Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

Installer Forgejo

liberodark

Bonjour,

Voici comment installer Forgejo.

Installer les dépendances :

yum install -y nginx mariadb-server wget git
systemctl enable --now nginx mariadb

Configurer MariaDB :

mysql_secure_installation

mysql -u root -p
CREATE DATABASE forgejo;
CREATE USER 'forgejo'@localhost IDENTIFIED BY 'my_password';
GRANT ALL PRIVILEGES ON forgejo.* TO 'forgejo'@localhost IDENTIFIED BY 'my_password';
FLUSH PRIVILEGES;
EXIT

Télécharger Forgejo :

export version=1.21.10-0
wget https://codeberg.org/forgejo/forgejo/releases/download/v$version/forgejo-$version-linux-amd64.xz

Installer Forgejo :

xz -v -d forgejo-$version-linux-amd64.xz
mkdir -p /root/.ssl
mkdir -p /opt/forgejo
mkdir -p /opt/forgejo/custom/conf
mkdir -p /home/forgejo/.ssh
mkdir -p /home/forgejo/repositories
mkdir -p /home/forgejo/data/avatars
mkdir -p /home/forgejo/data/attachments
mkdir -p /var/log/forgejo
mv forgejo-* /opt/forgejo/forgejo
chmod +x /opt/forgejo/forgejo

Créer un utilisateur dédié :

groupadd -r forgejo
useradd -r -g forgejo -d /home/forgejo -s /bin/bash forgejo
chown -R forgejo: /opt/forgejo
chown -R forgejo: /home/forgejo
chown -R forgejo: /var/log/forgejo

Créer le service de forgejo :

nano /etc/systemd/system/forgejo.service

[Unit]
Description=Forgejo
After=syslog.target
After=network.target
After=mysql.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=forgejo
Group=forgejo
WorkingDirectory=/home/forgejo
ExecStart=/opt/forgejo/forgejo web
Restart=always
Environment=USER=forgejo HOME=/home/forgejo

[Install]
WantedBy=multi-user.target

systemctl enable forgejo

Nginx avec forgejo :

nano /etc/nginx/conf.d/forgejo.conf

server {
    listen 443 ssl http2;
    server_name forgejo.my_domain.com;

    access_log /var/log/nginx/forgejo-access.log;
    error_log  /var/log/nginx/forgejo-error.log error;

    ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
    client_max_body_size 200M;

    # SSL Configuration
    ssl_certificate /root/.ssl/forgejo.my_domain.com.crt;
    ssl_certificate_key /root/.ssl/forgejo.my_domain.com.key;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        proxy_pass http://localhost:6000/;
        proxy_set_header Host $host;
        proxy_buffering  off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
    }
}

Configurer Forgejo : (Optionnel)

nano /opt/forgejo/custom/conf/app.ini

;https://github.com/gogits/gogs/blob/master/conf/app.ini
APP_NAME = Forgejo
RUN_USER = forgejo
RUN_MODE = prod

[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3306
NAME = forgejo
USER = forgejo
PASSWD = MY_Password
SSL_MODE = disable
PATH     = data/forgejo.db
LOG_SQL  = false

[repository]
ROOT = /home/forgejo/repositories
FORCE_PRIVATE = false
; Global limit of repositories per user, applied at creation time. -1 means no limit
MAX_CREATION_LIMIT = 0

[server]
DOMAIN       = forgejo.my_domain.com
HTTP_PORT    = 6000
HTTP_ADDR    = 127.0.0.1
ROOT_URL     = https://forgejo.my_domain.com/
DISABLE_SSH  = false
SSH_PORT     = 22
OFFLINE_MODE = false
APP_DATA_PATH = /home/forgejo/data
LANDING_PAGE = explore

[mailer]
ENABLED = true
SMTP_ADDR = 127.0.0.1:25
FROM = "Forgejo" <forgejo-noreply@my_domain.com>
FORCE_TRUST_SERVER_CERT = true

[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL     = true
DISABLE_REGISTRATION   = true
ENABLE_CAPTCHA         = false
REQUIRE_SIGNIN_VIEW    = false
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false

[picture]
AVATAR_UPLOAD_PATH = /home/forgejo/data/avatars

[attachment]
PATH = /home/forgejo/data/attachments

[session]
PROVIDER = memory

[log]
MODE = file
LEVEL = Info
ROOT_PATH = /var/log/forgejo
REDIRECT_MACARON_LOG = true
MACARON = file
logger.router.LEVEL = warn
logger.router.MODE = file
logger.access.LEVEL = warn
logger.access.MODE = file
logger.xorm.LEVEL = warn
logger.xorm.MODE = file

[security]
INSTALL_LOCK = true
SECRET_KEY   = __KEY__
REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER

[git.timeout]
MIGRATE = 7200

[migrations]
ALLOW_LOCALNETWORKS=true

systemctl restart nginx forgejo

Créer votre utilisateur Forgejo :

cd /opt/forgejo
runuser -u forgejo -- ./forgejo admin user create --username forgejo --password my_password --email my@email.com --admin

Supprimer votre utilisateur Forgejo :

cd /opt/forgejo
runuser -u forgejo -- ./forgejo admin user delete --username forgejo

Voilà vous pouvez vous connecter sur votre application.