Doc config file should not be readable by others as it contains sensitive info (#8385)
This commit is contained in:
parent
bd41a04a56
commit
8a828500e6
1 changed files with 13 additions and 13 deletions
|
@ -44,7 +44,7 @@ location. When launched manually, Gitea can be killed using `Ctrl+C`.
|
||||||
|
|
||||||
## Recommended server configuration
|
## Recommended server configuration
|
||||||
|
|
||||||
**NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/specific-variables.en-us.md" >}}) as well!
|
**NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/specific-variables.en-us.md" >}}) as well!
|
||||||
Of note, configuring `GITEA_WORK_DIR` will tell Gitea where to base its working directory, as well as ease installation.
|
Of note, configuring `GITEA_WORK_DIR` will tell Gitea where to base its working directory, as well as ease installation.
|
||||||
|
|
||||||
### Prepare environment
|
### Prepare environment
|
||||||
|
@ -80,7 +80,7 @@ chmod 770 /etc/gitea
|
||||||
**NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done, it is recommended to set rights to read-only using:
|
**NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done, it is recommended to set rights to read-only using:
|
||||||
```
|
```
|
||||||
chmod 750 /etc/gitea
|
chmod 750 /etc/gitea
|
||||||
chmod 644 /etc/gitea/app.ini
|
chmod 640 /etc/gitea/app.ini
|
||||||
```
|
```
|
||||||
If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group `root:root`, mode `0660`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.
|
If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group `root:root`, mode `0660`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.
|
||||||
|
|
||||||
|
@ -113,16 +113,16 @@ GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
|
||||||
|
|
||||||
## Updating to a new version
|
## Updating to a new version
|
||||||
|
|
||||||
You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance.
|
You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance.
|
||||||
The binary file name should not be changed during the update to avoid problems
|
The binary file name should not be changed during the update to avoid problems
|
||||||
in existing repositories.
|
in existing repositories.
|
||||||
|
|
||||||
It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
|
It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
|
||||||
|
|
||||||
If you have carried out the installation steps as described above, the binary should
|
If you have carried out the installation steps as described above, the binary should
|
||||||
have the generic name `gitea`. Do not change this, i.e. to include the version number.
|
have the generic name `gitea`. Do not change this, i.e. to include the version number.
|
||||||
|
|
||||||
See below for troubleshooting instructions to repair broken repositories after
|
See below for troubleshooting instructions to repair broken repositories after
|
||||||
an update of your Gitea version.
|
an update of your Gitea version.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
@ -145,7 +145,7 @@ is already running.
|
||||||
|
|
||||||
### Running Gitea on Raspbian
|
### Running Gitea on Raspbian
|
||||||
|
|
||||||
As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices.
|
As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices.
|
||||||
|
|
||||||
It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
|
It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
|
||||||
|
|
||||||
|
@ -154,18 +154,18 @@ please remove after fixing the arm7 bug
|
||||||
--->
|
--->
|
||||||
### Git error after updating to a new version of Gitea
|
### Git error after updating to a new version of Gitea
|
||||||
|
|
||||||
If the binary file name has been changed during the update to a new version of Gitea,
|
If the binary file name has been changed during the update to a new version of Gitea,
|
||||||
git hooks in existing repositories will not work any more. In that case, a git
|
git hooks in existing repositories will not work any more. In that case, a git
|
||||||
error will be displayed when pushing to the repository.
|
error will be displayed when pushing to the repository.
|
||||||
|
|
||||||
```
|
```
|
||||||
remote: ./hooks/pre-receive.d/gitea: line 2: [...]: No such file or directory
|
remote: ./hooks/pre-receive.d/gitea: line 2: [...]: No such file or directory
|
||||||
```
|
```
|
||||||
|
|
||||||
The `[...]` part of the error message will contain the path to your previous Gitea
|
The `[...]` part of the error message will contain the path to your previous Gitea
|
||||||
binary.
|
binary.
|
||||||
|
|
||||||
To solve this, go to the admin options and run the task `Resynchronize pre-receive,
|
To solve this, go to the admin options and run the task `Resynchronize pre-receive,
|
||||||
update and post-receive hooks of all repositories` to update all hooks to contain
|
update and post-receive hooks of all repositories` to update all hooks to contain
|
||||||
the new binary path. Please note that this overwrite all git hooks including ones
|
the new binary path. Please note that this overwrite all git hooks including ones
|
||||||
with customizations made.
|
with customizations made.
|
||||||
|
|
Reference in a new issue