前言

早期写过一篇Gitlab的代码仓库安装教程,但是 Gitlab 还是太重,不太适合个人或者小型团队使用.于是最近尝试使用了一下gitea,并结合drone来实现CI/CD需求.

本文为 Stille 原创文章.经实践,测试,整理发布.如需转载请联系作者获得授权,并注明转载地址.

部署

注意:本文示例是将服务器22端口预留给GiteaSSH使用,如果22端口已被其他程序占用,可以参考官方文档配置端口转发.

docker-compose 部署 Gitea

本节仅部署Gitea代码仓库和MariaDB数据库,如需搭配Drone,请继续阅读下文.

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

nginx 反向代理

配置nginx反向代理,本文以dnmp环境的配置为例,请根据实际环境来修改相关路径配置.

upstream gitea {
    server 172.17.0.1:3000;
}

server {
    listen 80;
    server_name  git.ioiox.com;
    return 301 https://git.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  git.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://gitea;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

docker-compose 部署 Gitea 及 Drone

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

  drone:
    image: drone/drone
    container_name: drone
    ports:
      - "44480:80"
      - "44443:443"
    volumes:
      - ./drone:/data
    environment:
      - DRONE_GITEA_SERVER=https://git.ioiox.com
      - DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
      - DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_SERVER_HOST=drone.ioiox.com
      - DRONE_SERVER_PROTO=https
    restart: always
    depends_on:
      - server

  runner:
    image: drone/drone-runner-docker:1
    container_name: runner
    ports:
      - "43000:3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=drone.ioiox.com
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=IOIOX-RUNNER
    restart: always
    depends_on:
      - drone

nginx 反向代理

配置nginx反向代理,本文以dnmp环境的配置为例,请根据实际环境来修改相关路径配置.
Giteagit.ioiox.com反向代理配置参考上节.
Dronedrone.ioiox.com反向代理配置参考如下:

upstream drone {
    server 172.17.0.1:44480;
}

server {
    listen 80;
    server_name  drone.ioiox.com;
    return 301 https://drone.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  drone.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://gitea;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

安装配置

Gitea 配置

访问域名https://git.ioiox.com开始配置Gitea.
首次访问首页会自动填充数据库密码,参考下图继续配置:

SSH 服务域名 参考下图仅填写域名,注意不要填写https协议.
SSH 服务端口 填写22端口,由于本文示例是将22端口给Gitea使用,所以此处无需修改.
HTTP 服务端口 默认3000,根据上文docker-compose.yml配置,无需修改,由nginx反向代理即可.
基础URL 填写完整的https://git.ioiox.com域名.

注意以上这些设置将会影响系统服务,仓库页面的命令显示,邮件通知等等,请仔细填写.或后续在 app.ini 中修改.

配置电子邮件设置,此处需要注意的是 SMTP 主机名 需要指定端口,同时创建管理员账号.

点击立即安装即可完成初始化配置并登陆.

Drone 配置

创建仓库


设置 - 应用 - 创建新的 OAuth2 应用程序
应用名称 - 随意命名
重定向 URI - 按照下图填写域名地址

创建应用获取客户端D客户端密钥
此时需要docker-compose down停止容器,并修改docker-compose.yml中的:

  • DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
  • DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8

替换为上文生成的客户端D客户端密钥,再次执行docker-compose up -d启动容器.

访问drone.ioiox.com

登陆过Gitea后可以直接开始应用授权

完善信息

成功登陆并显示了Gitea里创建的仓库.

点击进去激活仓库


回到Gitea仓库,创建一个测试工作流,并提交代码.


Drone监测到代码提交开始进行工作流.

测试完毕

其他相关配置

管理后台 - 应用配置
检查邮件服务是否成功,如配置有误,可以在gitea/gitea/conf/app.ini修改[mailer]

设置 - SSH / GPG 密钥
将本地的id_rsa.pub添加到密钥中,即可使用git clone git@git.ioiox.com:stille/test.git来管理代码仓库.

由于使用时间过短,后续还有更多相关配置在更新本文.
本站提供免费和付费的技术支持.你可以通过留言,邮件,TG群的方式来技术交流和免费咨询.同时也可以付费支持的方式获得相关的技术支持,项目部署配置等服务.具体相关详情请点击查看 技术支持页面

如果喜欢我的文章,觉得对你有帮助,请随意赞赏!