2017-11-26 21:44:32 +00:00
---
date: "2016-12-26T16:00:00+02:00"
title: "Config Cheat Sheet"
slug: "config-cheat-sheet"
2023-04-04 13:47:31 +00:00
weight: 30
2017-11-26 21:44:32 +00:00
toc: false
draft: false
Refactor docs (#23752)
This was intended to be a small followup for
https://github.com/go-gitea/gitea/pull/23712, but...here we are.
1. Our docs currently use `slug` as the entire URL, which makes
refactoring tricky (see https://github.com/go-gitea/gitea/pull/23712).
Instead, this PR attempts to make future refactoring easier by using
slugs as an extension of the section. (Hugo terminology)
- What the above boils down to is this PR attempts to use directory
organization as URL management. e.g. `usage/comparison.en-us.md` ->
`en-us/usage/comparison/`, `usage/packages/overview.en-us.md` ->
`en-us/usage/packages/overview/`
- Technically we could even remove `slug`, as Hugo defaults to using
filename, however at least with this PR it means `slug` only needs to be
the name for the **current file** rather than an entire URL
2. This PR adds appropriate aliases (redirects) for pages, so anything
on the internet that links to our docs should hopefully not break.
3. A minor nit I've had for a while, renaming `seek-help` to `support`.
It's a minor thing, but `seek-help` has a strange connotation to it.
4. The commits are split such that you can review the first which is the
"actual" change, and the second is added redirects so that the first
doesn't break links elsewhere.
---------
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-04-28 03:33:41 +00:00
aliases:
- /en-us/config-cheat-sheet
2017-11-26 21:44:32 +00:00
menu:
sidebar:
2023-03-23 15:18:24 +00:00
parent: "administration"
2017-11-26 21:44:32 +00:00
name: "Config Cheat Sheet"
2023-03-23 15:18:24 +00:00
weight: 30
2017-11-26 21:44:32 +00:00
identifier: "config-cheat-sheet"
---
# Configuration Cheat Sheet
2019-05-26 05:23:30 +00:00
This is a cheat sheet for the Gitea configuration file. It contains most of the settings
that can be configured as well as their default values.
2017-11-26 21:44:32 +00:00
2018-01-08 22:48:42 +00:00
Any changes to the Gitea configuration file should be made in `custom/conf/app.ini`
or any corresponding location. When installing from a distribution, this will
typically be found at `/etc/gitea/conf/app.ini` .
2017-11-26 21:44:32 +00:00
2018-01-08 22:48:42 +00:00
The defaults provided here are best-effort (not built automatically). They are
2021-10-16 06:14:34 +00:00
accurately recorded in [app.example.ini ](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini )
(s/main/\<tag|release\>). Any string in the format `%(X)s` is a feature powered
2018-01-08 22:48:42 +00:00
by [ini ](https://github.com/go-ini/ini/#recursive-values ), for reading values recursively.
2017-11-26 21:44:32 +00:00
2022-11-10 01:22:31 +00:00
In the default values below, a value in the form `$XYZ` refers to an environment variable. (However, see `environment-to-ini` .) Values in the form _`XxYyZz`_ refer to values listed as part of the default configuration. These notation forms will not work in your own `app.ini` file and are only listed here as documentation.
2017-11-26 21:44:32 +00:00
Values containing `#` or `;` must be quoted using `` ` `` or ` """`.
2018-01-06 20:15:14 +00:00
**Note:** A full restart is required for Gitea configuration changes to take effect.
2017-11-26 21:44:32 +00:00
2020-12-08 04:52:26 +00:00
{{< toc > }}
2022-11-10 01:22:31 +00:00
## Default Configuration (non-`app.ini` configuration)
These values are environment-dependent but form the basis of a lot of values. They will be
reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
- _`AppPath`_: This is the absolute path of the running gitea binary.
- _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
- The `--work-path` flag passed to the binary
- The environment variable `$GITEA_WORK_DIR`
- A built-in value set at build time (see building from source)
- Otherwise it defaults to the directory of the _`AppPath`_
2023-03-15 00:39:36 +00:00
- If any of the above are relative paths then they are made absolute against
2022-11-10 01:22:31 +00:00
the directory of the _`AppPath`_
- _`CustomPath`_: This is the base directory for custom templates and other options.
It is determined by using the first set thing in the following hierarchy:
- The `--custom-path` flag passed to the binary
- The environment variable `$GITEA_CUSTOM`
- A built-in value set at build time (see building from source)
- Otherwise it defaults to _`AppWorkPath`_ `/custom`
- If any of the above are relative paths then they are made absolute against the
the directory of the _`AppWorkPath`_
- _`CustomConf`_: This is the path to the `app.ini` file.
- The `--config` flag passed to the binary
- A built-in value set at build time (see building from source)
- Otherwise it defaults to _`CustomPath`_ `/conf/app.ini`
- If any of the above are relative paths then they are made absolute against the
the directory of the _`CustomPath`_
In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
2017-11-26 21:44:32 +00:00
## Overall (`DEFAULT`)
2018-01-06 20:15:14 +00:00
- `APP_NAME` : **Gitea: Git with a cup of tea** : Application name, used in the page title.
2022-11-10 01:22:31 +00:00
- `RUN_USER` : **_current OS username_/`$USER`/`$USERNAME` e.g. git** : The user Gitea will run as.
This should be a dedicated system (non-user) account. Setting this incorrectly will cause Gitea
to not start.
2023-05-25 03:47:30 +00:00
- `RUN_MODE` : **prod** : Application run mode, affects performance and debugging: `dev` or `prod` , default is `prod` . Mode `dev` makes Gitea easier to develop and debug, values other than `dev` are treated as `prod` which is for production use.
2017-11-26 21:44:32 +00:00
## Repository (`repository`)
2022-11-10 01:22:31 +00:00
- `ROOT` : ** %(APP_DATA_PATH)s/gitea-repositories**: Root path for storing all repository data.
A relative path is interpreted as **_`AppWorkPath`_/%(ROOT)s** .
2019-03-09 21:15:45 +00:00
- `SCRIPT_TYPE` : **bash** : The script type this server supports. Usually this is `bash` ,
2018-01-08 22:48:42 +00:00
but some users report that only `sh` is available.
2020-06-02 22:20:19 +00:00
- `DETECTED_CHARSETS_ORDER` : **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr** : Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
- `ANSI_CHARSET` : ** \<empty\>**: Default ANSI charset to override non-UTF-8 charsets to.
2018-01-06 20:15:14 +00:00
- `FORCE_PRIVATE` : **false** : Force every new repository to be private.
2018-01-08 22:48:42 +00:00
- `DEFAULT_PRIVATE` : **last** : Default private when creating a new repository.
\[last, private, public\]
2020-09-27 19:20:52 +00:00
- `DEFAULT_PUSH_CREATE_PRIVATE` : **true** : Default private when creating a new repository with push-to-create.
2018-01-08 22:48:42 +00:00
- `MAX_CREATION_LIMIT` : ** -1**: Global maximum creation limit of repositories per user,
`-1` means no limit.
- `PREFERRED_LICENSES` : **Apache License 2.0,MIT License** : Preferred Licenses to place at
2021-04-30 14:36:28 +00:00
the top of the list. Name must match file name in options/license or custom/options/license.
2018-01-08 22:48:42 +00:00
- `DISABLE_HTTP_GIT` : **false** : Disable the ability to interact with repositories over the
HTTP protocol.
- `USE_COMPAT_SSH_URI` : **false** : Force ssh:// clone url instead of scp-style uri when
default SSH port is used.
2023-05-12 09:44:37 +00:00
- `GO_GET_CLONE_URL_PROTOCOL` : **https** : Value for the "go get" request returns the repository url as https or ssh
default is https.
2019-01-14 21:05:27 +00:00
- `ACCESS_CONTROL_ALLOW_ORIGIN` : ** \<empty\>**: Value for Access-Control-Allow-Origin header,
default is not to present. **WARNING** : This maybe harmful to you website if you do not
give it a right value.
2019-02-10 19:27:19 +00:00
- `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH` : **false** : Close an issue if a commit on a non default branch marks it as closed.
2019-12-15 02:49:52 +00:00
- `ENABLE_PUSH_CREATE_USER` : **false** : Allow users to push local repositories to Gitea and have them automatically created for a user.
- `ENABLE_PUSH_CREATE_ORG` : **false** : Allow users to push local repositories to Gitea and have them automatically created for an org.
2023-04-03 04:05:37 +00:00
- `DISABLED_REPO_UNITS` : **_empty_** : Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions\]
- `DEFAULT_REPO_UNITS` : **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages** : Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
2023-02-04 06:48:38 +00:00
- `DEFAULT_FORK_REPO_UNITS` : **repo.code,repo.pulls** : Comma separated list of default forked repo units. The set of allowed values and rules is the same as `DEFAULT_REPO_UNITS` .
2020-01-22 23:46:46 +00:00
- `PREFIX_ARCHIVE_FILES` : **true** : Prefix archive files by placing them in a directory named after the repository.
2020-12-21 14:39:41 +00:00
- `DISABLE_MIGRATIONS` : **false** : Disable migrating feature.
2021-04-15 16:53:57 +00:00
- `DISABLE_STARS` : **false** : Disable stars feature.
2022-04-09 04:26:48 +00:00
- `DEFAULT_BRANCH` : **main** : Default branch name of all repositories.
2020-10-01 06:57:57 +00:00
- `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES` : **false** : Allow non-admin users to adopt unadopted repositories
- `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES` : **false** : Allow non-admin users to delete unadopted repositories
2022-07-31 16:57:02 +00:00
- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES` : **false** : Don't allow download source archive files from UI
2022-12-27 21:21:14 +00:00
- `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` : **true** : Allow fork repositories without maximum number limit
2020-10-01 06:57:57 +00:00
### Repository - Editor (`repository.editor`)
2023-04-26 15:22:54 +00:00
- `LINE_WRAP_EXTENSIONS` : ** .txt,.md,.markdown,.mdown,.mkd,.livemd,**: List of file extensions for which lines should be wrapped in the Monaco editor. Separate extensions with a comma. To line wrap files without an extension, just put a comma
2020-10-01 06:57:57 +00:00
- `PREVIEWABLE_FILE_MODES` : **markdown** : Valid file modes that have a preview API associated with them, such as `api/v1/markdown` . Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match.
2018-11-26 19:21:42 +00:00
2018-08-13 19:04:39 +00:00
### Repository - Pull Request (`repository.pull-request`)
2019-04-02 07:48:31 +00:00
2018-08-13 19:04:39 +00:00
- `WORK_IN_PROGRESS_PREFIXES` : **WIP:,\[WIP\]** : List of prefixes used in Pull Request
Make WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (#19780)
The issue was that only the actual title was converted to uppercase, but
not the prefix as specified in `WORK_IN_PROGRESS_PREFIXES`. As a result,
the following did not work:
WORK_IN_PROGRESS_PREFIXES=Draft:,[Draft],WIP:,[WIP]
One possible workaround was:
WORK_IN_PROGRESS_PREFIXES=DRAFT:,[DRAFT],WIP:,[WIP]
Then indeed one could use `Draft` (as well as `DRAFT`) in the title.
However, the link `Start the title with DRAFT: to prevent the pull request
from being merged accidentally.` showed the suggestion in uppercase; so
it is not possible to show it as `Draft`. This PR fixes it, and allows
to use `Draft` in `WORK_IN_PROGRESS_PREFIXES`.
Fixes #19779.
Co-authored-by: zeripath <art27@cantab.net>
2022-05-26 09:19:24 +00:00
title to mark them as Work In Progress. These are matched in a case-insensitive manner.
2019-10-30 12:43:59 +00:00
- `CLOSE_KEYWORDS` : **close** , **closes** , **closed** , **fix** , **fixes** , **fixed** , **resolve** , **resolves** , **resolved** : List of
keywords used in Pull Request comments to automatically close a related issue
- `REOPEN_KEYWORDS` : **reopen** , **reopens** , **reopened** : List of keywords used in Pull Request comments to automatically reopen
a related issue
2022-06-03 03:45:54 +00:00
- `DEFAULT_MERGE_STYLE` : **merge** : Set default merge style for repository creating, valid options: `merge` , `rebase` , `rebase-merge` , `squash`
2019-12-30 23:34:11 +00:00
- `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT` : **50** : In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits
2021-06-18 22:08:22 +00:00
- `DEFAULT_MERGE_MESSAGE_SIZE` : **5120** : In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit. Only used if `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES` is `true` .
2019-12-30 23:34:11 +00:00
- `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS` : **false** : In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
- `DEFAULT_MERGE_MESSAGE_MAX_APPROVERS` : **10** : In default merge messages limit the number of approvers listed as `Reviewed-by:` . Set to `-1` to include all.
- `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY` : **true** : In default merge messages only include approvers who are officially allowed to review.
2021-06-18 22:08:22 +00:00
- `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES` : **false** : In default squash-merge messages include the commit message of all commits comprising the pull request.
2021-11-29 07:09:55 +00:00
- `ADD_CO_COMMITTER_TRAILERS` : **true** : Add co-authored-by and co-committed-by trailers to merge commit messages if committer does not match author.
2022-12-19 11:37:15 +00:00
- `TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY` : **false** : PR patches are tested using a three-way merge method to discover if there are conflicts. If this setting is set to **true** , conflicting patches will be retested using `git apply` - This was the previous behaviour in 1.18 (and earlier) but is somewhat inefficient. Please report if you find that this setting is required.
2017-11-26 21:44:32 +00:00
2019-02-18 20:55:04 +00:00
### Repository - Issue (`repository.issue`)
2019-04-02 07:48:31 +00:00
2019-02-18 20:55:04 +00:00
- `LOCK_REASONS` : **Too heated,Off-topic,Resolved,Spam** : A list of reasons why a Pull Request or Issue can be locked
2023-05-30 15:26:51 +00:00
- `MAX_PINNED` : **3** : Maximum number of pinned Issues per Repo. Set to 0 to disable pinning Issues.
2019-02-18 20:55:04 +00:00
2020-10-05 05:49:33 +00:00
### Repository - Upload (`repository.upload`)
- `ENABLED` : **true** : Whether repository file uploads are enabled
2022-03-02 22:50:29 +00:00
- `TEMP_PATH` : **data/tmp/uploads** : Path for uploads (content gets deleted on Gitea restart)
2020-10-05 05:49:33 +00:00
- `ALLOWED_TYPES` : ** \<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*` , `video/*` ). Empty value or `*/*` allows all types.
- `FILE_MAX_SIZE` : **3** : Max size of each file in megabytes.
- `MAX_FILES` : **5** : Max number of files per upload
### Repository - Release (`repository.release`)
- `ALLOWED_TYPES` : ** \<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*` , `video/*` ). Empty value or `*/*` allows all types.
2021-08-29 16:25:16 +00:00
- `DEFAULT_PAGING_NUM` : **10** : The default paging number of releases user interface
2021-09-27 13:00:54 +00:00
- For settings related to file attachments on releases, see the `attachment` section.
2020-10-05 05:49:33 +00:00
2019-10-16 13:42:42 +00:00
### Repository - Signing (`repository.signing`)
- `SIGNING_KEY` : **default** : \[none, KEYID, default \]: Key to sign with.
- `SIGNING_NAME` & `SIGNING_EMAIL` : if a KEYID is provided as the `SIGNING_KEY` , use these as the Name and Email address of the signer. These should match publicized name and email address for the key.
- `INITIAL_COMMIT` : **always** : \[never, pubkey, twofa, always\]: Sign initial commit.
- `never` : Never sign
- `pubkey` : Only sign if the user has a public key
- `twofa` : Only sign if the user is logged in with twofa
- `always` : Always sign
- Options other than `never` and `always` can be combined as a comma separated list.
2020-09-19 16:44:55 +00:00
- `DEFAULT_TRUST_MODEL` : **collaborator** : \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
2022-07-28 01:22:47 +00:00
- `collaborator` : Trust signatures signed by keys of collaborators.
- `committer` : Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
- `collaboratorcommitter` : Trust signatures signed by keys of collaborators which match the committer.
2019-10-16 13:42:42 +00:00
- `WIKI` : **never** : \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
- `CRUD_ACTIONS` : **pubkey, twofa, parentsigned** : \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
- Options as above, with the addition of:
- `parentsigned` : Only sign if the parent commit is signed.
