Gogs Git Server

A Git Repository For Your Stuff

Plan

• Install Gogs repo (from binary)
• LDAP auth
• Just use SQLite for now - Proper DB isn't needed for my scale

Base OS

Clone CentOS template, run config script and install git and wget

Install gogs

Fetch and uncompress newest Linux x86 binary release tar.gz from https://gogs.io/docs/installation/install_from_binary - In my case:

wget https://dl.gogs.io/0.11.79/gogs_0.11.79_linux_amd64.tar.gz
tar xzvf gogs_*

Move the gogs dir to /opt and create config dir

mv gogs /opt/
mkdir -p /opt/gogs/custom/conf/

Add user for gogs application

adduser gogs

Create folder for repo root

mkdir /var/gogsrepo
chown -R gogs:gogs /var/gogsrepo

Add repo path to new config file /opt/gogs/custom/conf/app.ini :

[repository]
ROOT = /var/gogsrepo

Make sure that the gogs user owns the install dir and all contents

chown -R gogs:gogs /opt/gogs/

Create a service file to ensure start on boot - /etc/systemd/system/gogs.service

[Unit]
Description=Gogs
After=syslog.target
After=network.target
#After=mariadb.service mysqld.service postgresql.service memcached.service redis.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=gogs
Group=gogs
WorkingDirectory=/opt/gogs/
ExecStart=/opt/gogs/gogs web -port 8080
Restart=always
Environment=USER=gogs HOME=/home/gogs

# Some distributions may not support these hardening directives. If you cannot start the service due
# to an unknown option, comment out the ones not supported by your version of systemd.
ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

Set it to executable:

chmod 644 /etc/systemd/system/gogs.service

Open firewall for port 80

firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload

Enable and start Gogs service

systemctl enable gogs
systemctl start gogs

Open the webui to complete installation at http://gogs:8080

Set the DB type to SQLite3, check that the repo path is still /var/gogsrepo, runuser is gogs, domain is gogs.lan.example.com

Confirm port 8080 and URL is http://gogs.lan.example.com:8080

Configure an administrator user (admin account name is not valid here, and email is required)

Finally click install.

Gogs LDAP authentication

Login with administrator account and click on the icon on the top right->Admin Panel->Authentications

Add Authentication Type LDAP (via BindDN)

Security Protocol

Unencrypted

Host

freeipa.lan.example.com

Port

389

Bind DN

uid=binduser,cn=users,cn=accounts,dc=lan,dc=example,dc=com

Bind Password

well.. the pw for binduser?

User Search Base

cn=users,cn=accounts,dc=lan,dc=example,dc=com

User Filter

(&(|(objectclass=person))(|(memberof=cn=gogsusers,cn=groups,cn=accounts,dc=lan,dc=example,dc=com))((uid=%s)))

Admin Filter

TODO when I have time

Username Attribute

uid

First Name Attribute

cn

Surname Attribute

sn

Email Attribute

mail