James E. Blair 4ae46fd9c3 Switch gitea to TLS
Gitea supports internal TLS termination as well as redirection of
http to https.  That may be simpler than terminating in a reverse
proxy.  Let's try it.

Also, make the dockerfile match the expectation of the job that
there will be a gitea-init stage.

Also, fix the repository root setting in app.ini.

Change-Id: Ia6b66b53cebdb1afa49fef89a0559615f98052f1
2019-02-14 13:41:40 -08:00

87 lines
2.1 KiB
Django/Jinja

APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://38.108.68.64/
DISABLE_SSH = false
SSH_PORT = 22
LFS_CONTENT_PATH = /data/git/lfs
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /data/gitea/ssl/cert.pem
KEY_FILE = /data/gitea/ssl/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
HOST = gitea-pxc.gitea-db.svc.cluster.local:3306
NAME = gitea
USER = {{ db_username }}
PASSWD = {{ db_password }}
SSL_MODE = disable
LOG_SQL = false
[repository]
ROOT = /data/git/repositories
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ secret_key }}
INTERNAL_TOKEN = {{ internal_token }}
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = "/usr/bin/pandoc -f rst"
; Input is not a standard input but a file
IS_INPUT_FILE = false