2019-12-15 11:06:31 +00:00
- `MERGES` : **pubkey, twofa, basesigned, commitssigned** : \[never, pubkey, twofa, approved, basesigned, commitssigned, always\]: Sign merges.
- `approved` : Only sign approved merges to a protected branch.
2019-10-16 13:42:42 +00:00
- `basesigned` : Only sign if the parent commit in the base repo is signed.
- `headsigned` : Only sign if the head commit in the head branch is signed.
- `commitssigned` : Only sign if all the commits in the head branch to the merge point are signed.
2020-10-01 06:57:57 +00:00
## Repository - Local (`repository.local`)
2022-03-02 22:50:29 +00:00
- `LOCAL_COPY_PATH` : **tmp/local-repo** : Path for temporary local repository copies. Defaults to `tmp/local-repo` (content gets deleted on Gitea restart)
2020-10-01 06:57:57 +00:00
2021-05-10 20:38:08 +00:00
## Repository - MIME type mapping (`repository.mimetype_mapping`)
Configuration for set the expected MIME type based on file extensions of downloadable files. Configuration presents in key-value pairs and file extensions starts with leading `.` .
The following configuration set `Content-Type: application/vnd.android.package-archive` header when downloading files with `.apk` file extension.
2022-07-28 01:22:47 +00:00
2021-05-10 20:38:08 +00:00
```ini
.apk=application/vnd.android.package-archive
```
2019-05-13 15:38:53 +00:00
## CORS (`cors`)
- `ENABLED` : **false** : enable cors headers (disabled by default)
- `SCHEME` : **http** : scheme of allowed requests
- `ALLOW_DOMAIN` : ** \***: list of requesting domains that are allowed
- `ALLOW_SUBDOMAIN` : **false** : allow subdomains of headers listed above to request
- `METHODS` : **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS** : list of methods allowed to request
- `MAX_AGE` : **10m** : max time to cache response
- `ALLOW_CREDENTIALS` : **false** : allow request with credentials
2022-11-11 06:39:27 +00:00
- `HEADERS` : **Content-Type,User-Agent** : additional headers that are permitted in requests
2021-08-06 20:47:10 +00:00
- `X_FRAME_OPTIONS` : **SAMEORIGIN** : Set the `X-Frame-Options` header value.
2019-05-13 15:38:53 +00:00
2017-11-26 21:44:32 +00:00
## UI (`ui`)
2018-01-06 20:15:14 +00:00
- `EXPLORE_PAGING_NUM` : **20** : Number of repositories that are shown in one explore page.
2022-08-06 10:43:40 +00:00
- `ISSUE_PAGING_NUM` : **20** : Number of issues that are shown in one page (for all pages that list issues, milestones, projects).
2019-12-06 05:34:54 +00:00
- `MEMBERS_PAGING_NUM` : **20** : Number of members that are shown in organization members.
2018-01-06 20:15:14 +00:00
- `FEED_MAX_COMMIT_NUM` : **5** : Number of maximum commits shown in one activity feed.
2020-08-11 14:48:13 +00:00
- `FEED_PAGING_NUM` : **20** : Number of items that are displayed in home feed.
2022-06-25 17:06:01 +00:00
- `SITEMAP_PAGING_NUM` : **20** : Number of items that are displayed in a single subsitemap.
2018-07-23 14:12:06 +00:00
- `GRAPH_MAX_COMMIT_NUM` : **100** : Number of maximum commits shown in the commit graph.
2020-10-01 06:57:57 +00:00
- `CODE_COMMENT_LINES` : **4** : Number of line of codes shown for a code comment.
2021-09-27 14:47:44 +00:00
- `DEFAULT_THEME` : **auto** : \[auto, gitea, arc-green\]: Set the default theme for the Gitea install.
2020-09-26 06:05:49 +00:00
- `SHOW_USER_EMAIL` : **true** : Whether the email of the user should be shown in the Explore Users page.
2021-09-27 14:47:44 +00:00
- `THEMES` : **auto,gitea,arc-green** : All available themes. Allow users select personalized themes.
2019-01-17 19:48:01 +00:00
regardless of the value of `DEFAULT_THEME` .
2020-10-01 06:57:57 +00:00
- `MAX_DISPLAY_FILE_SIZE` : **8388608** : Max size of files to be displayed (default is 8MiB)
2020-04-28 18:05:39 +00:00
- `REACTIONS` : All available reactions users can choose on issues/prs and comments
Values can be emoji alias (:smile:) or a unicode emoji.
2021-06-29 19:42:47 +00:00
For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
2021-07-02 14:04:57 +00:00
- `CUSTOM_EMOJIS` : **gitea, codeberg, gitlab, git, github, gogs** : Additional Emojis not defined in the utf8 standard.
2023-03-29 13:41:45 +00:00
By default, we support Gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and
2021-06-29 14:28:38 +00:00
add it to this config.
2019-11-21 20:06:23 +00:00
- `DEFAULT_SHOW_FULL_NAME` : **false** : Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
- `SEARCH_REPO_DESCRIPTION` : **true** : Whether to search within description at repository search on explore page.
2022-02-26 10:14:23 +00:00
- `USE_SERVICE_WORKER` : **false** : Whether to enable a Service Worker to cache frontend assets.
2023-03-29 13:41:45 +00:00
- `ONLY_SHOW_RELEVANT_REPOS` : **false** Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
2017-11-26 21:44:32 +00:00
### UI - Admin (`ui.admin`)
2018-01-06 20:15:14 +00:00
- `USER_PAGING_NUM` : **50** : Number of users that are shown in one page.
- `REPO_PAGING_NUM` : **50** : Number of repos that are shown in one page.
- `NOTICE_PAGING_NUM` : **25** : Number of notices that are shown in one page.
- `ORG_PAGING_NUM` : **50** : Number of organizations that are shown in one page.
2017-11-26 21:44:32 +00:00
2022-12-27 15:38:15 +00:00
### UI - User (`ui.user`)
- `REPO_PAGING_NUM` : **15** : Number of repos that are shown in one page.
2020-09-26 06:05:49 +00:00
### UI - Metadata (`ui.meta`)
- `AUTHOR` : **Gitea - Git with a cup of tea** : Author meta tag of the homepage.
- `DESCRIPTION` : **Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go** : Description meta tag of the homepage.
- `KEYWORDS` : **go,git,self-hosted,gitea** : Keywords meta tag of the homepage.
2020-04-24 03:57:38 +00:00
### UI - Notification (`ui.notification`)
2022-05-09 16:33:19 +00:00
- `MIN_TIMEOUT` : **10s** : These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT` . The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to -1 to turn off.
2020-04-24 03:57:38 +00:00
- `MAX_TIMEOUT` : **60s** .
- `TIMEOUT_STEP` : **10s** .
2020-07-03 09:55:36 +00:00
- `EVENT_SOURCE_UPDATE_TIME` : **10s** : This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker` , a `SharedWorker` will be used in preference to polling notification endpoint. Set to ** -1** to disable the `EventSource` .
2020-04-24 03:57:38 +00:00
2021-01-13 03:45:19 +00:00
### UI - SVG Images (`ui.svg`)
- `ENABLE_RENDER` : **true** : Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images.
2021-03-29 20:44:28 +00:00
### UI - CSV Files (`ui.csv`)
- `MAX_FILE_SIZE` : **524288** (512kb): Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
2017-11-26 21:44:32 +00:00
## Markdown (`markdown`)
2020-05-24 08:14:26 +00:00
- `ENABLE_HARD_LINE_BREAK_IN_COMMENTS` : **true** : Render soft line breaks as hard line breaks in comments, which
means a single newline character between paragraphs will cause a line break and adding
trailing whitespace to paragraphs is not necessary to force a line break.
- `ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS` : **false** : Render soft line breaks as hard line breaks in documents, which
2020-04-21 22:13:56 +00:00
means a single newline character between paragraphs will cause a line break and adding
trailing whitespace to paragraphs is not necessary to force a line break.
2019-10-15 02:39:55 +00:00
- `CUSTOM_URL_SCHEMES` : Use a comma separated list (ftp,git,svn) to indicate additional
URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
2023-05-19 15:17:07 +00:00
always displayed. If this entry is empty, all URL schemes are allowed
2023-04-26 15:22:54 +00:00
- `FILE_EXTENSIONS` : ** .md,.markdown,.mdown,.mkd,.livemd**: List of file extensions that should be rendered/edited as Markdown. Separate the extensions with a comma. To render files without any extension as markdown, just put a comma.
2022-09-13 16:33:37 +00:00
- `ENABLE_MATH` : **true** : Enables detection of `\(...\)` , `\[...\]` , `$...$` and `$$...$$` blocks as math blocks.
2017-11-26 21:44:32 +00:00
## Server (`server`)
2022-11-10 01:22:31 +00:00
- `APP_DATA_PATH` : **_`AppWorkPath`_/data** : This is the default root path for storing data.
2021-12-06 04:46:11 +00:00
- `PROTOCOL` : **http** : \[http, https, fcgi, http+unix, fcgi+unix\]
2022-08-21 18:20:43 +00:00
- `USE_PROXY_PROTOCOL` : **false** : Expect PROXY protocol headers on connections
- `PROXY_PROTOCOL_TLS_BRIDGING` : **false** : When protocol is https, expect PROXY protocol headers after TLS negotiation.
- `PROXY_PROTOCOL_HEADER_TIMEOUT` : **5s** : Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
- `PROXY_PROTOCOL_ACCEPT_UNKNOWN` : **false** : Accept PROXY protocol headers with Unknown type.
2018-01-08 22:48:42 +00:00
- `DOMAIN` : **localhost** : Domain name of this server.
2018-04-04 21:08:55 +00:00
- `ROOT_URL` : ** %(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
Overwrite the automatically generated public URL.
This is useful if the internal and the external URL don't match (e.g. in Docker).
2019-10-22 12:11:01 +00:00
- `STATIC_URL_PREFIX` : ** \<empty\>**:
Overwrite this option to request static resources from a different URL.
This includes CSS files, images, JS files and web fonts.
2021-11-28 13:28:30 +00:00
Avatar images are dynamic resources and still served by Gitea.
2019-10-22 12:11:01 +00:00
The option can be just a different path, as in `/static` , or another domain, as in `https://cdn.example.com` .
2022-11-20 20:14:03 +00:00
Requests are then made as `%(ROOT_URL)s/static/assets/css/index.css` or `https://cdn.example.com/assets/css/index.css` respectively.
2021-11-28 13:28:30 +00:00
The static files are located in the `public/` directory of the Gitea source repository.
2022-11-20 20:14:03 +00:00
You can proxy the STATIC_URL_PREFIX requests to Gitea server to serve the static
assets, or copy the manually built Gitea assets from `$GITEA_BUILD/public` to
the assets location, eg: `/var/www/assets` , make sure `$STATIC_URL_PREFIX/assets/css/index.css`
points to `/var/www/assets/css/index.css` .
2018-01-06 20:15:14 +00:00
- `HTTP_ADDR` : **0.0.0.0** : HTTP listen address.
2022-07-28 01:22:47 +00:00
- If `PROTOCOL` is set to `fcgi` , Gitea will listen for FastCGI requests on TCP socket
2018-01-08 22:48:42 +00:00
defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
2022-11-10 01:22:31 +00:00
- If `PROTOCOL` is set to `http+unix` or `fcgi+unix` , this should be the name of the Unix socket file to use. Relative paths will be made absolute against the _`AppWorkPath`_ .
2018-01-06 20:15:14 +00:00
- `HTTP_PORT` : **3000** : HTTP listen port.
2022-07-28 01:22:47 +00:00
- If `PROTOCOL` is set to `fcgi` , Gitea will listen for FastCGI requests on TCP socket
2018-01-08 22:48:42 +00:00
defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
- `UNIX_SOCKET_PERMISSION` : **666** : Permissions for the Unix socket.
2018-05-22 01:35:36 +00:00
- `LOCAL_ROOT_URL` : ** %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
(DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
most cases you do not need to change the default value. Alter it only if
your SSH server node is not the same as HTTP node. Do not set this variable
2021-12-06 04:46:11 +00:00
if `PROTOCOL` is set to `http+unix` .
2022-11-10 01:22:31 +00:00
- `LOCAL_USE_PROXY_PROTOCOL` : ** %(USE_PROXY_PROTOCOL)s**: When making local connections pass the PROXY protocol header.
2022-08-21 18:20:43 +00:00
This should be set to false if the local connection will go through the proxy.
2022-05-09 16:33:19 +00:00
- `PER_WRITE_TIMEOUT` : **30s** : Timeout for any write to the connection. (Set to -1 to
2021-06-10 21:25:25 +00:00
disable all timeouts.)
- `PER_WRITE_PER_KB_TIMEOUT` : **10s** : Timeout per Kb written to connections.
2020-10-01 06:57:57 +00:00
2018-01-08 22:48:42 +00:00
- `DISABLE_SSH` : **false** : Disable SSH feature when it's not available.
- `START_SSH_SERVER` : **false** : When enabled, use the built-in SSH server.
2022-08-21 18:20:43 +00:00
- `SSH_SERVER_USE_PROXY_PROTOCOL` : **false** : Expect PROXY protocol header on connections to the built-in SSH Server.
2020-10-01 06:57:57 +00:00
- `BUILTIN_SSH_SERVER_USER` : ** %(RUN_USER)s**: Username to use for the built-in SSH Server.
2022-11-10 01:22:31 +00:00
- `SSH_USER` : ** %(BUILTIN_SSH_SERVER_USER)s**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER` .
2018-01-08 22:48:42 +00:00
- `SSH_DOMAIN` : ** %(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
2018-01-06 20:15:14 +00:00
- `SSH_PORT` : **22** : SSH port displayed in clone URL.
2019-08-08 15:40:31 +00:00
- `SSH_LISTEN_HOST` : **0.0.0.0** : Listen address for the built-in SSH server.
2018-01-06 20:15:14 +00:00
- `SSH_LISTEN_PORT` : ** %(SSH\_PORT)s**: Port for the built-in SSH server.
2020-11-28 06:12:22 +00:00
- `SSH_ROOT_PATH` : ** ~/.ssh**: Root path of SSH directory.
2020-10-01 06:57:57 +00:00
- `SSH_CREATE_AUTHORIZED_KEYS_FILE` : **true** : Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
2020-10-19 19:25:32 +00:00
- `SSH_AUTHORIZED_KEYS_BACKUP` : **true** : Enable SSH Authorized Key Backup when rewriting all keys, default is true.
2020-10-11 00:38:09 +00:00
- `SSH_TRUSTED_USER_CA_KEYS` : ** \<empty\>**: Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. Multiple keys should be comma separated. E.g.`ssh-< algorithm > < key > ` or `ssh-<algorithm> <key1>, ssh-<algorithm> <key2>` . For more information see `TrustedUserCAKeys` in the sshd config man pages. When empty no file will be created and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` will default to `off` .
2021-11-28 13:28:30 +00:00
- `SSH_TRUSTED_USER_CA_KEYS_FILENAME` : ** `RUN_USER` /.ssh/gitea-trusted-user-ca-keys.pem**: Absolute path of the `TrustedUserCaKeys` file Gitea will manage. If you're running your own ssh server and you want to use the Gitea managed file you'll also need to modify your sshd_config to point to this file. The official docker image will automatically work without further configuration.
2020-10-11 00:38:09 +00:00
- `SSH_AUTHORIZED_PRINCIPALS_ALLOW` : **off** or **username, email** : \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
- `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE` : **false/true** : Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off` .
- `SSH_AUTHORIZED_PRINCIPALS_BACKUP` : **false/true** : Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off` .
2021-12-10 08:14:24 +00:00
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE` : ** {{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
2022-02-10 16:04:16 +00:00
- `SSH_SERVER_CIPHERS` : **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com** : For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
2022-03-16 01:59:53 +00:00
- `SSH_SERVER_KEY_EXCHANGES` : **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1** : For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
2022-02-10 16:04:16 +00:00
- `SSH_SERVER_MACS` : **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1** : For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
2021-03-08 02:43:59 +00:00
- `SSH_SERVER_HOST_KEYS` : **ssh/gitea.rsa, ssh/gogs.rsa** : For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub` . Relative paths are made absolute relative to the `APP_DATA_PATH` . If no key exists a 4096 bit RSA key will be created for you.
