Too many docker users are caught out by the default location for the
app.ini file being environment dependent so that when they docker exec
into the container the gitea commands do not work properly and require
additional -c arguments to correctly pick up the configuration.
This PR simply shadows the gitea binary using variants of the FHS
compatible script to make the command gitea have the default locations
by default.
Fix#14468
Reference #17497
Reference #12082
Reference #8941
... amongst others ...
Replace #17501
Signed-off-by: Andrew Thornton <art27@cantab.net>
Run chmod on the executables and the entrypoint when copying them to the
docker in dockerfile.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>
* specify user in rootless container numerically
With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container. The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.
* mention the name of the uid/gid
Co-authored-by: 6543 <6543@obermui.de>
* Add environment-to-app.ini routine
* Call environment-to-ini in docker setup scripts
* Automatically convert section vars to lower case to match documentation
* Remove git patch instructions
* Add env variable documentation to Install Docker
* When building rootless docker image move chown&chmod to build stage
Fixes#13577
* Fix command newlines
* Move chown to COPY command
* Seems to be working also without chmod
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* docker: rootless image
* improve docs + remove check for write perm on custom
* add more info on ssh passtrough
* Add comment for internal ssh server in container config
* Dockerfile: Support socat use cases
In some contexts it is necessary to provide access to Gitea via TCP ports and unix sockets.
Gitea (`gitea web`) can be configured to listen for connections via unix-socket or TCP port, but not both.
When Gitea is installed to the host this limitation can be worked around by installing socat on the host.
When running Gitea from a container this limitation cannot be workaround.
Add socat to Gitea container.
* Removed version
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* go1.15
* update makefile xgo version
* fix vet issue
* update docs to version of go in use
* add TODO for asyncpreemptoff
Co-authored-by: Lauris BH <lauris@nix.lv>
* Create docker/manifest/base.yml
serve as base for build docker image for most platform (386,amd64,arm,arm64)
* Add make task docker-multi-arch-push-manifest
To update references of a multi-arch image on docker registry.
* Use SED_INPLACE generic sed command
* Delete Dockerfile.aarch64
Delete Dockerfile.rpi
* Use gitea/gitea-base as base
and replace deprecated MAINTAINER by LABEL (https://docs.docker.com/engine/reference/builder/#maintainer-deprecated)
* Fix rebase
* Use sapk/gitea-base as base
* Split makefile for docker
* Fix version to v3.6
Could use in later version edge of alpine official library that support multi-arch for armhf.
* Remove sapk/gitea-base and use directly new official alpine multi-arch
* Add `gettext` dependencies as we need `envsubst` command;
* Modified s6's gitea setup script, instead of `cp` the template if no
`app.ini` exist, it will substitude the envvars and generate the new
`app.ini`;
* Make `/docker/etc/templates/app.ini` a template contains environment
variables;
Signed-off-by: Tao Wang <twang2218@gmail.com>
* Make sure generated password is random
Use /dev/urandom to get a 32 char password
* Make sure generated password is random
Use /dev/urandom to generate 32 char password
* Make sure generated password is random