opendev/system-config
Code Issues Proposed changes
Files
master
system-config/playbooks/roles/gitea/templates/app.ini.j2
Clark Boylan 86090cb61c Set canonical Link paths for gitea resources 
Search engines, like google, are finding our non standard port hosted
backend gitea content and serving it in search results. Add Link headers
to apache with rel="canonical" set for the top level https://opendev.org
location to direct search engines there. This should produce better
results for people looking for data on the internet.

Note we add a new configurable root url setting for gitea so that the
test envs don't get indexes with canonical urls for production. The
reason for this is the content in our test deployments is not complete
and I am concerned that setting canonical urls for incomplete data may
be worse for search results.

Finally, we add a new test case that checks search result functionality
against the system-config repo (which is populated in the test gitea) to
ensure that canonical links for resources with query parameters are
rendered properly.

Change-Id: Idabe5c528d4c14a3238c03123bcd6992756681c6
2025-10-03 22:43:43 +00:00

146 lines
3.9 KiB
Django/Jinja
Raw Permalink Blame History

APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
; TODO determine if this is appropriate for our existing installation
WORK_PATH = /data/gitea
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = {{ gitea_root_url | default('https://opendev.org') }}/
DISABLE_SSH = false
SSH_PORT = 22
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /certs/cert.pem
KEY_FILE = /certs/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
HOST = localhost:3306
NAME = gitea
USER = {{ gitea_db_username }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
LOG_SQL = false
[cache]
ADAPTER = memcache
HOST = 127.0.0.1:11211
[repository]
ROOT = /data/git/repositories
DISABLED_REPO_UNITS = repo.issues,repo.pulls,repo.wiki,repo.projects,repo.actions
DISABLE_STARS = true
DISABLE_MIGRATIONS = true
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
[git]
; Implemented in 1.16 but broke older git clients. Now expected to work
; but we keep explicit config in place should it need to be toggled back
; to true again.
DISABLE_PARTIAL_CLONE = false
[federation]
ENABLED = false
[packages]
ENABLED = false
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
STARTUP_TIMEOUT = 300s
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
STACKTRACE_LEVEL = Error
logger.access.MODE = file
{% raw -%}
ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"
{% endraw %}
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service]
DISABLE_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
ENABLE_TIMETRACKING = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[oauth2]
ENABLED = false
; TODO we don't do oauth2 do we need to set this value?
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
; TODO we don't do oauth2 do we need to set this value?
JWT_SIGNING_PRIVATE_KEY_FILE = /data/gitea/jwt/private.pem
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = /usr/bin/pandoc -f rst
; Input is not a standard input but a file
IS_INPUT_FILE = false
[actions]
ENABLED = false
[lfs]
STORAGE_TYPE = local
PATH = /data/git/lfs
; This is an undocumented gitea cron job that will delete all
; repo archives periodically if enabled. Repo archives are
; tarballs/zips/etc of repository state generate for things like
; tags. We used to rely on it, but some crawlers are so aggressive
; they manage to fill up our filesystems between scheduled cleanups
; so instead we've blocked access to the feature entirely. This
; defaults to disabled, but keep it explicit in here as a reminder
; in case we ever revert the change and restore archive access.
[cron.delete_repo_archives]
ENABLED = false
; We don't need gitea phoning out to check versions. We stay on
; top of new releases using github release notifications over email.
[cron.update_checker]
ENABLED = false
View Git Blame Copy Permalink