2020-10-01 06:57:57 +00:00
- `SSH_KEY_TEST_PATH` : ** /tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
2023-04-11 06:34:28 +00:00
- `SSH_KEYGEN_PATH` : ** \<empty\>**: Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
2020-10-01 06:57:57 +00:00
- `SSH_EXPOSE_ANONYMOUS` : **false** : Enable exposure of SSH clone URL to anonymous visitors, default is false.
2021-06-10 21:25:25 +00:00
- `SSH_PER_WRITE_TIMEOUT` : **30s** : Timeout for any write to the SSH connections. (Set to
2022-05-09 16:33:19 +00:00
-1 to disable all timeouts.)
2021-06-10 21:25:25 +00:00
- `SSH_PER_WRITE_PER_KB_TIMEOUT` : **10s** : Timeout per Kb written to SSH connections.
2020-10-09 06:52:57 +00:00
- `MINIMUM_KEY_SIZE_CHECK` : **true** : Indicate whether to check minimum key size with corresponding type.
2020-10-01 06:57:57 +00:00
2018-01-06 20:15:14 +00:00
- `OFFLINE_MODE` : **false** : Disables use of CDN for static files and Gravatar for profile pictures.
2022-08-10 17:37:15 +00:00
- `CERT_FILE` : **https/cert.pem** : Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true` . Paths are relative to `CUSTOM_PATH` .
- `KEY_FILE` : **https/key.pem** : Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true` . Paths are relative to `CUSTOM_PATH` .
2022-11-10 01:22:31 +00:00
- `STATIC_ROOT_PATH` : **_`StaticRootPath`_** : Upper level of template and static files path.
- `APP_DATA_PATH` : **data** (**/data/gitea** on docker): Default path for application data. Relative paths will be made absolute against _`AppWorkPath`_ .
2020-11-17 22:44:52 +00:00
- `STATIC_CACHE_TIME` : **6h** : Web browser cache time for static resources on `custom/` , `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
2020-12-24 04:25:17 +00:00
- `ENABLE_GZIP` : **false** : Enable gzip compression for runtime-generated content, static resources excluded.
2022-07-23 17:33:55 +00:00
- `ENABLE_PPROF` : **false** : Application profiling (memory and cpu). For "web" command it listens on `localhost:6060` . For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
2022-11-10 01:22:31 +00:00
- `PPROF_DATA_PATH` : **_`AppWorkPath`_/data/tmp/pprof** : `PPROF_DATA_PATH` , use an absolute path when you start Gitea as service
2022-04-05 17:30:07 +00:00
- `LANDING_PAGE` : **home** : Landing page for unauthenticated users \[home, explore, organizations, login, **custom** \]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
2021-12-24 03:56:57 +00:00
- `LFS_START_SERVER` : **false** : Enables Git LFS support.
2022-11-10 01:22:31 +00:00
- `LFS_CONTENT_PATH` : ** %(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]` .
2018-01-06 20:15:14 +00:00
- `LFS_JWT_SECRET` : ** \<empty\>**: LFS authentication secret, change this a unique string.
2023-05-10 14:23:47 +00:00
- `LFS_HTTP_AUTH_EXPIRY` : **24h** : LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
2020-02-28 04:46:57 +00:00
- `LFS_MAX_FILE_SIZE` : **0** : Maximum allowed LFS file size in bytes (Set to 0 for no limit).
2020-10-01 06:57:57 +00:00
- `LFS_LOCKS_PAGING_NUM` : **50** : Maximum number of LFS Locks returned per page.
2020-09-08 15:45:10 +00:00
2019-01-03 15:46:07 +00:00
- `REDIRECT_OTHER_PORT` : **false** : If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
2022-11-10 01:22:31 +00:00
- `REDIRECTOR_USE_PROXY_PROTOCOL` : ** %(USE_PROXY_PROTOCOL)s**: expect PROXY protocol header on connections to https redirector.
2019-01-03 15:46:07 +00:00
- `PORT_TO_REDIRECT` : **80** : Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
2021-11-20 06:12:43 +00:00
- `SSL_MIN_VERSION` : **TLSv1.2** : Set the minimum version of ssl support.
- `SSL_MAX_VERSION` : ** \<empty\>**: Set the maximum version of ssl support.
2022-01-09 11:53:03 +00:00
- `SSL_CURVE_PREFERENCES` : **X25519,P256** : Set the preferred curves,
2021-11-20 06:12:43 +00:00
- `SSL_CIPHER_SUITES` : **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305** : Set the preferred cipher suites.
2022-06-10 03:34:41 +00:00
- If there is no hardware support for AES suites, by default the ChaCha suites will be preferred over the AES suites.
- supported suites as of Go 1.18 are:
2021-11-20 06:12:43 +00:00
- TLS 1.0 - 1.2 cipher suites
- "rsa_with_rc4_128_sha"
- "rsa_with_3des_ede_cbc_sha"
- "rsa_with_aes_128_cbc_sha"
- "rsa_with_aes_256_cbc_sha"
- "rsa_with_aes_128_cbc_sha256"
- "rsa_with_aes_128_gcm_sha256"
- "rsa_with_aes_256_gcm_sha384"
- "ecdhe_ecdsa_with_rc4_128_sha"
- "ecdhe_ecdsa_with_aes_128_cbc_sha"
- "ecdhe_ecdsa_with_aes_256_cbc_sha"
- "ecdhe_rsa_with_rc4_128_sha"
- "ecdhe_rsa_with_3des_ede_cbc_sha"
- "ecdhe_rsa_with_aes_128_cbc_sha"
- "ecdhe_rsa_with_aes_256_cbc_sha"
- "ecdhe_ecdsa_with_aes_128_cbc_sha256"
- "ecdhe_rsa_with_aes_128_cbc_sha256"
- "ecdhe_rsa_with_aes_128_gcm_sha256"
- "ecdhe_ecdsa_with_aes_128_gcm_sha256"
- "ecdhe_rsa_with_aes_256_gcm_sha384"
- "ecdhe_ecdsa_with_aes_256_gcm_sha384"
- "ecdhe_rsa_with_chacha20_poly1305_sha256"
- "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
- TLS 1.3 cipher suites
- "aes_128_gcm_sha256"
- "aes_256_gcm_sha384"
- "chacha20_poly1305_sha256"
- Aliased names
- "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256"
- "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
2022-02-08 05:45:35 +00:00
- `ENABLE_ACME` : **false** : Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this gitea server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
- `ACME_URL` : ** \<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server ](https://github.com/smallstep/certificates ), it can look like `https://ca.example.com/acme/acme/directory` . If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
- `ACME_ACCEPTTOS` : **false** : This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service ](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ).
- `ACME_DIRECTORY` : **https** : Directory that the certificate manager will use to cache information such as certs and private keys.
- `ACME_EMAIL` : ** \<empty\>**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates.
- `ACME_CA_ROOT` : ** \<empty\>**: The CA's root certificate. If left empty, it defaults to using the system's trust chain.
2019-10-15 13:39:51 +00:00
- `ALLOW_GRACEFUL_RESTARTS` : **true** : Perform a graceful restart on SIGHUP
- `GRACEFUL_HAMMER_TIME` : **60s** : After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
2019-11-21 18:32:02 +00:00
- `STARTUP_TIMEOUT` : **0** : Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
2017-11-26 21:44:32 +00:00
## Database (`database`)
2018-01-08 22:48:42 +00:00
- `DB_TYPE` : **mysql** : The database type in use \[mysql, postgres, mssql, sqlite3\].
2019-08-12 21:52:11 +00:00
- `HOST` : **127.0.0.1:3306** : Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
2018-01-06 20:15:14 +00:00
- `NAME` : **gitea** : Database name.
- `USER` : **root** : Database username.
2020-10-15 09:48:00 +00:00
- `PASSWD` : ** \<empty\>**: Database user password. Use \`your password\` or """your password""" for quoting if you use special characters in the password.
2020-01-20 15:45:14 +00:00
- `SCHEMA` : ** \<empty\>**: For PostgreSQL only, schema to use if different from "public". The schema must exist beforehand,
2020-11-28 06:12:22 +00:00
the user must have creation privileges on it, and the user search path must be set to the look into the schema first
2020-01-20 15:45:14 +00:00
(e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;` ).
2020-03-28 03:24:12 +00:00
- `SSL_MODE` : **disable** : SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL.
- Valid values for MySQL:
2022-07-28 01:22:47 +00:00
- `true` : Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
- `false` : Disable TLS.
- `disable` : Alias for `false` , for compatibility with PostgreSQL.
- `skip-verify` : Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
- `prefer` : Enable TLS with fallback to non-TLS connection.
2020-03-28 03:24:12 +00:00
- Valid values for PostgreSQL:
2022-07-28 01:22:47 +00:00
- `disable` : Disable TLS.
- `require` : Enable TLS without any verifications.
- `verify-ca` : Enable TLS with verification of the database server certificate against its root certificate.
- `verify-full` : Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
2021-12-24 03:56:57 +00:00
- `SQLITE_TIMEOUT` : **500** : Query timeout for SQLite3 only.
2022-07-30 19:57:41 +00:00
- `SQLITE_JOURNAL_MODE` : ** ""**: Change journal mode for SQlite3. Can be used to enable [WAL mode ](https://www.sqlite.org/wal.html ) when high load causes write congestion. See [SQlite3 docs ](https://www.sqlite.org/pragma.html#pragma_journal_mode ) for possible values. Defaults to the default for the database file, often DELETE.
2020-10-01 06:57:57 +00:00
- `ITERATE_BUFFER_SIZE` : **50** : Internal buffer size for iterating.
2020-06-18 19:36:59 +00:00
- `CHARSET` : **utf8mb4** : For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
2018-01-06 20:15:14 +00:00
- `PATH` : **data/gitea.db** : For SQLite3 only, the database file path.
2018-03-30 14:49:46 +00:00
- `LOG_SQL` : **true** : Log the executed SQL.
2019-01-19 21:17:08 +00:00
- `DB_RETRIES` : **10** : How many ORM init / DB connect attempts allowed.
2021-07-08 11:38:13 +00:00
- `DB_RETRY_BACKOFF` : **3s** : time.Duration to wait before trying another ORM init / DB connect attempt, if failure occurred.
2019-10-21 21:20:47 +00:00
- `MAX_OPEN_CONNS` **0** : Database maximum open connections - default is 0, meaning there is no limit.
2021-07-08 11:38:13 +00:00
- `MAX_IDLE_CONNS` **2** : Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS` .
2019-10-21 21:20:47 +00:00
- `CONN_MAX_LIFETIME` **0 or 3s** : Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071 ).
2022-12-07 15:58:31 +00:00
- `AUTO_MIGRATION` **true** : Whether execute database models migrations automatically.
2020-11-28 06:12:22 +00:00
2019-10-21 21:20:47 +00:00
Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS` , `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
relation to port exhaustion.
2017-11-26 21:44:32 +00:00
2018-01-08 05:03:52 +00:00
## Indexer (`indexer`)
2023-03-29 02:23:23 +00:00
- `ISSUE_INDEXER_TYPE` : **bleve** : Issue indexer type, currently supported: `bleve` , `db` , `elasticsearch` or `meilisearch` .
- `ISSUE_INDEXER_CONN_STR` : ** **: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch, or meilisearch. i.e. http://elastic:changeme@localhost:9200
2020-02-13 06:06:17 +00:00
- `ISSUE_INDEXER_NAME` : **gitea_issues** : Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
2022-11-10 01:22:31 +00:00
- `ISSUE_INDEXER_PATH` : **indexers/issues.bleve** : Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_ .
2019-02-21 05:01:28 +00:00
2019-03-17 02:47:04 +00:00
- `REPO_INDEXER_ENABLED` : **false** : Enables code search (uses a lot of disk space, about 6 times more than the repository size).
2023-05-25 08:13:47 +00:00
- `REPO_INDEXER_REPO_TYPES` : **sources,forks,mirrors,templates** : Repo indexer units. The items to index could be `sources` , `forks` , `mirrors` , `templates` or any combination of them separated by a comma. If empty then it defaults to `sources` only, as if you'd like to disable fully please see `REPO_INDEXER_ENABLED` .
2020-08-30 16:08:01 +00:00
- `REPO_INDEXER_TYPE` : **bleve** : Code search engine type, could be `bleve` or `elasticsearch` .
2018-01-08 05:03:52 +00:00
- `REPO_INDEXER_PATH` : **indexers/repos.bleve** : Index file used for code search.
2020-08-30 16:08:01 +00:00
- `REPO_INDEXER_CONN_STR` : ** **: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
- `REPO_INDEXER_NAME` : **gitea_codes** : Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
2019-09-11 17:26:28 +00:00
- `REPO_INDEXER_INCLUDE` : **empty** : A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
- `REPO_INDEXER_EXCLUDE` : **empty** : A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE` .
2020-02-20 19:53:55 +00:00
- `REPO_INDEXER_EXCLUDE_VENDORED` : **true** : Exclude vendored files from index.
2018-02-08 02:10:36 +00:00
- `MAX_FILE_SIZE` : **1048576** : Maximum size in bytes of files to be indexed.
2022-05-09 16:33:19 +00:00
- `STARTUP_TIMEOUT` : **30s** : If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to -1 to never timeout.
2018-01-08 05:03:52 +00:00
2020-01-07 11:23:09 +00:00
## Queue (`queue` and `queue.*`)
2021-10-17 11:43:25 +00:00
Configuration at `[queue]` will set defaults for queues with overrides for individual queues at `[queue.*]` . (However see below.)
Rewrite queue (#24505)
# ⚠️ Breaking
Many deprecated queue config options are removed (actually, they should
have been removed in 1.18/1.19).
If you see the fatal message when starting Gitea: "Please update your
app.ini to remove deprecated config options", please follow the error
messages to remove these options from your app.ini.
Example:
```
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].ISSUE_INDEXER_QUEUE_TYPE`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [F] Please update your app.ini to remove deprecated config options
```
Many options in `[queue]` are are dropped, including:
`WRAP_IF_NECESSARY`, `MAX_ATTEMPTS`, `TIMEOUT`, `WORKERS`,
`BLOCK_TIMEOUT`, `BOOST_TIMEOUT`, `BOOST_WORKERS`, they can be removed
from app.ini.
# The problem
The old queue package has some legacy problems:
* complexity: I doubt few people could tell how it works.
* maintainability: Too many channels and mutex/cond are mixed together,
too many different structs/interfaces depends each other.
* stability: due to the complexity & maintainability, sometimes there
are strange bugs and difficult to debug, and some code doesn't have test
(indeed some code is difficult to test because a lot of things are mixed
together).
* general applicability: although it is called "queue", its behavior is
not a well-known queue.
* scalability: it doesn't seem easy to make it work with a cluster
without breaking its behaviors.
It came from some very old code to "avoid breaking", however, its
technical debt is too heavy now. It's a good time to introduce a better
"queue" package.
# The new queue package
It keeps using old config and concept as much as possible.
* It only contains two major kinds of concepts:
* The "base queue": channel, levelqueue, redis
* They have the same abstraction, the same interface, and they are
tested by the same testing code.
* The "WokerPoolQueue", it uses the "base queue" to provide "worker
pool" function, calls the "handler" to process the data in the base
queue.
* The new code doesn't do "PushBack"
* Think about a queue with many workers, the "PushBack" can't guarantee
the order for re-queued unhandled items, so in new code it just does
"normal push"
* The new code doesn't do "pause/resume"
* The "pause/resume" was designed to handle some handler's failure: eg:
document indexer (elasticsearch) is down
* If a queue is paused for long time, either the producers blocks or the
new items are dropped.
* The new code doesn't do such "pause/resume" trick, it's not a common
queue's behavior and it doesn't help much.
* If there are unhandled items, the "push" function just blocks for a
few seconds and then re-queue them and retry.
* The new code doesn't do "worker booster"
* Gitea's queue's handlers are light functions, the cost is only the
go-routine, so it doesn't make sense to "boost" them.
* The new code only use "max worker number" to limit the concurrent
workers.
* The new "Push" never blocks forever
* Instead of creating more and more blocking goroutines, return an error
is more friendly to the server and to the end user.
There are more details in code comments: eg: the "Flush" problem, the
strange "code.index" hanging problem, the "immediate" queue problem.
Almost ready for review.
