惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
S
Securelist
D
Docker
The Register - Security
The Register - Security
GbyAI
GbyAI
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
罗磊的独立博客
博客园 - 【当耐特】
F
Full Disclosure
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
大猫的无限游戏
大猫的无限游戏
D
DataBreaches.Net
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
I
InfoQ
MyScale Blog
MyScale Blog
量子位
Cyberwarzone
Cyberwarzone
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Jina AI
Jina AI
博客园_首页
H
Help Net Security
K
Kaspersky official blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Blog — PlanetScale
Blog — PlanetScale
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
The Cloudflare Blog
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
爱范儿
爱范儿
P
Privacy International News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
B
Blog RSS Feed

思有云 - IOIOX - docker compose

docker compose 部署配置 Awesome TTRSS 教程 - 思有云 docker 部署 dujiaoka 独角数卡自动售货系统 支持 X86 和 ARM 架构 - 思有云 Docker Compose 部署配置和使用 Registry 私有镜像仓库 - 思有云 分享收集,整合,编写常用和优秀服务的 Dockerfile 仓库 并已构建 docker 镜像直接使用 - 思有云 ARM 架构 Linux 使用 docker compose 教程 - 思有云 将 docker run 命令改为 docker-compose.yml 方便部署和维护 - 思有云 docker compose 部署迁移 Chevereto 图床程序教程 - 思有云
Docker 安装 Gitea + Drone 开源代码仓库及 CI/CD 教程 - 思有云
博主: Stille · 2022-01-06 · via 思有云 - IOIOX - docker compose

前言

早期写过一篇Gitlab的代码仓库安装教程,但是 Gitlab 还是太重,不太适合个人或者小型团队使用.于是最近尝试使用了一下gitea,并结合drone来实现CI/CD需求.

本文为 Stille 原创文章.经实践,测试,整理发布.如需转载请联系作者获得授权,并注明转载地址.


部署

注意:本文示例是将服务器22端口预留给GiteaSSH使用,如果22端口已被其他程序占用,可以参考官方文档配置端口转发.

docker-compose 部署 Gitea

本节仅部署Gitea代码仓库和MariaDB数据库,如需搭配Drone,请继续阅读下文.

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

nginx 反向代理

配置nginx反向代理,本文以dnmp环境的配置为例,请根据实际环境来修改相关路径配置.

upstream gitea {
    server 172.17.0.1:3000;
}

server {
    listen 80;
    server_name  git.ioiox.com;
    return 301 https://git.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  git.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://gitea;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

docker-compose 部署 Gitea 及 Drone

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

  drone:
    image: drone/drone
    container_name: drone
    ports:
      - "44480:80"
      - "44443:443"
    volumes:
      - ./drone:/data
    environment:
      - DRONE_GITEA_SERVER=https://git.ioiox.com
      - DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
      - DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_SERVER_HOST=drone.ioiox.com
      - DRONE_SERVER_PROTO=https
    restart: always
    depends_on:
      - server

  runner:
    image: drone/drone-runner-docker:1
    container_name: runner
    ports:
      - "43000:3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=drone.ioiox.com
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=IOIOX-RUNNER
    restart: always
    depends_on:
      - drone

nginx 反向代理

配置nginx反向代理,本文以dnmp环境的配置为例,请根据实际环境来修改相关路径配置.
Giteagit.ioiox.com反向代理配置参考上节.
Dronedrone.ioiox.com反向代理配置参考如下:

upstream drone {
    server 172.17.0.1:44480;
}

server {
    listen 80;
    server_name  drone.ioiox.com;
    return 301 https://drone.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  drone.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://drone;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

安装配置

Gitea 配置

访问域名https://git.ioiox.com开始配置Gitea.
首次访问首页会自动填充数据库密码,参考下图继续配置:

SSH 服务域名 参考下图仅填写域名,注意不要填写https协议.
SSH 服务端口 填写22端口,由于本文示例是将22端口给Gitea使用,所以此处无需修改.
HTTP 服务端口 默认3000,根据上文docker-compose.yml配置,无需修改,由nginx反向代理即可.
基础URL 填写完整的https://git.ioiox.com域名.

注意以上这些设置将会影响系统服务,仓库页面的命令显示,邮件通知等等,请仔细填写.或后续在 app.ini 中修改.

配置电子邮件设置,此处需要注意的是 SMTP 主机名 需要指定端口,同时创建管理员账号.

点击立即安装即可完成初始化配置并登陆.

Drone 配置

创建仓库


设置 - 应用 - 创建新的 OAuth2 应用程序
应用名称 - 随意命名
重定向 URI - 按照下图填写域名地址

创建应用获取客户端D客户端密钥
此时需要docker-compose down停止容器,并修改docker-compose.yml中的:

  • DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
  • DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8

替换为上文生成的客户端D客户端密钥,再次执行docker-compose up -d启动容器.

访问drone.ioiox.com

登陆过Gitea后可以直接开始应用授权

完善信息

成功登陆并显示了Gitea里创建的仓库.

点击进去激活仓库


回到Gitea仓库,创建一个测试工作流,并提交代码.


Drone监测到代码提交开始进行工作流.

测试完毕

其他相关配置

管理后台 - 应用配置
检查邮件服务是否成功,如配置有误,可以在gitea/gitea/conf/app.ini修改[mailer]

设置 - SSH / GPG 密钥
将本地的id_rsa.pub添加到密钥中,即可使用git clone git@git.ioiox.com:stille/test.git来管理代码仓库.

由于使用时间过短,后续还有更多相关配置在更新本文.


晚高峰稳定 4K 的 IPLC 机场 解锁各流媒体 支持 ChatGPT. 晚高峰稳定 4K 的 IPLC 机场 解锁各流媒体 支持 ChatGPT. RedteaGO - 最划算的大陆漫游 eSim 流量卡,原生境外 IP,注册就送 3 刀。
RedteaGO - 最划算的大陆漫游 eSim 流量卡,原生境外 IP,注册就送 3 刀。

赞赏作者

如果喜欢我的文章,觉得对你有帮助,请随意赞赏!