginx]
image: nginx:alpine
volumes:
- "[~/nginx/]:/etc/nginx/conf.d/"
ports:
- "80:80"
restart: always
db:
container_name: [db]
image: mysql:5.7
volumes:
- "[~/mysql]:/var/lib/mysql"
restart: always
environment:
MYSQL_ROOT_PASSWORD: [PASSWORD]
MYSQL_DATABASE: [GOGS]
MYSQL_USER: [USER]
MYSQL_PASSWORD: [PASSWORD]
gogs:
container_name: [gogs]
depends_on:
- db
image: gogs/gogs
volumes:
- [~/gogs]:/data
links:
- db
ports:
- "[3000]:3000"
- "[3022]:3022"
restart: always
“[]”里面的內(nèi)容你自己決定,可以自由修改好芭,(不改請(qǐng)去掉[]符號(hào)燃箭,保持括號(hào)內(nèi)的默認(rèn)值)。保存上面代碼為 docker-compose.yml 舍败,使用 docker-compose up -d 即可運(yùn)行招狸。
安裝時(shí)注意,數(shù)據(jù)庫地址不是
localhost而是db邻薯,其他按提示操作即可裙戏。
二、使用 HTTPS 運(yùn)行 Gogs
版本一厕诡、Caddy + Gogs + Sqlite
新建文件 Caddyfile 累榜,注意大小寫,然后修改 tls i@example.com 的郵箱為你自己的常用郵箱,IP 改成你的服務(wù)器 IP 壹罚,然后保存葛作。
git.example.com {
proxy / 123.456.789.0:3000 { # 改成你 IP:port
proxy_header Host {host}
proxy_header X-Real-IP {remote}
proxy_header X-Forwarded-Proto {scheme}
}
log /var/log/caddy.log
gzip
tls i@example.com # 你的郵箱
}
新建文件 docker-compose.yml ,基本不用修改參數(shù)猖凛,直接使用 docker-compose up -d 即可運(yùn)行赂蠢。
version: '2'
services:
caddy:
container_name: caddy
image: abiosoft/caddy
volumes:
- "~/caddy/Caddyfile:/etc/Caddyfile"
restart: always
gogs:
container_name: gogs
image: gogs/gogs
volumes:
- ~/gogs:/data
ports:
- "3000:3000"
- "3022:22"
restart: always
版本二、Nginx + Letsencrypt + Gogs + Sqlite
克隆 Letsencrypt 倉庫:
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto certonly -d git.example.com
選擇第二個(gè)辨泳,自動(dòng)生成證書:
生成下面文字即為成功:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
.........
.........
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Nginx 配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name git.example.com; # 修改域名
server_tokens off;
location /generate_204 { return 204; }
# Discourage deep links by using a permanent redirect to home page of HTTPS site
return 301 https://$host;
# Alternatively, redirect all HTTP links to the matching HTTPS page
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name git.example.com; # 修改域名
server_tokens off;
location /generate_204 { return 204; }
# ssl on;
################
# SSL 配置
################
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
################
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
################
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!MEDIUM:!LOW";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# ssl_dhparam /etc/nginx/certs/dhparam.pem;
################
# SSL END
################
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
location / {
proxy_pass http://123.456.789.0:3000; # 修改為你的 IP:port
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
然后新建一個(gè)文件 docker-compose.yml虱岂,使用 docker-compose up -d 運(yùn)行即可。
version: '2'
services:
nginx:
container_name: [nginx]
image: nginx:alpine
volumes:
- "~/nginx/:/etc/nginx/conf.d/"
- "~/nginx/certs/dhparam.pem:/etc/nginx/certs/dhparam.pem:ro"
- "/etc/letsencrypt/live/zuolan.me/cert.pem:/etc/nginx/certs/cert.pem:ro"
- "/etc/letsencrypt/live/zuolan.me/chain.pem:/etc/nginx/certs/chain.pem:ro"
- "/etc/letsencrypt/live/zuolan.me/fullchain.pem:/etc/nginx/certs/fullchain.pem:ro"
- "/etc/letsencrypt/live/zuolan.me/privkey.pem:/etc/nginx/certs/privkey.pem:ro"
ports:
- "80:80"
- "443:443"
restart: always
gogs:
container_name: [gogs]
image: gogs/gogs
volumes:
- [~/gogs]:/data
ports:
- "[3000]:3000"
- "[3022]:22"
restart: always
以上一共四個(gè)版本菠红,根據(jù)需要選擇一種即可第岖。