TODO:
* [x] add some necessary comments during review
* [x] add some more tests if necessary
* [x] update documents and config options
* [x] test max worker / active worker
* [x] re-run the CI tasks to see whether any test is flaky
* [x] improve the `handleOldLengthConfiguration` to provide more
friendly messages
* [x] fine tune default config values (eg: length?)
## Code coverage:
![image](https://user-images.githubusercontent.com/2114189/236620635-55576955-f95d-4810-b12f-879026a3afdf.png)
2023-05-08 11:49:59 +00:00
- `TYPE` : **level** : General queue type, currently support: `level` (uses a LevelDB internally), `channel` , `redis` , `dummy` . Invalid types are treated as `level` .
- `DATADIR` : **queues/common** : Base DataDir for storing level queues. `DATADIR` for individual queues can be set in `queue.name` sections. Relative paths will be made absolute against `%(APP_DATA_PATH)s` .
- `LENGTH` : **100** : Maximal queue size before channel queues block
2020-01-07 11:23:09 +00:00
- `BATCH_LENGTH` : **20** : Batch data before passing to the handler
2023-05-15 05:45:48 +00:00
- `CONN_STR` : **redis://127.0.0.1:6379/0** : Connection string for the redis queue type. For `redis-cluster` use `redis+cluster://127.0.0.1:6379/0` . Options can be set using query params. Similarly, LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value** , and will override `DATADIR`
2021-07-08 11:38:13 +00:00
- `QUEUE_NAME` : **_queue** : The suffix for default redis and disk queue name. Individual queues will default to ** `name` **`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
Rewrite queue (#24505)
# ⚠️ Breaking
Many deprecated queue config options are removed (actually, they should
have been removed in 1.18/1.19).
If you see the fatal message when starting Gitea: "Please update your
app.ini to remove deprecated config options", please follow the error
messages to remove these options from your app.ini.
Example:
```
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].ISSUE_INDEXER_QUEUE_TYPE`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [E] Removed queue option: `[indexer].UPDATE_BUFFER_LEN`. Use new options in `[queue.issue_indexer]`
2023/05/06 19:39:22 [F] Please update your app.ini to remove deprecated config options
```
Many options in `[queue]` are are dropped, including:
`WRAP_IF_NECESSARY`, `MAX_ATTEMPTS`, `TIMEOUT`, `WORKERS`,
`BLOCK_TIMEOUT`, `BOOST_TIMEOUT`, `BOOST_WORKERS`, they can be removed
from app.ini.
# The problem
The old queue package has some legacy problems:
* complexity: I doubt few people could tell how it works.
* maintainability: Too many channels and mutex/cond are mixed together,
too many different structs/interfaces depends each other.
* stability: due to the complexity & maintainability, sometimes there
are strange bugs and difficult to debug, and some code doesn't have test
(indeed some code is difficult to test because a lot of things are mixed
together).
* general applicability: although it is called "queue", its behavior is
not a well-known queue.
* scalability: it doesn't seem easy to make it work with a cluster
without breaking its behaviors.
It came from some very old code to "avoid breaking", however, its
technical debt is too heavy now. It's a good time to introduce a better
"queue" package.
# The new queue package
It keeps using old config and concept as much as possible.
* It only contains two major kinds of concepts:
* The "base queue": channel, levelqueue, redis
* They have the same abstraction, the same interface, and they are
tested by the same testing code.
* The "WokerPoolQueue", it uses the "base queue" to provide "worker
pool" function, calls the "handler" to process the data in the base
queue.
* The new code doesn't do "PushBack"
* Think about a queue with many workers, the "PushBack" can't guarantee
the order for re-queued unhandled items, so in new code it just does
"normal push"
* The new code doesn't do "pause/resume"
* The "pause/resume" was designed to handle some handler's failure: eg:
document indexer (elasticsearch) is down
* If a queue is paused for long time, either the producers blocks or the
new items are dropped.
* The new code doesn't do such "pause/resume" trick, it's not a common
queue's behavior and it doesn't help much.
* If there are unhandled items, the "push" function just blocks for a
few seconds and then re-queue them and retry.
* The new code doesn't do "worker booster"
* Gitea's queue's handlers are light functions, the cost is only the
go-routine, so it doesn't make sense to "boost" them.
* The new code only use "max worker number" to limit the concurrent
workers.
* The new "Push" never blocks forever
* Instead of creating more and more blocking goroutines, return an error
is more friendly to the server and to the end user.
There are more details in code comments: eg: the "Flush" problem, the
strange "code.index" hanging problem, the "immediate" queue problem.
Almost ready for review.
TODO:
* [x] add some necessary comments during review
* [x] add some more tests if necessary
* [x] update documents and config options
* [x] test max worker / active worker
* [x] re-run the CI tasks to see whether any test is flaky
* [x] improve the `handleOldLengthConfiguration` to provide more
friendly messages
* [x] fine tune default config values (eg: length?)
## Code coverage:
![image](https://user-images.githubusercontent.com/2114189/236620635-55576955-f95d-4810-b12f-879026a3afdf.png)
2023-05-08 11:49:59 +00:00
- `SET_NAME` : **_unique** : The suffix that will be added to the default redis and disk queue `set` name for unique queues. Individual queues will default to ** `name` **`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section.
2020-01-07 11:23:09 +00:00
- `MAX_WORKERS` : **10** : Maximum number of worker go-routines for the queue.
2021-10-17 11:43:25 +00:00
Gitea creates the following non-unique queues:
- `code_indexer`
- `issue_indexer`
- `notification-service`
- `task`
- `mail`
- `push_update`
And the following unique queues:
- `repo_stats_update`
- `repo-archive`
- `mirror`
- `pr_patch_checker`
2019-08-29 14:05:42 +00:00
## Admin (`admin`)
2020-10-01 06:57:57 +00:00
2019-08-29 14:05:42 +00:00
- `DEFAULT_EMAIL_NOTIFICATIONS` : **enabled** : Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
2020-10-01 06:57:57 +00:00
- `DISABLE_REGULAR_ORG_CREATION` : **false** : Disallow regular (non-admin) users from creating organizations.
2019-08-29 14:05:42 +00:00
2017-11-26 21:44:32 +00:00
## Security (`security`)
2021-12-26 03:25:42 +00:00
- `INSTALL_LOCK` : **false** : Controls access to the installation page. When set to "true", the installation page is not accessible.
2022-10-01 17:26:33 +00:00
- `SECRET_KEY` : ** \<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
2023-05-24 08:29:44 +00:00
- `SECRET_KEY_URI` : ** \<empty\>**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key` ). It shouldn't be lost like SECRET_KEY.
2018-01-06 20:15:14 +00:00
- `LOGIN_REMEMBER_DAYS` : **7** : Cookie lifetime, in days.
- `COOKIE_USERNAME` : **gitea\_awesome** : Name of the cookie used to store the current username.
2018-01-08 22:48:42 +00:00
- `COOKIE_REMEMBER_NAME` : **gitea\_incredible** : Name of cookie used to store authentication
information.
- `REVERSE_PROXY_AUTHENTICATION_USER` : **X-WEBAUTH-USER** : Header name for reverse proxy
authentication.
2018-12-18 17:05:48 +00:00
- `REVERSE_PROXY_AUTHENTICATION_EMAIL` : **X-WEBAUTH-EMAIL** : Header name for reverse proxy
authentication provided email.
2022-08-16 06:30:27 +00:00
- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME` : **X-WEBAUTH-FULLNAME** : Header name for reverse proxy
authentication provided full name.
2021-03-15 22:27:28 +00:00
- `REVERSE_PROXY_LIMIT` : **1** : Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
Number of trusted proxy count. Set to zero to not use these headers.
- `REVERSE_PROXY_TRUSTED_PROXIES` : **127.0.0.0/8,::1/128** : List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
2021-12-24 03:56:57 +00:00
- `DISABLE_GIT_HOOKS` : **true** : Set to `false` to enable users with Git Hook privilege to create custom Git Hooks.
WARNING: Custom Git Hooks can be used to perform arbitrary code execution on the host operating system.
2020-10-07 09:55:13 +00:00
This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
By modifying the Gitea database, users can gain Gitea administrator privileges.
It also enables them to access other resources available to the user on the operating system that is running the
Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
This maybe harmful to you website or your operating system.
2022-01-31 14:12:47 +00:00
Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
2021-02-11 17:34:34 +00:00
- `DISABLE_WEBHOOKS` : **false** : Set to `true` to disable webhooks feature.
2021-11-28 13:28:30 +00:00
- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET` : **true** : Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately.
2018-11-05 02:21:56 +00:00
- `IMPORT_LOCAL_PATHS` : **false** : Set to `false` to prevent all users (including admin) from importing local path on server.
2019-06-18 02:52:03 +00:00
- `INTERNAL_TOKEN` : ** \<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
2023-05-24 08:29:44 +00:00
- `INTERNAL_TOKEN_URI` : ** \<empty\>**: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token` )
2023-02-19 07:35:20 +00:00
- `PASSWORD_HASH_ALGO` : **pbkdf2** : The hash algorithm to use \[argon2, pbkdf2, pbkdf2_v1, pbkdf2_hi, scrypt, bcrypt\], argon2 and scrypt will spend significant amounts of memory.
- Note: The default parameters for `pbkdf2` hashing have changed - the previous settings are available as `pbkdf2_v1` but are not recommended.
- The hash functions may be tuned by using `$` after the algorithm:
- `argon2$<time>$<memory>$<threads>$<key-length>`
- `bcrypt$<cost>`
- `pbkdf2$<iterations>$<key-length>`
- `scrypt$<n>$<r>$<p>$<key-length>`
- The defaults are:
- `argon2` : `argon2$2$65536$8$50`
- `bcrypt` : `bcrypt$10`
- `pbkdf2` : `pbkdf2$50000$50`
- `pbkdf2_v1` : `pbkdf2$10000$50`
- `pbkdf2_v2` : `pbkdf2$50000$50`
- `pbkdf2_hi` : `pbkdf2$320000$50`
- `scrypt` : `scrypt$65536$16$2$50`
- Adjusting the algorithm parameters using this functionality is done at your own risk.
2019-07-12 13:57:31 +00:00
- `CSRF_COOKIE_HTTP_ONLY` : **true** : Set false to allow JavaScript to read CSRF cookie.
2020-10-01 06:57:57 +00:00
- `MIN_PASSWORD_LENGTH` : **6** : Minimum password length for new users.
2020-08-21 22:42:23 +00:00
- `PASSWORD_COMPLEXITY` : **off** : Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
2022-07-28 01:22:47 +00:00
- lower - use one or more lower latin characters
- upper - use one or more upper latin characters
- digit - use one or more digits
- spec - use one or more special characters as ``!"#$%&'()*+,-./:; < =>?@[\\]^_`{|}~``
- off - do not check password complexity
2020-09-08 22:06:39 +00:00
- `PASSWORD_CHECK_PWN` : **false** : Check [HaveIBeenPwned ](https://haveibeenpwned.com/Passwords ) to see if a password has been exposed.
2022-03-29 08:27:37 +00:00
- `SUCCESSFUL_TOKENS_CACHE_SIZE` : **20** : Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
## Camo (`camo`)
- `ENABLED` : **false** : Enable media proxy, we support images only at the moment.
2023-05-24 08:29:44 +00:00
- `SERVER_URL` : ** \<empty\>**: URL of camo server, it **is required** if camo is enabled.
- `HMAC_KEY` : ** \<empty\>**: Provide the HMAC key for encoding URLs, it **is required** if camo is enabled.
2022-10-11 13:12:44 +00:00
- `ALLWAYS` : **false** : Set to true to use camo for both HTTP and HTTPS content, otherwise only non-HTTPS URLs are proxied
2017-11-26 21:44:32 +00:00
## OpenID (`openid`)
2018-01-06 20:15:14 +00:00
- `ENABLE_OPENID_SIGNIN` : **false** : Allow authentication in via OpenID.
- `ENABLE_OPENID_SIGNUP` : ** ! DISABLE\_REGISTRATION**: Allow registering via OpenID.
2018-01-08 22:48:42 +00:00
- `WHITELISTED_URIS` : ** \<empty\>**: If non-empty, list of POSIX regex patterns matching
OpenID URI's to permit.
- `BLACKLISTED_URIS` : ** \<empty\>**: If non-empty, list of POSIX regex patterns matching
OpenID URI's to block.
2017-11-26 21:44:32 +00:00
2021-04-14 12:02:12 +00:00
## OAuth2 Client (`oauth2_client`)
2022-07-28 01:22:47 +00:00
- `REGISTER_EMAIL_CONFIRM` : _[service]_ **REGISTER\_EMAIL\_CONFIRM** : Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
2021-04-14 12:02:12 +00:00
- `OPENID_CONNECT_SCOPES` : ** \<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
- `ENABLE_AUTO_REGISTRATION` : **false** : Automatically create user accounts for new oauth2 users.
- `USERNAME` : **nickname** : The source of the username for new oauth2 accounts:
2022-07-28 01:22:47 +00:00
- userid - use the userid / sub attribute
- nickname - use the nickname attribute
- email - use the username part of the email attribute
2021-04-14 12:02:12 +00:00
- `UPDATE_AVATAR` : **false** : Update avatar if available from oauth2 provider. Update will be performed on each login.
2021-05-07 14:15:16 +00:00
- `ACCOUNT_LINKING` : **login** : How to handle if an account / email already exists:
2022-07-28 01:22:47 +00:00
- disabled - show an error
- login - show an account linking login
- auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
2021-04-14 12:02:12 +00:00
2017-11-26 21:44:32 +00:00
## Service (`service`)
2018-01-06 20:15:14 +00:00
- `ACTIVE_CODE_LIVE_MINUTES` : **180** : Time limit (min) to confirm account/email registration.
2018-01-08 22:48:42 +00:00
- `RESET_PASSWD_CODE_LIVE_MINUTES` : **180** : Time limit (min) to confirm forgot password reset
process.
- `REGISTER_EMAIL_CONFIRM` : **false** : Enable this to ask for mail confirmation of registration.
Requires `Mailer` to be enabled.
2020-12-20 01:31:06 +00:00
- `REGISTER_MANUAL_CONFIRM` : **false** : Enable this to manually confirm new registrations.
Requires `REGISTER_EMAIL_CONFIRM` to be disabled.
2018-01-08 22:48:42 +00:00
- `DISABLE_REGISTRATION` : **false** : Disable registration, after which only admin can create
accounts for users.
2019-07-06 19:48:02 +00:00
- `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD` : **false** : Enable this to force externally created
accounts (via GitHub, OpenID Connect, etc) to create a password. Warning: enabling this will
decrease security, so you should only enable it if you know what you're doing.
2020-01-17 23:34:56 +00:00
- `REQUIRE_SIGNIN_VIEW` : **false** : Enable this to force users to log in to view any page or to use API.
2018-01-08 22:48:42 +00:00
- `ENABLE_NOTIFY_MAIL` : **false** : Enable this to send e-mail to watchers of a repository when
something happens, like creating issues. Requires `Mailer` to be enabled.
2019-10-19 14:27:15 +00:00
- `ENABLE_BASIC_AUTHENTICATION` : **true** : Disable this to disallow authenticaton using HTTP
BASIC and the user's password. Please note if you disable this you will not be able to access the
tokens API endpoints using a password. Further, this only disables BASIC authentication using the
password - not tokens or OAuth Basic.
2018-01-06 20:15:14 +00:00
- `ENABLE_REVERSE_PROXY_AUTHENTICATION` : **false** : Enable this to allow reverse proxy authentication.
2018-01-08 22:48:42 +00:00
- `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION` : **false** : Enable this to allow auto-registration
for reverse authentication.
2018-12-18 17:05:48 +00:00
- `ENABLE_REVERSE_PROXY_EMAIL` : **false** : Enable this to allow to auto-registration with a
provided email rather than a generated email.
2022-08-16 06:30:27 +00:00
- `ENABLE_REVERSE_PROXY_FULL_NAME` : **false** : Enable this to allow to auto-registration with a
provided full name for the user.
2018-07-05 04:13:05 +00:00
- `ENABLE_CAPTCHA` : **false** : Enable this to use captcha validation for registration.
2022-11-22 21:13:18 +00:00
- `REQUIRE_CAPTCHA_FOR_LOGIN` : **false** : Enable this to require captcha validation for login. You also must enable `ENABLE_CAPTCHA` .
