Clone CentOS template, run config script and install git and wget
Fetch and uncompress newest Linux x86 binary release tar.gz from https://gogs.io/docs/installation/install_from_binary - In my case:
wget https://dl.gogs.io/0.11.79/gogs_0.11.79_linux_amd64.tar.gz
tar xzvf gogs_*
Move the gogs dir to /opt and create config dir
mv gogs /opt/
mkdir -p /opt/gogs/custom/conf/
Add user for gogs application
adduser gogs
Create folder for repo root
mkdir /var/gogsrepo
chown -R gogs:gogs /var/gogsrepo
Add repo path to new config file /opt/gogs/custom/conf/app.ini :
[repository]
ROOT = /var/gogsrepo
Make sure that the gogs user owns the install dir and all contents
chown -R gogs:gogs /opt/gogs/
Create a service file to ensure start on boot - /etc/systemd/system/gogs.service
[Unit]
Description=Gogs
After=syslog.target
After=network.target
#After=mariadb.service mysqld.service postgresql.service memcached.service redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=gogs
Group=gogs
WorkingDirectory=/opt/gogs/
ExecStart=/opt/gogs/gogs web -port 8080
Restart=always
Environment=USER=gogs HOME=/home/gogs
# Some distributions may not support these hardening directives. If you cannot start the service due
# to an unknown option, comment out the ones not supported by your version of systemd.
ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
Set it to executable:
chmod 644 /etc/systemd/system/gogs.service
Open firewall for port 80
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
Enable and start Gogs service
systemctl enable gogs
systemctl start gogs
Open the webui to complete installation at http://gogs:8080
Set the DB type to SQLite3, check that the repo path is still /var/gogsrepo, runuser is gogs, domain is gogs.lan.example.com
Confirm port 8080 and URL is http://gogs.lan.example.com:8080
Configure an administrator user (admin account name is not valid here, and email is required)
Finally click install.
Login with administrator account and click on the icon on the top right->Admin Panel->Authentications
Add Authentication Type LDAP (via BindDN)
Security Protocol
Unencrypted
Host
freeipa.lan.example.com
Port
389
Bind DN
uid=binduser,cn=users,cn=accounts,dc=lan,dc=example,dc=com
Bind Password
well.. the pw for binduser?
User Search Base
cn=users,cn=accounts,dc=lan,dc=example,dc=com
User Filter
(&(|(objectclass=person))(|(memberof=cn=gogsusers,cn=groups,cn=accounts,dc=lan,dc=example,dc=com))((uid=%s)))
Admin Filter
TODO when I have time
Username Attribute
uid
First Name Attribute
cn
Surname Attribute
sn
Email Attribute
mail