Commit graph

21 commits

Author SHA1 Message Date
Loïc Dachary
70400183e1
[BRANDING] container images: set APP_NAME
(cherry picked from commit 12d7bc447e)
(cherry picked from commit 1335b17fc3)
(cherry picked from commit 0d7da06c47)
(cherry picked from commit 095c1ab679)
(cherry picked from commit 2220f00d09)
(cherry picked from commit f0be8bbdbf)
(cherry picked from commit 15188180a1)
(cherry picked from commit 96c471d7d3)
(cherry picked from commit 709052f1e7)
(cherry picked from commit 98cd2f5dee)
(cherry picked from commit a1014654b1)
(cherry picked from commit a16f4dc51d)
(cherry picked from commit abbed33d16)
(cherry picked from commit 4871447def)
(cherry picked from commit ea1218b237)
(cherry picked from commit 6dd67d60de)
(cherry picked from commit 71761f04af)
(cherry picked from commit 7cb28a3a06)
(cherry picked from commit d116336cb5)
(cherry picked from commit 4138a698b2)
(cherry picked from commit 38c572bc19)
(cherry picked from commit 94c759b47f)
(cherry picked from commit e1f52bf1d5)
(cherry picked from commit 8bc7000cfa)
(cherry picked from commit fa60007c34)
(cherry picked from commit 0328db39c9)
(cherry picked from commit d028010b64)
(cherry picked from commit 0283c920f0)
(cherry picked from commit f5bdf3e11f)
(cherry picked from commit e3beb52300)
(cherry picked from commit a63d5afc91)
(cherry picked from commit 7d43e1a828)
(cherry picked from commit a551fbd0fa)
(cherry picked from commit cdff0ddbb6)
(cherry picked from commit e0aadc9f4a)
(cherry picked from commit a448c06caf)
(cherry picked from commit bd2055bff6)
2023-10-30 14:42:27 +01:00
mainboarder
c533991519
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.


https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9
- Page 19, Table 1.2

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-28 00:53:16 +00:00
Jason Song
5b7b7c4f3c
Correct permissions for .ssh and authorized_keys (#25721)
Set the correct permissions on the .ssh directory and authorized_keys
file, or sshd will refuse to use them and lead to clone/push/pull
failures.

It could happen when users have copied their data to a new volume and
changed the file permission by accident, and it would be very hard to
troubleshoot unless users know how to check the logs of sshd which is
started by s6.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-06 17:00:38 +02:00
Xinyu Zhou
f17edfaf5a
Remove deprecated DSA host key from Docker Container (#21522)
Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public
key algorithm, and recommend against its use.
http://www.openssh.com/legacy.html

## ⚠️ BREAKING ⚠️

This patch will remove DSA host key form OpenSSH daemon configuration
file.

Signed-off-by: baronbunny <its@baronbunny.cn>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-03 19:49:12 +08:00
Thomas Andrade
4a295d4a6c
feat: Add support for extra sshd_config parameters via 'Include' file (#19842)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-05-31 14:42:19 -04:00
Gusted
ba5f2acb9c
Configure OpenSSH log level via Environment in Docker (#19274)
Introduce a new environment variable: SSH_LOG_LEVEL
2022-03-31 11:15:36 +08:00
zeripath
7d0629adf8
Use shadowing script for docker (#17846)
Too many docker users are caught out by the default location for the
app.ini file being environment dependent so that when they docker exec
into the container the gitea commands do not work properly and require
additional -c arguments to correctly pick up the configuration.

This PR simply shadows the gitea binary using variants of the FHS
compatible script to make the command gitea have the default locations
by default.

Fix #14468
Reference #17497
Reference #12082
Reference #8941
... amongst others ...
Replace #17501

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-01 18:08:27 +00:00
luzpaz
e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367)
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 13:38:13 +02:00
zeripath
8947422781
Fix bug due to missing MaxStartups and MaxSessions (#16046)
Unforunately #16009 makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.

Fix #16044

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-06-01 15:55:17 -04:00
zeripath
0ada74edbc
Only offer hostcertificates if they exist (#15849)
A common bug report is the otherwise harmless sshd logging:

```
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
```

This PR simply checks if these files exist before creation of sshd_config and if
they do not exist, doesn't add a reference to them.

Fix #14110 amongst others.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-05-13 15:11:28 +03:00
Kyle D
61f347e349
Add environment-to-ini to docker image (#14762)
* Add environment-to-app.ini routine

* Call environment-to-ini in docker setup scripts

* Automatically convert section vars to lower case to match documentation

* Remove git patch instructions

* Add env variable documentation to Install Docker
2021-02-23 20:21:44 +01:00
silverwind
bc455ed257
Set RUN_MODE prod by default (#13765)
I think it's a bad default to have "dev" as the default run mode which
enables debugging and now also disables HTTP caching. It's better to
just default to a value suitable for general deployments.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-30 14:52:04 -05:00
6543
e7b47c5215
Format files (#13698)
* align "make help"

* format

* untouch build/generate-svg.js

* untouch .eslintrc

* combine editorconfig's

* rm editorconfig

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 01:12:22 -05:00
Adrian POIGET
99082eebd7
Fix; declare DOMAIN variable for docker setup (#10780)
In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable
and overwrites SSH_DOMAIN environment variable set the first time if nothing done

Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
2020-05-04 10:50:29 +01:00
Antoine GIRARD
6e578dd0c9 docker: ask s6 to stop all service when gitea stop (#9171)
* fix: ask s6 to stop all service when gitea stop

https://github.com/just-containers/s6-overlay#writing-an-optional-finish-script

* change service folder
2019-11-27 13:08:57 -05:00
zeripath
0a96e59884 Fix #8453 by making openssh listen on SSH_LISTEN_PORT not SSH_PORT (#8477) 2019-10-12 23:45:00 +08:00
leigh capili
70d2244e49 Support SSH_LISTEN_PORT env var in docker app.ini template (#7829)
Signed-off-by: leigh capili <leigh@null.net>
2019-08-24 01:44:24 +02:00
Christopher Thomas
75d4414386 Implement the ability to change the ssh port to match what is in the gitea config (#7286)
* - rearrange the templates to make it more logical because now ssh_config is a template
- implemented the updating of the port to the same as the port sent to the gitea config

* change the filename back
2019-07-06 21:57:53 -04:00
Marat Radchenko
e07ff2f890 [docker] Add LFS_START_SERVER option to control git-lfs support (#7281) 2019-06-24 01:33:56 -04:00
Jakob Ackermann
36b68fdb01 [docker] support for custom GITEA_CUSTOM env var (#6608) 2019-05-13 18:19:37 -04:00
Jakob Ackermann
dab38c375d [docker] drop the docker Makefile from the image (#6507) 2019-05-05 22:49:32 -04:00