2019-07-06 19:48:02 +00:00
- `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA` : **false** : Enable this to force captcha validation
2022-08-10 13:20:10 +00:00
even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA` .
2023-02-05 07:29:03 +00:00
- `CAPTCHA_TYPE` : **image** : \[image, recaptcha, hcaptcha, mcaptcha, cfturnstile\]
2018-09-05 02:47:45 +00:00
- `RECAPTCHA_SECRET` : ** ""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
- `RECAPTCHA_SITEKEY` : ** ""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
2019-05-02 13:09:39 +00:00
- `RECAPTCHA_URL` : **https://www.google.com/recaptcha/** : Set the recaptcha url - allows the use of recaptcha net.
2020-10-03 03:37:53 +00:00
- `HCAPTCHA_SECRET` : ** ""**: Sign up at https://www.hcaptcha.com/ to get a secret for hcaptcha.
- `HCAPTCHA_SITEKEY` : ** ""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
2022-08-10 13:20:10 +00:00
- `MCAPTCHA_SECRET` : ** ""**: Go to your mCaptcha instance to get a secret for mCaptcha.
- `MCAPTCHA_SITEKEY` : ** ""**: Go to your mCaptcha instance to get a sitekey for mCaptcha.
- `MCAPTCHA_URL` **https://demo.mcaptcha.org/** : Set the mCaptcha URL.
2023-02-05 07:29:03 +00:00
- `CF_TURNSTILE_SECRET` ** ""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a secret for cloudflare turnstile.
- `CF_TURNSTILE_SITEKEY` ** ""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a sitekey for cloudflare turnstile.
2020-10-01 06:57:57 +00:00
- `DEFAULT_KEEP_EMAIL_PRIVATE` : **false** : By default set users to keep their email address private.
- `DEFAULT_ALLOW_CREATE_ORGANIZATION` : **true** : Allow new users to create organizations by default.
2021-07-15 19:19:48 +00:00
- `DEFAULT_USER_IS_RESTRICTED` : **false** : Give new users restricted permissions by default
2019-02-18 16:00:27 +00:00
- `DEFAULT_ENABLE_DEPENDENCIES` : **true** : Enable this to have dependencies enabled by default.
Allow cross-repository dependencies on issues (#7901)
* in progress changes for #7405, added ability to add cross-repo dependencies
* removed unused repolink var
* fixed query that was breaking ci tests; fixed check in issue dependency add so that the id of the issue and dependency is checked rather than the indexes
* reverted removal of string in local files becasue these are done via crowdin, not updated manually
* removed 'Select("issue.*")' from getBlockedByDependencies and getBlockingDependencies based on comments in PR review
* changed getBlockedByDependencies and getBlockingDependencies to use a more xorm-like query, also updated the sidebar as a result
* simplified the getBlockingDependencies and getBlockedByDependencies methods; changed the sidebar to show the dependencies in a different format where you can see the name of the repository
* made some changes to the issue view in the dependencies (issue name on top, repo full name on separate line). Change view of issue in the dependency search results (also showing the full repo name on separate line)
* replace call to FindUserAccessibleRepoIDs with SearchRepositoryByName. The former was hardcoded to use isPrivate = false on the repo search, but this code needed it to be true. The SearchRepositoryByName method is used more in the code including on the user's dashboard
* some more tweaks to the layout of the issues when showing dependencies and in the search box when you add new dependencies
* added Name to the RepositoryMeta struct
* updated swagger doc
* fixed total count for link header on SearchIssues
* fixed indentation
* fixed aligment of remove icon on dependencies in issue sidebar
* removed unnecessary nil check (unnecessary because issue.loadRepo is called prior to this block)
* reverting .css change, somehow missed or forgot that less is used
* updated less file and generated css; updated sidebar template with styles to line up delete and issue index
* added ordering to the blocked by/depends on queries
* fixed sorting in issue dependency search and the depends on/blocks views to show issues from the current repo first, then by created date descending; added a "all cross repository dependencies" setting to allow this feature to be turned off, if turned off, the issue dependency search will work the way it did before (restricted to the current repository)
* re-applied my swagger changes after merge
* fixed split string condition in issue search
* changed ALLOW_CROSS_REPOSITORY_DEPENDENCIES description to sound more global than just the issue dependency search; returning 400 in the cross repo issue search api method if not enabled; fixed bug where the issue count did not respect the state parameter
* when adding a dependency to an issue, added a check to make sure the issue and dependency are in the same repo if cross repo dependencies is not enabled
* updated sortIssuesSession call in PullRequests, another commit moved this method from pull.go to pull_list.go so I had to re-apply my change here
* fixed incorrect setting of user id parameter in search repos call
2019-10-31 05:06:10 +00:00
- `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
2019-02-18 16:00:27 +00:00
- `ENABLE_USER_HEATMAP` : **true** : Enable this to display the heatmap on users profiles.
2020-10-01 06:57:57 +00:00
- `ENABLE_TIMETRACKING` : **true** : Enable Timetracking feature.
2021-07-23 13:05:37 +00:00
- `DEFAULT_ENABLE_TIMETRACKING` : **true** : Allow repositories to use timetracking by default.
2020-10-01 06:57:57 +00:00
- `DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME` : **true** : Only allow users with write permissions to track time.
2023-05-22 00:05:44 +00:00
- `EMAIL_DOMAIN_ALLOWLIST` : ** \<empty\>**: If non-empty, comma separated list of domain names that can only be used to register on this instance, wildcard is supported.
- `EMAIL_DOMAIN_BLOCKLIST` : ** \<empty\>**: If non-empty, comma separated list of domain names that cannot be used to register on this instance, wildcard is supported.
2019-01-19 23:22:47 +00:00
- `SHOW_REGISTRATION_BUTTON` : ** ! DISABLE\_REGISTRATION**: Show Registration Button
2019-12-15 14:20:08 +00:00
- `SHOW_MILESTONES_DASHBOARD_PAGE` : **true** Enable this to show the milestones dashboard page - a view of all the user's milestones
2019-02-18 16:00:27 +00:00
- `AUTO_WATCH_NEW_REPOS` : **true** : Enable this to let all organisation users watch new repos when they are created
2019-11-10 09:22:19 +00:00
- `AUTO_WATCH_ON_CHANGES` : **false** : Enable this to make users watch a repository after their first commit to it
2021-06-26 19:53:14 +00:00
- `DEFAULT_USER_VISIBILITY` : **public** : Set default visibility mode for users, either "public", "limited" or "private".
2021-07-08 11:38:13 +00:00
- `ALLOWED_USER_VISIBILITY_MODES` : **public,limited,private** : Set which visibility modes a user can have
2019-02-18 16:00:27 +00:00
- `DEFAULT_ORG_VISIBILITY` : **public** : Set default visibility mode for organisations, either "public", "limited" or "private".
2019-08-24 12:28:59 +00:00
- `DEFAULT_ORG_MEMBER_VISIBLE` : **false** True will make the membership of the users visible when added to the organisation.
2021-11-28 13:28:30 +00:00
- `ALLOW_ONLY_INTERNAL_REGISTRATION` : **false** Set to true to force registration only via Gitea.
2019-11-14 16:58:34 +00:00
- `ALLOW_ONLY_EXTERNAL_REGISTRATION` : **false** Set to true to force registration only using third-party services.
2021-12-24 03:56:57 +00:00
- `NO_REPLY_ADDRESS` : **noreply.DOMAIN** Value for the domain part of the user's email address in the Git log if user has set KeepEmailPrivate to true. DOMAIN resolves to the value in server.DOMAIN.
2019-12-14 04:14:43 +00:00
The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
2021-01-22 02:56:19 +00:00
- `USER_DELETE_WITH_COMMENTS_MAX_TIME` : **0** Minimum amount of time a user must exist before comments are kept when the user is deleted.
2021-06-25 22:38:27 +00:00
- `VALID_SITE_URL_SCHEMES` : **http, https** : Valid site url schemes for user profiles
2017-11-26 21:44:32 +00:00
2021-07-18 16:21:32 +00:00
### Service - Explore (`service.explore`)
2021-03-11 13:40:54 +00:00
- `REQUIRE_SIGNIN_VIEW` : **false** : Only allow signed in users to view the explore pages.
- `DISABLE_USERS_PAGE` : **false** : Disable the users explore page.
2020-10-01 06:57:57 +00:00
## SSH Minimum Key Sizes (`ssh.minimum_key_sizes`)
Define allowed algorithms and their minimum key length (use -1 to disable a type):
- `ED25519` : **256**
- `ECDSA` : **256**
2022-07-06 20:49:27 +00:00
- `RSA` : **2047** : We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
2020-10-09 06:52:57 +00:00
- `DSA` : ** -1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider
2020-10-01 06:57:57 +00:00
2017-11-26 21:44:32 +00:00
## Webhook (`webhook`)
2018-01-06 20:15:14 +00:00
- `QUEUE_LENGTH` : **1000** : Hook task queue length. Use caution when editing this value.
- `DELIVER_TIMEOUT` : **5** : Delivery timeout (sec) for shooting webhooks.
2022-08-10 17:37:15 +00:00
- `ALLOWED_HOST_LIST` : **external** : Webhook can only call allowed hosts for security reasons. Comma separated list.
2021-11-01 08:39:52 +00:00
- Built-in networks:
- `loopback` : 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
- `private` : RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
2022-06-15 10:08:49 +00:00
- `external` : A valid non-private unicast IP, you can access all hosts on public internet.
2021-11-01 08:39:52 +00:00
- `*` : All hosts are allowed.
- CIDR list: `1.2.3.0/8` for IPv4 and `2001:db8::/32` for IPv6
- Wildcard hosts: `*.mydomain.com` , `192.168.100.*`
2018-01-06 20:15:14 +00:00
- `SKIP_TLS_VERIFY` : **false** : Allow insecure certification.
- `PAGING_NUM` : **10** : Number of webhook history events that are shown in one page.
2021-08-18 13:10:39 +00:00
- `PROXY_URL` : ** \<empty\>**: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy. If not given, will use global proxy setting.
- `PROXY_HOSTS` : ** \<empty\>`**: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts. If not given, will use global proxy setting.
2017-11-26 21:44:32 +00:00
## Mailer (`mailer`)
2022-08-10 17:37:15 +00:00
⚠️ This section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
please refer to
[Gitea 1.17 app.ini example ](https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini )
and
[Gitea 1.17 configuration document ](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md )
2018-01-06 20:15:14 +00:00
- `ENABLED` : **false** : Enable to use a mail service.
2022-11-27 10:08:40 +00:00
- `PROTOCOL` : ** \<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED` ._
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 05:24:18 +00:00
- SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
- **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
- **dummy** Send email messages to the log as a testing phase.
- Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED` , `FROM` , `SUBJECT_PREFIX` and `SENDMAIL_PATH` .
- Enabling dummy will ignore all settings except `ENABLED` , `SUBJECT_PREFIX` and `FROM` .
- `SMTP_ADDR` : ** \<empty\>**: Mail server address. e.g. smtp.gmail.com. For smtp+unix, this should be a path to a unix socket instead. _Before 1.18, this was combined with `SMTP_PORT` under the name `HOST` ._
- `SMTP_PORT` : ** \<empty\>**: Mail server port. If no protocol is specified, it will be inferred by this setting. Common ports are listed below. _Before 1.18, this was combined with `SMTP_ADDR` under the name `HOST` ._
- 25: insecure SMTP
- 465: SMTP Secure
- 587: StartTLS
- `USE_CLIENT_CERT` : **false** : Use client certificate for TLS/SSL.
- `CLIENT_CERT_FILE` : **custom/mailer/cert.pem** : Client certificate file.
- `CLIENT_KEY_FILE` : **custom/mailer/key.pem** : Client key file.
- `FORCE_TRUST_SERVER_CERT` : **false** : If set to `true` , completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead.
2018-01-06 20:15:14 +00:00
- `USER` : ** \<empty\>**: Username of mailing user (usually the sender's e-mail address).
2018-01-27 18:35:49 +00:00
- `PASSWD` : ** \<empty\>**: Password of mailing user. Use \`your password\` for quoting if you use special characters in the password.
2023-03-23 15:18:24 +00:00
- Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS` ) or SMTP host is localhost. See [Email Setup ]({{< relref "doc/administration/email-setup.en-us.md" >}} ) for more information.
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 05:24:18 +00:00
- `ENABLE_HELO` : **true** : Enable HELO operation.
- `HELO_HOSTNAME` : ** (retrieved from system)**: HELO hostname.
- `FROM` : ** \<empty\>**: Mail from address, RFC 5322. This can be just an email address, or the "Name" \<email@example.com\> format.
- `ENVELOPE_FROM` : ** \<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
2019-04-17 04:56:40 +00:00
- `SUBJECT_PREFIX` : ** \<empty\>**: Prefix to be placed before e-mail subject lines.
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 05:24:18 +00:00
- `SENDMAIL_PATH` : **sendmail** : The location of sendmail on the operating system (can be command or full path).
- `SENDMAIL_ARGS` : ** \<empty\>**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--` )
2020-05-02 23:04:31 +00:00
- `SENDMAIL_TIMEOUT` : **5m** : default timeout for sending email through sendmail
2022-01-06 00:43:45 +00:00
- `SENDMAIL_CONVERT_CRLF` : **true** : Most versions of sendmail prefer LF line endings rather than CRLF line endings. Set this to false if your version of sendmail requires CRLF line endings.
2021-10-17 11:43:25 +00:00
- `SEND_BUFFER_LEN` : **100** : Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 05:24:18 +00:00
- `SEND_AS_PLAIN_TEXT` : **false** : Send mails only in plain text, without HTML alternative.
2017-11-26 21:44:32 +00:00
2023-01-14 15:57:10 +00:00
## Incoming Email (`email.incoming`)
- `ENABLED` : **false** : Enable handling of incoming emails.
- `REPLY_TO_ADDRESS` : ** \<empty\>**: The email address including the `%{token}` placeholder that will be replaced per user/action. Example: `incoming+%{token}@example.com` . The placeholder must appear in the user part of the address (before the `@` ).
- `HOST` : ** \<empty\>**: IMAP server host.
- `PORT` : ** \<empty\>**: IMAP server port.
- `USERNAME` : ** \<empty\>**: Username of the receiving account.
- `PASSWORD` : ** \<empty\>**: Password of the receiving account.
- `USE_TLS` : **false** : Whether the IMAP server uses TLS.
- `SKIP_TLS_VERIFY` : **false** : If set to `true` , completely ignores server certificate validation errors. This option is unsafe.
- `MAILBOX` : **INBOX** : The mailbox name where incoming mail will end up.
- `DELETE_HANDLED_MESSAGE` : **true** : Whether handled messages should be deleted from the mailbox.
- `MAXIMUM_MESSAGE_SIZE` : **10485760** : Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
2017-11-26 21:44:32 +00:00
## Cache (`cache`)
2020-02-01 19:11:32 +00:00
- `ENABLED` : **true** : Enable the cache.
2023-05-15 05:45:48 +00:00
- `ADAPTER` : **memory** : Cache engine adapter, either `memory` , `redis` , `redis-cluster` , `twoqueue` or `memcache` . (`twoqueue` represents a size limited LRU cache.)
2021-07-10 21:54:15 +00:00
- `INTERVAL` : **60** : Garbage Collection interval (sec), for memory and twoqueue cache only.
2023-05-15 05:45:48 +00:00
- `HOST` : ** \<empty\>**: Connection string for `redis` , `redis-cluster` and `memcache` . For `twoqueue` sets configuration for the queue.
2022-07-28 01:22:47 +00:00
- Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
2023-05-15 05:45:48 +00:00
- Redis-cluster `redis+cluster://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
2022-07-28 01:22:47 +00:00
- Memcache: `127.0.0.1:9090;127.0.0.1:9091`
- TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
2022-05-09 16:33:19 +00:00
- `ITEM_TTL` : **16h** : Time to keep items in cache if not used, Setting it to -1 disables caching.
2017-11-26 21:44:32 +00:00
2020-02-01 19:11:32 +00:00
## Cache - LastCommitCache settings (`cache.last_commit`)
- `ENABLED` : **true** : Enable the cache.
