APP_NAME = Local Repo CloudNative zone RUN_MODE = prod RUN_USER = git WORK_PATH = /data/gitea [repository] ROOT = /data/git/repositories [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] PROTOCOL = http APP_DATA_PATH = /data/gitea SSH_DOMAIN = localrepo.cloudnative.zone DOMAIN = localrepo.cloudnative.zone HTTP_ADDR = 0.0.0.0 HTTP_PORT = 3000 ROOT_URL = https://localrepo.cloudnative.zone/ DISABLE_SSH = false LFS_START_SERVER = true shFS_MAX_FILE_SIZE = 0 LFS_LOCK_PAGING_NUM = 50 ; Permission for unix socket UNIX_SOCKET_PERMISSION = 666 START_SSH_SERVER = true BUILTIN_SSH_SERVER_USER = git ; The network interface the builtin SSH server should listen on ; SSH_LISTEN_HOST = ; Port number to be exposed in clone URL SSH_PORT = 2022 ; The port number the builtin SSH server should listen on SSH_LISTEN_PORT = %(SSH_PORT)s ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. ; SSH_ROOT_PATH = SSH_ROOT_PATH = /data/git/repositories ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. SSH_CREATE_AUTHORIZED_KEYS_FILE = false ; For the built-in SSH server, choose the ciphers to support for SSH connections, ; for system SSH this setting has no effect SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections ; for system SSH this setting has no effect SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org ; for system SSH this setting has no effect SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96 ; Directory to create temporary files in when testing public keys using ssh-keygen, ; default is the system temporary directory. ; SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. SSH_KEYGEN_PATH = ssh-keygen ; Enable SSH Authorized Key Backup when rewriting all keys, default is true SSH_BACKUP_AUTHORIZED_KEYS = true ; Enable exposure of SSH clone URL to anonymous visitors, default is false SSH_EXPOSE_ANONYMOUS = false ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode DISABLE_ROUTER_LOG = false OFFLINE_MODE = true ; Generate steps: ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com ; ; Or from a .pfx file exported from the Windows certificate store (do ; not forget to export the private key): ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes # CERT_FILE = /data/gitea/conf/ssl/fullchain.pem # KEY_FILE = /data/gitea/conf/ssl/privkey.pem [database] PATH = /data/gitea/gitea.db DB_TYPE = postgres HOST = db:5432 NAME = gitea USER = gitea PASSWD = gitea LOG_SQL = false SCHEMA = SSL_MODE = disable [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars [attachment] PATH = /data/gitea/attachments [log] MODE = console LEVEL = info ROOT_PATH = /data/gitea/log [security] INSTALL_LOCK = false SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localrepo.cloudnative.zone [lfs] PATH = /data/git/lfs [mailer] ENABLED = false [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [cron.update_checker] ENABLED = false [repository.pull-request] DEFAULT_MERGE_STYLE = merge [repository.signing] DEFAULT_TRUST_MODEL = committer [oauth2] [webhook] ; Hook task queue length, increase if webhook shooting starts hanging QUEUE_LENGTH = 1000 ; Deliver timeout in seconds DELIVER_TIMEOUT = ; Allow insecure certification SKIP_TLS_VERIFY = false ; Number of history information in each page PAGING_NUM = 10 ALLOWED_HOST_LIST = 10.11.1.0/24