使用 Docker 安装 gitea、drone、woodpecker
本教程使用的是 Linux 环境。
【索引】
【一键安装 Gitea】/d/306/4
环境安装
已安装 Docker 和 Docker Compose,相关教程: /d/83
1、Docker
curl -fsSL https://get.docker.com | sudo bash -s docker --mirror Aliyun
2、Docker Compose(最新版本 Docker 已内置)
curl -fsSL https://framagit.org/jetsung/sh-files/-/raw/main/sh/docker-compose.sh | bash
Gitea 安装
本教程使用 PostgreSQL 数据库。
#一键安装方式# **https://framagit.org/jetsung/docker-compose/-/tree/main/gitea
1、创建文件 docker-compose.yaml
相关内容参考:https://docs.gitea.io/en-us/install-with-docker/#postgresql-数据库
docker-compose.yaml 文件内容:
version: "3"
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "22:22"
restart: unless-stopped
depends_on:
- db
db:
image: postgres:13
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- ./postgres:/var/lib/postgresql/data
restart: unless-stopped
若“基础URL”使用了 https,则需要自行配置“反向代理”。
设置反向代理
相关内容参考:https://docs.gitea.io/en-us/reverse-proxies/
1、使用 Caddy
文件 Caddyfile
git.mydomain.com {
tls git@mydomain.com
reverse_proxy localhost:3000
}
若将 caddy 与 gitea 一体,使用 Docker 文件 Caddyfile
git.mydomain.com {
tls git@mydomain.com
reverse_proxy server:3000
}
docker-compose.yaml
version: "3"
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "22:22"
restart: unless-stopped
depends_on:
- db
db:
image: postgres:13
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- ./postgres:/var/lib/postgresql/data
restart: unless-stopped
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
2、使用 nginx
其它配置
相关内容参考:https://docs.gitea.io/en-us/config-cheat-sheet/
配置文件位置:gitea/gitea/conf/app.ini
1、如何配置 Email SMTP?
比如“腾讯企业邮箱”
[mailer]
HOST = smtp.exmail.qq.com:465
IS_TLS_ENABLED = true
2、如何使 Release 上传的附件支持 4M 以上?
比如设置 50M
[attachment]
MAX_SIZE=50
Drone 安装
相关内容参考:https://docs.drone.io/server/provider/gitea/
drone-server + drone-runner
# docker-compose.yml
# https://github.com/harness/drone
version: '3'
volumes:
server-data:
services:
drone-server:
image: 'drone/drone:2'
container_name: drone-server
restart: unless-stopped
volumes:
- server-data:/data
env_file:
- ./.env
ports:
- '30003:80'
- '30004:443'
drone-runner:
image: 'drone/drone-runner-docker:1'
container_name: drone-runner
restart: unless-stopped
depends_on:
- drone-server
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
env_file:
- ./.env
.env
# server
DRONE_GITEA_SERVER=
DRONE_GITEA_CLIENT_ID=
DRONE_GITEA_CLIENT_SECRET=
DRONE_RPC_SECRET=
DRONE_SERVER_HOST=
DRONE_SERVER_PROTO=https
# client
DRONE_RPC_PROTO=http
DRONE_RPC_HOST=drone-server
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=my-drone-runner
# CUSTOM
TZ=Asia/Shanghai
drone-server: docker-compose.yml
version: '3.3'
services:
drone:
image: 'drone/drone:2'
container_name: drone-server
restart: unless-stopped
volumes:
- '/var/lib/drone:/data'
environment:
- DRONE_GITEA_SERVER=https://git.mydomain.com
- DRONE_GITEA_CLIENT_ID=client_id_for_gitea
- DRONE_GITEA_CLIENT_SECRET=client_secret_for_gitea
- DRONE_RPC_SECRET=rpc_secret
- DRONE_SERVER_HOST=drone.mydomain.com
- DRONE_SERVER_PROTO=https
ports:
- '30003:80'
- '30004:443'
其中 DRONE_RPC_SECRET 通过以下命令生成,与 Runner 交互。
openssl rand -hex 16
drone-runner: docker-compose.yml
version: '3'
services:
drone-runner-docker:
image: 'drone/drone-runner-docker:1'
container_name: drone-runner
restart: unless-stopped
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=drone.mydomain.com
- DRONE_RPC_SECRET=rpc_secret
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=my-first-runner
ports:
- '30007:3000'
NGINX 反向代理:
server {
listen 80;
listen 443 ssl http2;
server_name drone.mydomain.com;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
index index.php index.html index.htm default.php default.htm default.html;
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://127.0.0.1:30003;
}
#HTTP_TO_HTTPS_END
ssl_certificate ssl/mydomain.com.fullchain.cer;
ssl_certificate_key ssl/mydomain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#HTTP_TO_HTTPS_END
access_log /data/wwwlogs/drone.mydomain.com_access.log;
error_log /data/wwwlogs/drone.mydomain.com_error.log;
}