2022-05-09 16:33:19 +00:00
- `ITEM_TTL` : **8760h** : Time to keep items in cache if not used, Setting it to -1 disables caching.
2020-02-01 19:11:32 +00:00
- `COMMITS_COUNT` : **1000** : Only enable the cache when repository's commits count great than.
2017-11-26 21:44:32 +00:00
## Session (`session`)
2023-05-15 05:45:48 +00:00
- `PROVIDER` : **memory** : Session engine provider \[memory, file, redis, redis-cluster, db, mysql, couchbase, memcache, postgres\]. Setting `db` will reuse the configuration in `[database]`
2022-11-10 01:22:31 +00:00
- `PROVIDER_CONFIG` : **data/sessions** : For file, the root path; for db, empty (database config will be used); for others, the connection string. Relative paths will be made absolute against _`AppWorkPath`_ .
2018-01-06 20:15:14 +00:00
- `COOKIE_SECURE` : **false** : Enable this to force using HTTPS for all session access.
2018-01-08 22:48:42 +00:00
- `COOKIE_NAME` : **i\_like\_gitea** : The name of the cookie used for the session ID.
2018-01-06 20:15:14 +00:00
- `GC_INTERVAL_TIME` : **86400** : GC interval in seconds.
2020-09-28 20:39:54 +00:00
- `SESSION_LIFE_TIME` : **86400** : Session life time in seconds, default is 86400 (1 day)
2021-03-07 08:12:43 +00:00
- `DOMAIN` : ** \<empty\>**: Sets the cookie Domain
- `SAME_SITE` : **lax** \[strict, lax, none\]: Set the SameSite setting for the cookie.
2017-11-26 21:44:32 +00:00
## Picture (`picture`)
2018-01-08 22:48:42 +00:00
- `GRAVATAR_SOURCE` : **gravatar** : Can be `gravatar` , `duoshuo` or anything like
`http://cn.gravatar.com/avatar/` .
2023-01-02 23:54:27 +00:00
- `DISABLE_GRAVATAR` : **false** : Enable this to use local avatars only. **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
2018-01-08 22:48:42 +00:00
- `ENABLE_FEDERATED_AVATAR` : **false** : Enable support for federated avatars (see
2023-01-02 23:54:27 +00:00
[http://www.libravatar.org ](http://www.libravatar.org )). **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
2020-10-14 13:07:51 +00:00
- `AVATAR_STORAGE_TYPE` : **default** : Storage type defined in `[storage.xxx]` . Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local` .
2019-05-30 02:22:26 +00:00
- `AVATAR_UPLOAD_PATH` : **data/avatars** : Path to store user avatar image files.
2020-10-14 13:07:51 +00:00
- `AVATAR_MAX_WIDTH` : **4096** : Maximum avatar image width in pixels.
2023-05-13 18:59:11 +00:00
- `AVATAR_MAX_HEIGHT` : **4096** : Maximum avatar image height in pixels.
- `AVATAR_MAX_FILE_SIZE` : **1048576** (1MiB): Maximum avatar image file size in bytes.
- `AVATAR_MAX_ORIGIN_SIZE` : **262144** (256KiB): If the uploaded file is not larger than this byte size, the image will be used as is, without resizing/converting.
- `AVATAR_RENDERED_SIZE_FACTOR` : **2** : The multiplication factor for rendered avatar images. Larger values result in finer rendering on HiDPI devices.
2020-10-14 13:07:51 +00:00
- `REPOSITORY_AVATAR_STORAGE_TYPE` : **default** : Storage type defined in `[storage.xxx]` . Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local` .
2019-05-30 02:22:26 +00:00
- `REPOSITORY_AVATAR_UPLOAD_PATH` : **data/repo-avatars** : Path to store repository avatar image files.
2019-06-02 06:40:12 +00:00
- `REPOSITORY_AVATAR_FALLBACK` : **none** : How Gitea deals with missing repository avatars
- none = no avatar will be displayed
- random = random avatar will be generated
2020-10-14 13:07:51 +00:00
- image = default image will be used (which is set in `REPOSITORY_AVATAR_FALLBACK_IMAGE` )
2019-06-02 06:40:12 +00:00
- `REPOSITORY_AVATAR_FALLBACK_IMAGE` : ** /img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
2020-10-14 13:07:51 +00:00
2020-10-01 06:57:57 +00:00
## Project (`project`)
Default templates for project boards:
- `PROJECT_BOARD_BASIC_KANBAN_TYPE` : **To Do, In Progress, Done**
- `PROJECT_BOARD_BUG_TRIAGE_TYPE` : **Needs Triage, High Priority, Low Priority, Closed**
2020-10-05 05:49:33 +00:00
## Issue and pull request attachments (`attachment`)
2017-11-26 21:44:32 +00:00
2020-10-05 05:49:33 +00:00
- `ENABLED` : **true** : Whether issue and pull request attachments are enabled.
2023-03-19 19:58:43 +00:00
- `ALLOWED_TYPES` : ** .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*` , `video/*` ). Empty value or `*/*` allows all types.
2018-01-06 20:15:14 +00:00
- `MAX_SIZE` : **4** : Maximum size (MB).
- `MAX_FILES` : **5** : Maximum number of attachments that can be uploaded at once.
2020-09-29 09:05:13 +00:00
- `STORAGE_TYPE` : **local** : Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
2020-08-18 04:23:45 +00:00
- `SERVE_DIRECT` : **false** : Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
2020-09-29 09:05:13 +00:00
- `PATH` : **data/attachments** : Path to store attachments only available when STORAGE_TYPE is `local`
- `MINIO_ENDPOINT` : **localhost:9000** : Minio endpoint to connect only available when STORAGE_TYPE is `minio`
- `MINIO_ACCESS_KEY_ID` : Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
- `MINIO_SECRET_ACCESS_KEY` : Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
- `MINIO_BUCKET` : **gitea** : Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
- `MINIO_LOCATION` : **us-east-1** : Minio location to create bucket only available when STORAGE_TYPE is `minio`
- `MINIO_BASE_PATH` : **attachments/** : Minio base path on the bucket only available when STORAGE_TYPE is `minio`
- `MINIO_USE_SSL` : **false** : Minio enabled ssl only available when STORAGE_TYPE is `minio`
2023-02-27 16:26:13 +00:00
- `MINIO_INSECURE_SKIP_VERIFY` : **false** : Minio skip SSL verification available when STORAGE_TYPE is `minio`
2023-03-28 15:10:24 +00:00
- `MINIO_CHECKSUM_ALGORITHM` : **default** : Minio checksum algorithm: `default` (for MinIO or AWS S3) or `md5` (for Cloudflare or Backblaze)
2017-11-26 21:44:32 +00:00
## Log (`log`)
2018-01-06 20:15:14 +00:00
- `ROOT_PATH` : ** \<empty\>**: Root path for log files.
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- `MODE` : **console** : Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.writer-mode-name\]` .
2019-04-02 07:48:31 +00:00
- `LEVEL` : **Info** : General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- `STACKTRACE_LEVEL` : **None** : Default log level at which to log create stack traces (rarely useful, do not set it). \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
2022-01-20 11:41:25 +00:00
- `ENABLE_SSH_LOG` : **false** : save ssh log to log file
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- `logger.access.MODE` : ** \<empty\>**: The "access" logger
- `logger.router.MODE` : ** ,**: The "router" logger, a single comma means it will use the default MODE above
- `logger.xorm.MODE` : ** ,**: The "xorm" logger
2022-01-20 11:41:25 +00:00
### Access Log (`log`)
2022-07-28 01:22:47 +00:00
2023-04-13 13:14:06 +00:00
- `ACCESS_LOG_TEMPLATE` : ** `{{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"` **: Sets the template used to create the access log.
2019-04-02 07:48:31 +00:00
- The following variables are available:
2021-01-26 15:36:53 +00:00
- `Ctx` : the `context.Context` of the request.
2019-04-02 07:48:31 +00:00
- `Identity` : the SignedUserName or `"-"` if not logged in.
- `Start` : the start time of the request.
- `ResponseWriter` : the responseWriter from the request.
2023-03-10 15:54:32 +00:00
- `RequestID` : the value matching REQUEST_ID_HEADERS( default: `-` , if not matched) .
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- You must be very careful to ensure that this template does not throw errors or panics as this template runs outside the panic/recovery script.
2023-03-10 15:54:32 +00:00
- `REQUEST_ID_HEADERS` : ** \<empty\>**: You can configure multiple values that are splited by comma here. It will match in the order of configuration, and the first match will be finally printed in the access log.
- e.g.
- In the Request Header: X-Request-ID: **test-id-123**
- Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID
- Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "**test-id-123**" ...
2019-04-02 07:48:31 +00:00
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
### Log subsections (`log.<writer-mode-name>`)
2019-04-02 07:48:31 +00:00
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- `MODE` : **name** : Sets the mode of this log writer - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
- `LEVEL` : **log.LEVEL** : Sets the log-level of this writer. Defaults to the `LEVEL` set in the global `[log]` section.
2019-04-02 07:48:31 +00:00
- `STACKTRACE_LEVEL` : **log.STACKTRACE_LEVEL** : Sets the log level at which to log stack traces.
- `EXPRESSION` : ** ""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
2022-10-27 08:47:19 +00:00
- `FLAGS` : **stdflags** : A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message` . `none` means don't prefix log lines. See `modules/log/flags.go` for more information.
2019-04-02 07:48:31 +00:00
- `PREFIX` : ** ""**: An additional prefix for every log line in this logger. Defaults to empty.
2022-10-27 08:47:19 +00:00
- `COLORIZE` : **false** : Whether to colorize the log lines
2019-04-02 07:48:31 +00:00
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
### Console log mode (`log.console`, or `MODE=console`)
2019-04-02 07:48:31 +00:00
2019-05-15 21:37:06 +00:00
- For the console logger `COLORIZE` will default to `true` if not on windows or the terminal is determined to be able to color.
2019-04-02 07:48:31 +00:00
- `STDERR` : **false** : Use Stderr instead of Stdout.
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
### File log mode (`log.file`, or `MODE=file`)
2019-04-02 07:48:31 +00:00
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
- `FILE_NAME` : Set the file name for this logger. Defaults to `gitea.log` (exception: access log defaults to `access.log` ). If relative will be relative to the `ROOT_PATH`
2019-04-02 07:48:31 +00:00
- `LOG_ROTATE` : **true** : Rotate the log files.
- `MAX_SIZE_SHIFT` : **28** : Maximum size shift of a single file, 28 represents 256Mb.
- `DAILY_ROTATE` : **true** : Rotate logs daily.
- `MAX_DAYS` : **7** : Delete the log file after n days
- `COMPRESS` : **true** : Compress old log files by default with gzip
- `COMPRESSION_LEVEL` : ** -1**: Compression level
Rewrite logger system (#24726)
## ⚠️ Breaking
The `log.<mode>.<logger>` style config has been dropped. If you used it,
please check the new config manual & app.example.ini to make your
instance output logs as expected.
Although many legacy options still work, it's encouraged to upgrade to
the new options.
The SMTP logger is deleted because SMTP is not suitable to collect logs.
If you have manually configured Gitea log options, please confirm the
logger system works as expected after upgrading.
## Description
Close #12082 and maybe more log-related issues, resolve some related
FIXMEs in old code (which seems unfixable before)
Just like rewriting queue #24505 : make code maintainable, clear legacy
bugs, and add the ability to support more writers (eg: JSON, structured
log)
There is a new document (with examples): `logging-config.en-us.md`
This PR is safer than the queue rewriting, because it's just for
logging, it won't break other logic.
## The old problems
The logging system is quite old and difficult to maintain:
* Unclear concepts: Logger, NamedLogger, MultiChannelledLogger,
SubLogger, EventLogger, WriterLogger etc
* Some code is diffuclt to konw whether it is right:
`log.DelNamedLogger("console")` vs `log.DelNamedLogger(log.DEFAULT)` vs
`log.DelLogger("console")`
* The old system heavily depends on ini config system, it's difficult to
create new logger for different purpose, and it's very fragile.
* The "color" trick is difficult to use and read, many colors are
unnecessary, and in the future structured log could help
* It's difficult to add other log formats, eg: JSON format
* The log outputer doesn't have full control of its goroutine, it's
difficult to make outputer have advanced behaviors
* The logs could be lost in some cases: eg: no Fatal error when using
CLI.
* Config options are passed by JSON, which is quite fragile.
* INI package makes the KEY in `[log]` section visible in `[log.sub1]`
and `[log.sub1.subA]`, this behavior is quite fragile and would cause
more unclear problems, and there is no strong requirement to support
`log.<mode>.<logger>` syntax.
## The new design
See `logger.go` for documents.
## Screenshot
<details>
![image](https://github.com/go-gitea/gitea/assets/2114189/4462d713-ba39-41f5-bb08-de912e67e1ff)
![image](https://github.com/go-gitea/gitea/assets/2114189/b188035e-f691-428b-8b2d-ff7b2199b2f9)
![image](https://github.com/go-gitea/gitea/assets/2114189/132e9745-1c3b-4e00-9e0d-15eaea495dee)
</details>
## TODO
* [x] add some new tests
* [x] fix some tests
* [x] test some sub-commands (manually ....)
---------
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-21 22:35:11 +00:00
### Conn log mode (`log.conn`, or `MODE=conn`)
2019-04-02 07:48:31 +00:00
- `RECONNECT_ON_MSG` : **false** : Reconnect host for every single message.
- `RECONNECT` : **false** : Try to reconnect when connection is lost.
- `PROTOCOL` : **tcp** : Set the protocol, either "tcp", "unix" or "udp".
- `ADDR` : ** :7020**: Sets the address to connect to.
2017-11-26 21:44:32 +00:00
## Cron (`cron`)
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable to run all cron tasks periodically with default settings.
2018-01-06 20:15:14 +00:00
- `RUN_AT_START` : **false** : Run cron tasks at application start-up.
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2017-11-26 21:44:32 +00:00
2021-05-10 16:54:45 +00:00
- `SCHEDULE` accept formats
2022-07-28 01:22:47 +00:00
- Full crontab specs, e.g. `* * * * * ?`
- Descriptors, e.g. `@midnight` , `@every 1h30m` ...
2022-09-25 22:16:46 +00:00
- See more: [cron documentation ](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14 )
2021-05-10 16:54:45 +00:00
2020-10-22 18:02:28 +00:00
### Basic cron tasks - enabled by default
#### Cron - Cleanup old repository archives (`cron.archive_cleanup`)
2017-12-17 14:37:34 +00:00
2018-01-06 20:15:14 +00:00
- `ENABLED` : **true** : Enable service.
- `RUN_AT_START` : **true** : Run tasks at start up time (if ENABLED).
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight **: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2018-01-06 20:15:14 +00:00
- `OLDER_THAN` : **24h** : Archives created more than `OLDER_THAN` ago are subject to deletion, e.g. `12h` .
2017-12-17 14:37:34 +00:00
2020-10-22 18:02:28 +00:00
#### Cron - Update Mirrors (`cron.update_mirrors`)
2017-11-26 21:44:32 +00:00
2018-01-06 20:15:14 +00:00
- `SCHEDULE` : ** @every 10m**: Cron syntax for scheduling update mirrors, e.g. `@every 3h` .
2021-11-23 03:09:35 +00:00
- `PULL_LIMIT` : **50** : Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling pull mirror updating).
- `PUSH_LIMIT` : **50** : Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating).
2017-11-26 21:44:32 +00:00
2020-10-22 18:02:28 +00:00
#### Cron - Repository Health Check (`cron.repo_health_check`)
2017-11-26 21:44:32 +00:00
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight **: Cron syntax for scheduling repository health check.
2018-01-06 20:15:14 +00:00
- `TIMEOUT` : **60s** : Time duration syntax for health check execution timeout.
2018-12-04 22:40:42 +00:00
- `ARGS` : ** \<empty\>**: Arguments for command `git fsck` , e.g. `--unreachable --tags` . See more on http://git-scm.com/docs/git-fsck
2017-11-26 21:44:32 +00:00
2020-10-22 18:02:28 +00:00
#### Cron - Repository Statistics Check (`cron.check_repo_stats`)
2017-11-26 21:44:32 +00:00
2018-01-06 20:15:14 +00:00
- `RUN_AT_START` : **true** : Run repository statistics check at start time.
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight **: Cron syntax for scheduling repository statistics check.
