Add a step for binding IP address for listening on remote database (#12898)
* Add listen address configuration step * Fix numbering order Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
parent
95ff55991e
commit
b725c4ee53
|
@ -21,7 +21,12 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
## MySQL
|
## MySQL
|
||||||
|
|
||||||
1. On database instance, login to database console as root:
|
1. For remote database setup, you will need to make MySQL listen to your IP address. Edit `bind-address` option on `/etc/mysql/my.cnf` on database instance to:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
bind-address = 203.0.113.3
|
||||||
|
```
|
||||||
|
2. On database instance, login to database console as root:
|
||||||
|
|
||||||
```
|
```
|
||||||
mysql -u root -p
|
mysql -u root -p
|
||||||
|
@ -29,7 +34,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Enter the password as prompted.
|
Enter the password as prompted.
|
||||||
|
|
||||||
2. Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance.
|
3. Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance.
|
||||||
|
|
||||||
For local database:
|
For local database:
|
||||||
|
|
||||||
|
@ -49,7 +54,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Replace username and password above as appropriate.
|
Replace username and password above as appropriate.
|
||||||
|
|
||||||
3. Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond *Basic Multilingual Plane*. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.
|
4. Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond *Basic Multilingual Plane*. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
|
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
|
||||||
|
@ -57,7 +62,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Replace database name as appropriate.
|
Replace database name as appropriate.
|
||||||
|
|
||||||
4. Grant all privileges on the database to database user created above.
|
5. Grant all privileges on the database to database user created above.
|
||||||
|
|
||||||
For local database:
|
For local database:
|
||||||
|
|
||||||
|
@ -73,9 +78,9 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Quit from database console by `exit`.
|
6. Quit from database console by `exit`.
|
||||||
|
|
||||||
6. On your Gitea server, test connection to the database:
|
7. On your Gitea server, test connection to the database:
|
||||||
|
|
||||||
```
|
```
|
||||||
mysql -u gitea -h 203.0.113.3 -p giteadb
|
mysql -u gitea -h 203.0.113.3 -p giteadb
|
||||||
|
@ -87,7 +92,13 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
## PostgreSQL
|
## PostgreSQL
|
||||||
|
|
||||||
1. PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:
|
1. For remote database setup, configure PostgreSQL on database instance to listen to your IP address by editing `listen_addresses` on `postgresql.conf` to:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
listen_addresses = 'localhost, 203.0.113.3'
|
||||||
|
```
|
||||||
|
|
||||||
|
2. PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
password_encryption = scram-sha-256
|
password_encryption = scram-sha-256
|
||||||
|
@ -95,13 +106,13 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Restart PostgreSQL to apply the setting.
|
Restart PostgreSQL to apply the setting.
|
||||||
|
|
||||||
2. On the database server, login to the database console as superuser:
|
3. On the database server, login to the database console as superuser:
|
||||||
|
|
||||||
```
|
```
|
||||||
su -c "psql" - postgres
|
su -c "psql" - postgres
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:
|
4. Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
|
CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
|
||||||
|
@ -109,7 +120,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Replace username and password as appropriate.
|
Replace username and password as appropriate.
|
||||||
|
|
||||||
4. Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:
|
5. Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
|
CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
|
||||||
|
@ -117,7 +128,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Replace database name as appropriate.
|
Replace database name as appropriate.
|
||||||
|
|
||||||
5. Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.
|
6. Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.
|
||||||
|
|
||||||
For local database:
|
For local database:
|
||||||
|
|
||||||
|
@ -137,7 +148,7 @@ Note: All steps below requires that the database engine of your choice is instal
|
||||||
|
|
||||||
Restart PostgreSQL to apply new authentication rules.
|
Restart PostgreSQL to apply new authentication rules.
|
||||||
|
|
||||||
6. On your Gitea server, test connection to the database.
|
7. On your Gitea server, test connection to the database.
|
||||||
|
|
||||||
For local database:
|
For local database:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue