0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2024-12-22 22:17:10 -05:00

Revert "Add rootless installation instructions"

This reverts commit 345765e21f.
This commit is contained in:
Earl Warren 2024-04-28 22:27:43 +02:00 committed by Earl Warren
parent a1106f2fce
commit bea94cd9bd

View file

@ -69,88 +69,6 @@ ENABLE_PUSH_CREATE_USER = true
> **NOTE:** in case you are in a selinux environment check the audit logs if you are having issues with containers.
## Rootless
Forgejo also supports a rootless Docker image.
With this image, the Docker container can run as an unprivileged user, which means that an attacker will not have root privileges on the server even when they gain access to the container.
This configuration is slightly more involved because we need to prepare our data folders.
To do so, we create a `data` folder with permissions for the user with `UID` and `GID` 1000.
This is the user which should **not** have root privileges.
```sh
#!/usr/bin/env bash
set -e
mkdir -p work
mkdir -p work/data
chown -R 1000:1000 work/data
chmod 775 work/data
chmod g+s work/data
```
```yaml
version: '3'
networks:
forgejo:
external: false
services:
gitea:
image: 'codeberg.org/forgejo/forgejo:1.21-rootless'
container_name: 'forgejo'
environment:
USER_UID: '1000'
USER_GID: '1000'
FORGEJO_WORK_DIR: '/var/lib/forge'
user: '1000:1000'
networks:
- forgejo
ports:
- '3000:3000'
- '222:22'
volumes:
- ./forgejo:/data:rw'
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# Right side of this mount depends on the `FORGEJO_WORK_DIR` var above.
- ./work:/var/lib/forge:rw
logging:
driver: 'json-file'
options:
max-size: '10m'
max-file: '10'
restart: 'unless-stopped'
```
To also mount a locally defined `app.ini`, add
```yaml
- ./app.ini:/etc/gitea/app.ini
```
to `volumes`.
Next, run this with
```sh
docker compose up
```
To, for example, add an admin user from the command line, use:
```sh
docker exec -ti forgejo /bin/bash
```
and
```sh
forgejo admin user create --username <USERNAME> --password <PASSWORD> --email <EMAIL> --admin
```
## Databases
In the following each database is shown as part of a `docker-compose` example file, with a `diff like` presentation that highlights additions to the example above.