2017-11-26 21:44:32 +00:00
2022-03-30 08:42:47 +00:00
#### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)
2021-01-26 21:02:42 +00:00
- `ENABLED` : **true** : Enable cleanup hook_task job.
- `RUN_AT_START` : **false** : Run cleanup hook_task at start time (if ENABLED).
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight **: Cron syntax for cleaning hook_task table.
2021-01-26 21:02:42 +00:00
- `CLEANUP_TYPE` **OlderThan** OlderThan or PerWebhook Method to cleanup hook_task, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
- `OLDER_THAN` : **168h** : If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
- `NUMBER_TO_KEEP` : **10** : If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
2022-03-30 08:42:47 +00:00
#### Cron - Cleanup expired packages (`cron.cleanup_packages`)
- `ENABLED` : **true** : Enable cleanup expired packages job.
- `RUN_AT_START` : **true** : Run job at start time (if ENABLED).
- `NOTICE_ON_SUCCESS` : **false** : Notify every time this job runs.
- `SCHEDULE` : ** @midnight **: Cron syntax for the job.
- `OLDER_THAN` : **24h** : Unreferenced package data created more than OLDER_THAN ago is subject to deletion.
2020-10-22 18:02:28 +00:00
#### Cron - Update Migration Poster ID (`cron.update_migration_poster_id`)
2019-10-14 06:10:42 +00:00
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight ** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
2019-10-14 06:10:42 +00:00
2020-10-22 18:02:28 +00:00
#### Cron - Sync External Users (`cron.sync_external_users`)
2020-10-01 06:57:57 +00:00
2021-07-15 15:55:48 +00:00
- `SCHEDULE` : ** @midnight ** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
2020-10-01 06:57:57 +00:00
- `UPDATE_EXISTING` : **true** : Create new users, update existing user data and disable users that are not in external source anymore (default) or only create new users if UPDATE_EXISTING is set to false.
2020-10-22 18:02:28 +00:00
### Extended cron tasks (not enabled by default)
2023-03-23 20:42:22 +00:00
#### Cron - Garbage collect all repositories (`cron.git_gc_repos`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
- `TIMEOUT` : **60s** : Time duration syntax for garbage collection execution timeout.
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `ARGS` : ** \<empty\>**: Arguments for command `git gc` , e.g. `--aggressive --auto` . The default value is same with [git] -> GC_ARGS
2023-03-23 20:42:22 +00:00
#### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys (`cron.resync_all_sshkeys`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2023-03-23 20:42:22 +00:00
#### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories (`cron.resync_all_hooks`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2023-03-23 20:42:22 +00:00
#### Cron - Reinitialize all missing Git repositories for which records exist (`cron.reinit_missing_repos`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2023-03-23 20:42:22 +00:00
#### Cron - Delete all repositories missing their Git files (`cron.delete_missing_repos`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2023-03-23 20:42:22 +00:00
#### Cron - Delete generated repository avatars (`cron.delete_generated_repository_avatars`)
2022-07-28 01:22:47 +00:00
2020-10-22 18:02:28 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2020-10-22 18:02:28 +00:00
- `SCHEDULE` : ** @every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h` .
2023-03-23 20:42:22 +00:00
#### Cron - Delete all old actions from database (`cron.delete_old_actions`)
2022-07-28 01:22:47 +00:00
2021-05-01 12:17:02 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
2022-03-26 21:13:04 +00:00
- `NOTICE_ON_SUCCESS` : **false** : Set to true to switch on success notices.
2021-10-16 06:14:34 +00:00
- `SCHEDULE` : ** @every 168h**: Cron syntax to set how often to check.
2023-05-13 15:22:31 +00:00
- `OLDER_THAN` : **8760h** : any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.
2021-05-01 12:17:02 +00:00
2023-03-23 20:42:22 +00:00
#### Cron - Check for new Gitea versions (`cron.update_checker`)
2022-07-28 01:22:47 +00:00
2022-12-11 22:08:01 +00:00
- `ENABLED` : **true** : Enable service.
2021-10-16 06:14:34 +00:00
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
- `ENABLE_SUCCESS_NOTICE` : **true** : Set to false to switch off success notices.
- `SCHEDULE` : ** @every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h` .
- `HTTP_ENDPOINT` : **https://dl.gitea.io/gitea/version.json** : the endpoint that Gitea will check for newer versions
2023-03-23 20:42:22 +00:00
#### Cron - Delete all old system notices from database (`cron.delete_old_system_notices`)
2022-07-28 01:22:47 +00:00
2022-03-28 12:54:59 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
- `NO_SUCCESS_NOTICE` : **false** : Set to true to switch off success notices.
- `SCHEDULE` : ** @every 168h**: Cron syntax to set how often to check.
2023-05-13 15:22:31 +00:00
- `OLDER_THAN` : **8760h** : any system notice older than this expression will be deleted from database.
2022-03-28 12:54:59 +00:00
2023-03-23 20:42:22 +00:00
#### Cron - Garbage collect LFS pointers in repositories (`cron.gc_lfs`)
2023-01-16 19:50:53 +00:00
- `ENABLED` : **false** : Enable service.
- `RUN_AT_START` : **false** : Run tasks at start up time (if ENABLED).
- `SCHEDULE` : ** @every 24h**: Cron syntax to set how often to check.
- `OLDER_THAN` : **168h** : Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
- `LAST_UPDATED_MORE_THAN_AGO` : **72h** : Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
- `NUMBER_TO_CHECK_PER_REPO` : **100** : Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
- `PROPORTION_TO_CHECK_PER_REPO` : **0.6** : Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
2017-11-26 21:44:32 +00:00
## Git (`git`)
2021-12-24 03:56:57 +00:00
- `PATH` : ** ""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
2022-11-10 01:22:31 +00:00
- `HOME_PATH` : ** %(APP_DATA_PATH)s/home**: The HOME directory for Git.
2022-07-28 01:22:47 +00:00
This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
2020-10-01 06:57:57 +00:00
- `DISABLE_DIFF_HIGHLIGHT` : **false** : Disables highlight of added and removed changes.
2021-03-11 05:09:30 +00:00
- `MAX_GIT_DIFF_LINES` : **1000** : Max number of lines allowed of a single file in diff view.
2018-01-06 20:15:14 +00:00
- `MAX_GIT_DIFF_LINE_CHARACTERS` : **5000** : Max character count per line highlighted in diff view.
- `MAX_GIT_DIFF_FILES` : **100** : Max number of files shown in diff view.
2021-01-19 04:07:38 +00:00
- `COMMITS_RANGE_SIZE` : **50** : Set the default commits range size
- `BRANCHES_RANGE_SIZE` : **20** : Set the default branches range size
2018-12-04 22:40:42 +00:00
- `GC_ARGS` : ** \<empty\>**: Arguments for command `git gc` , e.g. `--aggressive --auto` . See more on http://git-scm.com/docs/git-gc/
2022-08-02 10:25:26 +00:00
- `ENABLE_AUTO_GIT_WIRE_PROTOCOL` : **true** : If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1.
To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
2020-03-08 13:34:38 +00:00
- `PULL_REQUEST_PUSH_MESSAGE` : **true** : Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
2020-01-12 08:46:03 +00:00
- `VERBOSE_PUSH` : **true** : Print status information about pushes as they are being processed.
- `VERBOSE_PUSH_DELAY` : **5s** : Only print verbose information if push takes longer than this delay.
2021-06-30 20:58:45 +00:00
- `LARGE_OBJECT_THRESHOLD` : **1048576** : (Go-Git only), don't cache objects greater than this in memory. (Set to 0 to disable.)
2021-10-13 18:20:11 +00:00
- `DISABLE_CORE_PROTECT_NTFS` : **false** Set to true to forcibly set `core.protectNTFS` to false.
2022-01-06 05:38:38 +00:00
- `DISABLE_PARTIAL_CLONE` : **false** Disable the usage of using partial clones for git.
2023-05-23 16:30:19 +00:00
### Git - Timeout settings (`git.timeout`)
2022-07-28 01:22:47 +00:00
2023-01-10 21:00:42 +00:00
- `DEFAULT` : **360** : Git operations default timeout seconds.
2018-07-06 05:49:37 +00:00
- `MIGRATE` : **600** : Migrate external repositories timeout seconds.
- `MIRROR` : **300** : Mirror external repositories timeout seconds.
- `CLONE` : **300** : Git clone from internal repositories timeout seconds.
- `PULL` : **300** : Git pull from internal repositories timeout seconds.
- `GC` : **60** : Git repository GC timeout seconds.
2023-05-23 16:30:19 +00:00
### Git - Config options (`git.config`)
The key/value pairs in this section will be used as git config.
This section only does "set" config, a removed config key from this section won't be removed from git config automatically. The format is `some.configKey = value` .
- `diff.algorithm` : **histogram**
2023-05-28 01:07:14 +00:00
- `core.logAllRefUpdates` : **true**
- `gc.reflogExpire` : **90**
2023-05-23 16:30:19 +00:00
2018-11-05 03:20:00 +00:00
## Metrics (`metrics`)
2019-07-06 19:48:02 +00:00
- `ENABLED` : **false** : Enables /metrics endpoint for prometheus.
2021-10-05 18:39:37 +00:00
- `ENABLED_ISSUE_BY_LABEL` : **false** : Enable issue by label metrics with format `gitea_issues_by_label{label="bug"} 2` .
- `ENABLED_ISSUE_BY_REPOSITORY` : **false** : Enable issue by repository metrics with format `gitea_issues_by_repository{repository="org/repo"} 5` .
2018-11-05 03:20:00 +00:00
- `TOKEN` : ** \<empty\>**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file` .
2018-05-24 20:36:45 +00:00
## API (`api`)
2018-11-26 19:21:42 +00:00
2022-09-19 22:48:48 +00:00
- `ENABLE_SWAGGER` : **true** : Enables the API documentation endpoints (`/api/swagger`, `/api/v1/swagger` , …). True or false.
2018-09-05 02:47:45 +00:00
- `MAX_RESPONSE_ITEMS` : **50** : Max number of items in a page.
2019-04-17 16:06:35 +00:00
- `DEFAULT_PAGING_NUM` : **30** : Default paging number of API.
2021-12-24 03:56:57 +00:00
- `DEFAULT_GIT_TREES_PER_PAGE` : **1000** : Default and maximum number of items per page for Git trees API.
2022-09-19 22:48:48 +00:00
- `DEFAULT_MAX_BLOB_SIZE` : **10485760** (10MiB): Default max size of a blob that can be returned by the blobs API.
2018-05-24 20:36:45 +00:00
2019-03-08 16:42:50 +00:00
## OAuth2 (`oauth2`)
2019-05-22 01:48:34 +00:00
- `ENABLE` : **true** : Enables OAuth2 provider.
2019-03-08 16:42:50 +00:00
- `ACCESS_TOKEN_EXPIRATION_TIME` : **3600** : Lifetime of an OAuth2 access token in seconds
2020-08-29 20:02:38 +00:00
- `REFRESH_TOKEN_EXPIRATION_TIME` : **730** : Lifetime of an OAuth2 refresh token in hours
2020-10-01 06:57:57 +00:00
- `INVALIDATE_REFRESH_TOKENS` : **false** : Check if refresh token has already been used
2021-06-17 21:56:46 +00:00
- `JWT_SIGNING_ALGORITHM` : **RS256** : Algorithm used to sign OAuth2 tokens. Valid values: \[`HS256` , `HS384` , `HS512` , `RS256` , `RS384` , `RS512` , `ES256` , `ES384` , `ES512` \]
- `JWT_SECRET` : ** \<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this to a unique string. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `HS256` , `HS384` or `HS512` .
2021-06-23 14:56:25 +00:00
- `JWT_SIGNING_PRIVATE_KEY_FILE` : **jwt/private.pem** : Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH` . This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256` , `RS384` , `RS512` , `ES256` , `ES384` or `ES512` . The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
2020-04-22 22:47:23 +00:00
- `MAX_TOKEN_LENGTH` : **32767** : Maximum length of token/cookie to accept from OAuth2 provider
2019-03-08 16:42:50 +00:00
2018-05-24 18:07:02 +00:00
## i18n (`i18n`)
2022-06-27 19:50:30 +00:00
- `LANGS` : **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN** :
2022-04-03 09:46:48 +00:00
List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
2022-06-15 10:08:49 +00:00
- `NAMES` : **English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം** : Visible names corresponding to the locales
2018-05-24 18:07:02 +00:00
2018-01-08 22:48:42 +00:00
## Markup (`markup`)
2018-01-06 11:28:31 +00:00
2021-07-24 04:21:51 +00:00
- `MERMAID_MAX_SOURCE_CHARACTERS` : **5000** : Set the maximum size of a Mermaid source. (Set to -1 to disable)
2018-01-08 22:48:42 +00:00
Gitea can support Markup using external tools. The example below will add a markup named `asciidoc` .
2018-01-06 11:28:31 +00:00
```ini
[markup.asciidoc]
2019-11-20 06:17:14 +00:00
ENABLED = true
2021-04-13 07:06:31 +00:00
NEED_POSTPROCESS = true
2018-01-06 11:28:31 +00:00
FILE_EXTENSIONS = .adoc,.asciidoc
2023-05-25 01:24:05 +00:00
RENDER_COMMAND = "asciidoctor --embedded --safe-mode=secure --out-file=- -"
2018-01-06 11:28:31 +00:00
IS_INPUT_FILE = false
```
2019-11-20 06:17:14 +00:00
- ENABLED: **false** Enable markup support; set to **true** to enable this renderer.
2021-04-13 07:06:31 +00:00
- NEED\_POSTPROCESS: **true** set to **true** to replace links / sha1 and etc.
2018-01-08 22:48:42 +00:00
- FILE\_EXTENSIONS: ** \<empty\>** List of file extensions that should be rendered by an external
2021-07-08 11:38:13 +00:00
command. Multiple extensions needs a comma as splitter.
2018-01-08 22:48:42 +00:00
- RENDER\_COMMAND: External command to render all matching extensions.
- IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND` .
2022-06-16 03:33:23 +00:00
- RENDER_CONTENT_MODE: **sanitized** How the content will be rendered.
- sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in `[markup.sanitizer.*]` .
- no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
- iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
2018-01-06 11:28:31 +00:00
2018-10-30 14:34:12 +00:00
Two special environment variables are passed to the render command:
2022-07-28 01:22:47 +00:00
2018-10-30 14:34:12 +00:00
- `GITEA_PREFIX_SRC` , which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
- `GITEA_PREFIX_RAW` , which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
2022-06-16 03:33:23 +00:00
If `RENDER_CONTENT_MODE` is `sanitized` , Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
2019-12-07 19:49:04 +00:00
```ini
2020-04-29 11:34:59 +00:00
[markup.sanitizer.TeX]
2019-12-07 19:49:04 +00:00
; Pandoc renders TeX segments as < span > s with the "math" class, optionally
; with "inline" or "display" classes depending on context.
ELEMENT = span
ALLOW_ATTR = class
REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
2021-06-23 21:09:51 +00:00
ALLOW_DATA_URI_IMAGES = true
2019-12-07 19:49:04 +00:00
```
2022-07-28 01:22:47 +00:00
- `ELEMENT` : The element this policy applies to. Must be non-empty.
- `ALLOW_ATTR` : The attribute this policy allows. Must be non-empty.
- `REGEXP` : A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
- `ALLOW_DATA_URI_IMAGES` : **false** Allow data uri images (`< img src = "data:image/png;base64,..." /> `).
2019-12-07 19:49:04 +00:00
2020-04-29 11:34:59 +00:00
Multiple sanitisation rules can be defined by adding unique subsections, e.g. `[markup.sanitizer.TeX-2]` .
2021-06-23 21:09:51 +00:00
To apply a sanitisation rules only for a specify external renderer they must use the renderer name, e.g. `[markup.sanitizer.asciidoc.rule-1]` .
If the rule is defined above the renderer ini section or the name does not match a renderer it is applied to every renderer.
2019-12-07 19:49:04 +00:00
2021-11-17 20:37:00 +00:00
## Highlight Mappings (`highlight.mapping`)
- `file_extension e.g. .toml` : **language e.g. ini** . File extension to language mapping overrides.
- Gitea will highlight files using the `linguist-language` or `gitlab-language` attribute from the `.gitattributes` file
if available. If this is not set or the language is unavailable, the file extension will be looked up
in this mapping or the filetype using heuristics.
