Merge "Switch gitea to TLS"

2019-02-14 22:45:45 +00:00 · 2019-02-14 22:45:45 +00:00 · 8b2e6e511c
commit 8b2e6e511c
parent 67cd3a2b23 4ae46fd9c3
6 changed files with 24 additions and 3 deletions
--- a/docker/gitea-init/Dockerfile
+++ b/docker/gitea-init/Dockerfile
@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.

-FROM opendevorg/jinja-init
+FROM opendevorg/jinja-init as gitea-init

 COPY entrypoint.sh /

--- a/docker/gitea-init/entrypoint.sh
+++ b/docker/gitea-init/entrypoint.sh
@ -21,6 +21,12 @@ chown 1000:1000 /data/git
 mkdir -p /data/gitea
 chown 1000:1000 /data/gitea

+mkdir -p /data/gitea/ssl
+chown 1000:1000 /data/gitea/ssl
+chmod 0500 /data/gitea/ssl
+cp /secrets/gitea_tls_cert /data/gitea/ssl/cert.pem
+cp /secrets/gitea_tls_key /data/gitea/ssl/key.pem
+
 # This one is used by openssh and can remain root-owned
 mkdir -p /data/ssh

--- a/kubernetes/gitea/app.ini.j2
+++ b/kubernetes/gitea/app.ini.j2
@ -5,8 +5,9 @@ RUN_USER = git
 [server]
 APP_DATA_PATH    = /data/gitea
 SSH_DOMAIN       = localhost
+PROTOCOL         = https
 HTTP_PORT        = 3000
-ROOT_URL         = http://38.108.68.64/
+ROOT_URL         = https://38.108.68.64/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_CONTENT_PATH = /data/git/lfs
@ -14,6 +15,10 @@ DOMAIN           = localhost
 LFS_START_SERVER = true
 LFS_JWT_SECRET   = {{ lfs_jwt_secret }}
 OFFLINE_MODE     = false
+CERT_FILE        = /data/gitea/ssl/cert.pem
+KEY_FILE         = /data/gitea/ssl/key.pem
+REDIRECT_OTHER_PORT = true
+PORT_TO_REDIRECT = 3080

 [database]
 DB_TYPE  = mysql
@ -24,6 +29,9 @@ PASSWD   = {{ db_password }}
 SSL_MODE = disable
 LOG_SQL  = false

+[repository]
+ROOT = /data/git/repositories
+
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
 REPO_INDEXER_ENABLED = true
@ -50,7 +58,7 @@ SECRET_KEY     = {{ secret_key }}
 INTERNAL_TOKEN = {{ internal_token }}

 [service]
-DISABLE_REGISTRATION              = false
+DISABLE_REGISTRATION              = true
 REQUIRE_SIGNIN_VIEW               = false
 REGISTER_EMAIL_CONFIRM            = false
 ENABLE_NOTIFY_MAIL                = false
--- a/kubernetes/gitea/k8s/deployment.yaml
+++ b/kubernetes/gitea/k8s/deployment.yaml
@ -34,6 +34,7 @@ spec:
              value: '3'  # Increment to trigger a deployment.
          ports:
            - containerPort: 3000
+            - containerPort: 3080
          volumeMounts:
            - name: gitea-data
              mountPath: /data
--- a/kubernetes/gitea/k8s/secret.yaml
+++ b/kubernetes/gitea/k8s/secret.yaml
@ -10,3 +10,5 @@ stringData:
  lfs_jwt_secret: {{ gitea_lfs_jwt_secret }}
  db_username: {{ gitea_db_username }}
  db_password: {{ gitea_db_password }}
+  gitea_tls_cert: {{ gitea_tls_cert }}
+  gitea_tls_key: {{ gitea_tls_key }}
--- a/kubernetes/gitea/k8s/service.yaml
+++ b/kubernetes/gitea/k8s/service.yaml
@ -9,6 +9,10 @@ spec:
  ports:
    - protocol: TCP
      port: 80
+      targetPort: 3080
+      name: http
+    - protocol: TCP
+      port: 443
      targetPort: 3000
      name: http
    - protocol: TCP