2019-08-15 14:46:21 +00:00
## Time (`time`)
2019-10-13 13:23:14 +00:00
2022-12-26 08:50:58 +00:00
- `DEFAULT_UI_LOCATION` : Default location of time on the UI, so that we can display correct user's time on UI. i.e. Asia/Shanghai
2019-08-15 14:46:21 +00:00
2019-10-13 13:23:14 +00:00
## Task (`task`)
2020-04-27 23:41:59 +00:00
Task queue configuration has been moved to `queue.task` . However, the below configuration values are kept for backwards compatibility:
2019-10-13 13:23:14 +00:00
- `QUEUE_TYPE` : **channel** : Task queue type, could be `channel` or `redis` .
- `QUEUE_LENGTH` : **1000** : Task queue length, available only when `QUEUE_TYPE` is `channel` .
2023-05-15 05:45:48 +00:00
- `QUEUE_CONN_STR` : **redis://127.0.0.1:6379/0** : Task queue connection string, available only when `QUEUE_TYPE` is `redis` . If redis needs a password, use `redis://123@127.0.0.1:6379/0` or `redis+cluster://123@127.0.0.1:6379/0` .
2019-10-13 13:23:14 +00:00
2019-11-16 08:30:06 +00:00
## Migrations (`migrations`)
- `MAX_ATTEMPTS` : **3** : Max attempts per http/https request on migrations.
- `RETRY_BACKOFF` : **3** : Backoff time per http/https request retry (seconds)
2022-06-18 19:23:06 +00:00
- `ALLOWED_DOMAINS` : ** \<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas. Wildcard is supported: `github.com, *.github.com` .
- `BLOCKED_DOMAINS` : ** \<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains. Wildcard is supported.
2022-07-13 01:07:16 +00:00
- `ALLOW_LOCALNETWORKS` : **false** : Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291. If a domain is allowed by `ALLOWED_DOMAINS` , this option will be ignored.
2021-08-18 13:10:39 +00:00
- `SKIP_TLS_VERIFY` : **false** : Allow skip tls verify
2019-11-16 08:30:06 +00:00
2021-09-27 23:38:06 +00:00
## Federation (`federation`)
2022-06-19 23:48:17 +00:00
- `ENABLED` : **false** : Enable/Disable federation capabilities
2022-05-02 13:35:45 +00:00
- `SHARE_USER_STATISTICS` : **true** : Enable/Disable user statistics for nodeinfo if federation is enabled
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 05:25:12 +00:00
- `MAX_SIZE` : **4** : Maximum federation request and response size (MB)
WARNING: Changing the settings below can break federation.
- `ALGORITHMS` : **rsa-sha256, rsa-sha512, ed25519** : HTTP signature algorithms
- `DIGEST_ALGORITHM` : **SHA-256** : HTTP signature digest algorithm
- `GET_HEADERS` : ** (request-target), Date**: GET headers for federation requests
- `POST_HEADERS` : ** (request-target), Date, Digest**: POST headers for federation requests
2021-09-27 23:38:06 +00:00
2022-03-30 08:42:47 +00:00
## Packages (`packages`)
- `ENABLED` : **true** : Enable/Disable package registry capabilities
- `CHUNKED_UPLOAD_PATH` : **tmp/package-upload** : Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
2022-11-30 00:41:29 +00:00
- `LIMIT_TOTAL_OWNER_COUNT` : ** -1**: Maximum count of package versions a single owner can have (`-1` means no limits)
- `LIMIT_TOTAL_OWNER_SIZE` : ** -1**: Maximum size of packages a single owner can use (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-05-12 17:27:50 +00:00
- `LIMIT_SIZE_ALPINE` : ** -1**: Maximum size of an Alpine upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-02-05 10:12:31 +00:00
- `LIMIT_SIZE_CARGO` : ** -1**: Maximum size of a Cargo upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-02-06 01:49:21 +00:00
- `LIMIT_SIZE_CHEF` : ** -1**: Maximum size of a Chef upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_COMPOSER` : ** -1**: Maximum size of a Composer upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_CONAN` : ** -1**: Maximum size of a Conan upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-02-01 18:30:39 +00:00
- `LIMIT_SIZE_CONDA` : ** -1**: Maximum size of a Conda upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_CONTAINER` : ** -1**: Maximum size of a Container upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-05-22 02:57:49 +00:00
- `LIMIT_SIZE_CRAN` : ** -1**: Maximum size of a CRAN upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-05-02 16:31:35 +00:00
- `LIMIT_SIZE_DEBIAN` : ** -1**: Maximum size of a Debian upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_GENERIC` : ** -1**: Maximum size of a Generic upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-05-14 15:38:40 +00:00
- `LIMIT_SIZE_GO` : ** -1**: Maximum size of a Go upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_HELM` : ** -1**: Maximum size of a Helm upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_MAVEN` : ** -1**: Maximum size of a Maven upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_NPM` : ** -1**: Maximum size of a npm upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_NUGET` : ** -1**: Maximum size of a NuGet upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_PUB` : ** -1**: Maximum size of a Pub upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
- `LIMIT_SIZE_PYPI` : ** -1**: Maximum size of a PyPI upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-05-05 20:33:37 +00:00
- `LIMIT_SIZE_RPM` : ** -1**: Maximum size of a RPM upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_RUBYGEMS` : ** -1**: Maximum size of a RubyGems upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2023-03-13 20:28:39 +00:00
- `LIMIT_SIZE_SWIFT` : ** -1**: Maximum size of a Swift upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-11-30 00:41:29 +00:00
- `LIMIT_SIZE_VAGRANT` : ** -1**: Maximum size of a Vagrant upload (`-1` means no limits, format `1000` , `1 MB` , `1 GiB` )
2022-03-30 08:42:47 +00:00
2020-10-01 06:57:57 +00:00
## Mirror (`mirror`)
2022-06-04 11:42:17 +00:00
- `ENABLED` : **true** : Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
2021-09-07 15:49:36 +00:00
- `DISABLE_NEW_PULL` : **false** : Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false` .
- `DISABLE_NEW_PUSH` : **false** : Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false` .
2020-10-01 06:57:57 +00:00
- `DEFAULT_INTERVAL` : **8h** : Default interval between each check
- `MIN_INTERVAL` : **10m** : Minimum interval for checking. (Must be >1m).
2020-09-29 09:05:13 +00:00
## LFS (`lfs`)
Storage configuration for lfs data. It will be derived from default `[storage]` or
2020-11-28 06:12:22 +00:00
`[storage.xxx]` when set `STORAGE_TYPE` to `xxx` . When derived, the default of `PATH`
2020-09-29 09:05:13 +00:00
is `data/lfs` and the default of `MINIO_BASE_PATH` is `lfs/` .
- `STORAGE_TYPE` : **local** : Storage type for lfs, `local` for local disk or `minio` for s3 compatible object storage service or other name defined with `[storage.xxx]`
- `SERVE_DIRECT` : **false** : Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
2021-03-04 17:01:44 +00:00
- `PATH` : ** ./data/lfs**: Where to store LFS files, only available when `STORAGE_TYPE` is `local` . If not set it fall back to deprecated LFS_CONTENT_PATH value in [server] section.
2020-09-29 09:05:13 +00:00
- `MINIO_ENDPOINT` : **localhost:9000** : Minio endpoint to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_ACCESS_KEY_ID` : Minio accessKeyID to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_SECRET_ACCESS_KEY` : Minio secretAccessKey to connect only available when `STORAGE_TYPE is` `minio`
- `MINIO_BUCKET` : **gitea** : Minio bucket to store the lfs only available when `STORAGE_TYPE` is `minio`
- `MINIO_LOCATION` : **us-east-1** : Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
- `MINIO_BASE_PATH` : **lfs/** : Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
- `MINIO_USE_SSL` : **false** : Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
2023-02-27 16:26:13 +00:00
- `MINIO_INSECURE_SKIP_VERIFY` : **false** : Minio skip SSL verification available when STORAGE_TYPE is `minio`
2020-09-29 09:05:13 +00:00
## Storage (`storage`)
Default storage configuration for attachments, lfs, avatars and etc.
- `SERVE_DIRECT` : **false** : Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
- `MINIO_ENDPOINT` : **localhost:9000** : Minio endpoint to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_ACCESS_KEY_ID` : Minio accessKeyID to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_SECRET_ACCESS_KEY` : Minio secretAccessKey to connect only available when `STORAGE_TYPE is` `minio`
- `MINIO_BUCKET` : **gitea** : Minio bucket to store the data only available when `STORAGE_TYPE` is `minio`
- `MINIO_LOCATION` : **us-east-1** : Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
- `MINIO_USE_SSL` : **false** : Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
2023-02-27 16:26:13 +00:00
- `MINIO_INSECURE_SKIP_VERIFY` : **false** : Minio skip SSL verification available when STORAGE_TYPE is `minio`
2020-09-29 09:05:13 +00:00
And you can also define a customize storage like below:
```ini
[storage.my_minio]
STORAGE_TYPE = minio
; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
MINIO_ENDPOINT = localhost:9000
; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
MINIO_ACCESS_KEY_ID =
; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
MINIO_SECRET_ACCESS_KEY =
; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
MINIO_BUCKET = gitea
; Minio location to create bucket only available when STORAGE_TYPE is `minio`
MINIO_LOCATION = us-east-1
; Minio enabled ssl only available when STORAGE_TYPE is `minio`
MINIO_USE_SSL = false
2023-02-27 16:26:13 +00:00
; Minio skip SSL verification available when STORAGE_TYPE is `minio`
MINIO_INSECURE_SKIP_VERIFY = false
2020-09-29 09:05:13 +00:00
```
And used by `[attachment]` , `[lfs]` and etc. as `STORAGE_TYPE` .
2021-06-23 21:12:38 +00:00
## Repository Archive Storage (`storage.repo-archive`)
Configuration for repository archive storage. It will inherit from default `[storage]` or
`[storage.xxx]` when set `STORAGE_TYPE` to `xxx` . The default of `PATH`
is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/` .
- `STORAGE_TYPE` : **local** : Storage type for repo archive, `local` for local disk or `minio` for s3 compatible object storage service or other name defined with `[storage.xxx]`
- `SERVE_DIRECT` : **false** : Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
- `PATH` : ** ./data/repo-archive**: Where to store archive files, only available when `STORAGE_TYPE` is `local` .
- `MINIO_ENDPOINT` : **localhost:9000** : Minio endpoint to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_ACCESS_KEY_ID` : Minio accessKeyID to connect only available when `STORAGE_TYPE` is `minio`
- `MINIO_SECRET_ACCESS_KEY` : Minio secretAccessKey to connect only available when `STORAGE_TYPE is` `minio`
- `MINIO_BUCKET` : **gitea** : Minio bucket to store the lfs only available when `STORAGE_TYPE` is `minio`
- `MINIO_LOCATION` : **us-east-1** : Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
- `MINIO_BASE_PATH` : **repo-archive/** : Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
- `MINIO_USE_SSL` : **false** : Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
2023-02-27 16:26:13 +00:00
- `MINIO_INSECURE_SKIP_VERIFY` : **false** : Minio skip SSL verification available when STORAGE_TYPE is `minio`
2021-06-23 21:12:38 +00:00
2021-08-18 13:10:39 +00:00
## Proxy (`proxy`)
- `PROXY_ENABLED` : **false** : Enable the proxy if true, all requests to external via HTTP will be affected, if false, no proxy will be used even environment http_proxy/https_proxy
- `PROXY_URL` : ** \<empty\>**: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
- `PROXY_HOSTS` : ** \<empty\>**: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
i.e.
2022-07-28 01:22:47 +00:00
2021-08-18 13:10:39 +00:00
```ini
PROXY_ENABLED = true
PROXY_URL = socks://127.0.0.1:1080
PROXY_HOSTS = *.github.com
```
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-31 01:45:19 +00:00
## Actions (`actions`)
- `ENABLED` : **false** : Enable/Disable actions capabilities
2023-02-23 17:19:52 +00:00
- `DEFAULT_ACTIONS_URL` : **https://gitea.com** : Default address to get action plugins, e.g. the default value means downloading from "< https: // gitea . com / actions / checkout > " for "uses: actions/checkout@v3"
Implement actions (#21937)
Close #13539.
Co-authored by: @lunny @appleboy @fuxiaohei and others.
Related projects:
- https://gitea.com/gitea/actions-proto-def
- https://gitea.com/gitea/actions-proto-go
- https://gitea.com/gitea/act
- https://gitea.com/gitea/act_runner
### Summary
The target of this PR is to bring a basic implementation of "Actions",
an internal CI/CD system of Gitea. That means even though it has been
merged, the state of the feature is **EXPERIMENTAL**, and please note
that:
- It is disabled by default;
- It shouldn't be used in a production environment currently;
- It shouldn't be used in a public Gitea instance currently;
- Breaking changes may be made before it's stable.
**Please comment on #13539 if you have any different product design
ideas**, all decisions reached there will be adopted here. But in this
PR, we don't talk about **naming, feature-creep or alternatives**.
### ⚠️ Breaking
`gitea-actions` will become a reserved user name. If a user with the
name already exists in the database, it is recommended to rename it.
### Some important reviews
- What is `DEFAULT_ACTIONS_URL` in `app.ini` for?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954
- Why the api for runners is not under the normal `/api/v1` prefix?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592
- Why DBFS?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178
- Why ignore events triggered by `gitea-actions` bot?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103
- Why there's no permission control for actions?
- https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868
### What it looks like
<details>
#### Manage runners
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png">
#### List runs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png">
#### View logs
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png">
</details>
### How to try it
<details>
#### 1. Start Gitea
Clone this branch and [install from
source](https://docs.gitea.io/en-us/install-from-source).
Add additional configurations in `app.ini` to enable Actions:
```ini
[actions]
ENABLED = true
```
Start it.
If all is well, you'll see the management page of runners:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png">
#### 2. Start runner
Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow
the
[README](https://gitea.com/gitea/act_runner/src/branch/main/README.md)
to start it.
If all is well, you'll see a new runner has been added:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png">
#### 3. Enable actions for a repo
Create a new repo or open an existing one, check the `Actions` checkbox
in settings and submit.
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png">
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png">
If all is well, you'll see a new tab "Actions":
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png">
#### 4. Upload workflow files
Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can
follow the [quickstart](https://docs.github.com/en/actions/quickstart)
of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions
in most cases, you can use the same demo:
```yaml
name: GitHub Actions Demo
run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
on: [push]
jobs:
Explore-GitHub-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
- name: Check out repository code
uses: actions/checkout@v3
- run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ github.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
```
If all is well, you'll see a new run in `Actions` tab:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png">
#### 5. Check the logs of jobs
Click a run and you'll see the logs:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png">
#### 6. Go on
You can try more examples in [the
documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
of GitHub Actions, then you might find a lot of bugs.
Come on, PRs are welcome.
</details>
See also: [Feature Preview: Gitea
Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/)
---------
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-31 01:45:19 +00:00
`DEFAULT_ACTIONS_URL` indicates where should we find the relative path action plugin. i.e. when use an action in a workflow file like
```yaml
name: versions
on:
push:
branches:
- main
- releases/*
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
```
Now we need to know how to get actions/checkout, this configuration is the default git server to get it. That means we will get the repository via git clone ${DEFAULT_ACTIONS_URL}/actions/checkout and fetch tag v3.
To help people who don't want to mirror these actions in their git instances, the default value is https://gitea.com
To help people run actions totally in their network, they can change the value and copy all necessary action repositories into their git server.
Of course we should support the form in future PRs like
```yaml
steps:
- uses: gitea.com/actions/checkout@v3
```
although Github don't support this form.
2017-11-26 21:44:32 +00:00
## Other (`other`)
2020-09-26 06:05:49 +00:00
- `SHOW_FOOTER_VERSION` : **true** : Show Gitea and Go version information in the footer.
2019-10-01 23:25:32 +00:00
- `SHOW_FOOTER_TEMPLATE_LOAD_TIME` : **true** : Show time of template execution in the footer.
2022-10-28 15:17:38 +00:00
- `ENABLE_SITEMAP` : **true** : Generate sitemap.
2022-11-21 05:14:58 +00:00
- `ENABLE_FEED` : **true** : Enable/Disable RSS/Atom feed.