(cherry picked from commit 12d7bc447edb272327200389c73bb04bb5fccc14)
(cherry picked from commit 1335b17fc35b8b873b94435fddcc23c5cdf0117e)
(cherry picked from commit 0d7da06c47ac3a7278602871b95234f823e11f1d)
(cherry picked from commit 095c1ab679bce39dbaa89e8a86eaeab8a9b823ad)
(cherry picked from commit 2220f00d09e2692d10e0d07f1e8ae2232a636a7d)
(cherry picked from commit f0be8bbdbfb758fd13f2f9325358ad292f6c030c)
(cherry picked from commit 15188180a15adb58bbde418018612561b68b6927)
(cherry picked from commit 96c471d7d36a24824835b254bf785689f898d715)
(cherry picked from commit 709052f1e79bbb0ee417f8001c9c0dbd03e78791)
(cherry picked from commit 98cd2f5deee05ae9be67250c85fc17e31eaaf28a)
(cherry picked from commit a1014654b13e338eaf35cd96d6115fe88459480f)
(cherry picked from commit a16f4dc51dce3f9d22cf899186fc61931a82f35e)
(cherry picked from commit abbed33d1699daa99620acdec5322846f562cb8d)
(cherry picked from commit 4871447def0794027227280059bdfa29cacc0a23)
(cherry picked from commit ea1218b237017fa3ca3e5204afd56a18e8336650)
(cherry picked from commit 6dd67d60de567e70a36524db940b8e88420251c0)
(cherry picked from commit 71761f04afff6d1552c5604fcf7f9b5a27cf01ba)
(cherry picked from commit 7cb28a3a06b1b665a6ac9d2687c79ef5ceed0dba)
(cherry picked from commit d116336cb5a2df68260fbec42b606fa35c27ba30)
(cherry picked from commit 4138a698b2744f504cc6e3590ab8b14753cb719d)
(cherry picked from commit 38c572bc1928fc138503a88b66aa8e6d1c06aa6e)
(cherry picked from commit 94c759b47f93dde23473d45eff2309dce5055d8a)
(cherry picked from commit e1f52bf1d5087df6c7905afc08a7cbada6854f7f)
(cherry picked from commit 8bc7000cfa7d0caa87f99c07543f36925fbe984b)
(cherry picked from commit fa60007c3464a8d7fc278df1f6d51fb40c6ed130)
(cherry picked from commit 0328db39c9a9359046aea0a422002a3072509345)
(cherry picked from commit d028010b64e9d12dc3698fadd8b6f017ea2762ef)
(cherry picked from commit 0283c920f01e8ec599613f8e28fa39157f698e4c)
(cherry picked from commit f5bdf3e11f93c508d03ce38d66550aadeb41abdd)
(cherry picked from commit e3beb523007fe87951a4e901596aaef965de0771)
(cherry picked from commit a63d5afc91a5c7f29969c5ed722c6718c1452e6d)
(cherry picked from commit 7d43e1a828139d20b5baafe1df706e11ed4d83a8)
(cherry picked from commit a551fbd0fa00231a886c101d5fe438b184c01b93)
(cherry picked from commit cdff0ddbb67237638d60ed5a6180670813ce24d0)
(cherry picked from commit f2462ab1d0d0bf70c9d6cec4408bb6f9a05a6019)
(cherry picked from commit 7231dcc0a7a16b8f1dc6a5a67e589cdf9ee310ed)
(cherry picked from commit 1cbe55f8329f5ec70aaef39d6c66551f555e0b96)
(cherry picked from commit 483d9534989bb6abdc65d87eed1f4806ea78f6eb)
(cherry picked from commit e0b863d2e9b983c77a63199a14c50e1724688c1e)
(cherry picked from commit 34dc719b4d55e87832f7dd38152d8503a9438ec0)
(cherry picked from commit 200f1ddec3129f8722265531817bf4489ef02f6e)
(cherry picked from commit 892435f00f6b22fa41bc572d58e1f3168677d3d2)
(cherry picked from commit 188d1d387a933812a88e58241ac8fe3ceb1a1d36)
(cherry picked from commit 8589533bfebf21233ca91a4b90d41532e34efad2)
(cherry picked from commit 8e7e83ffe59044e67f954f20bce3a5be901e7777)
(cherry picked from commit 4f86171d68d6a363d7c813cd8eb439ed656d3c6d)
(cherry picked from commit ece61fd4f649e48e14811ffc2e20deae487244b8)
(cherry picked from commit ff34eb0023be8e07e37cf63787bfc7187f9da3a6)
(cherry picked from commit 845b0ecc8cbea1a7985b7623c92237f1bbf5710c)
Set the correct permissions on the .ssh directory and authorized_keys
file, or sshd will refuse to use them and lead to clone/push/pull
failures.
It could happen when users have copied their data to a new volume and
changed the file permission by accident, and it would be very hard to
troubleshoot unless users know how to check the logs of sshd which is
started by s6.
Co-authored-by: Giteabot <teabot@gitea.io>
Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public
key algorithm, and recommend against its use.
http://www.openssh.com/legacy.html
## ⚠️ BREAKING ⚠️
This patch will remove DSA host key form OpenSSH daemon configuration
file.
Signed-off-by: baronbunny <its@baronbunny.cn>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Too many docker users are caught out by the default location for the
app.ini file being environment dependent so that when they docker exec
into the container the gitea commands do not work properly and require
additional -c arguments to correctly pick up the configuration.
This PR simply shadows the gitea binary using variants of the FHS
compatible script to make the command gitea have the default locations
by default.
Fix#14468
Reference #17497
Reference #12082
Reference #8941
... amongst others ...
Replace #17501
Signed-off-by: Andrew Thornton <art27@cantab.net>
Unforunately #16009 makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.
Fix#16044
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
A common bug report is the otherwise harmless sshd logging:
```
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
```
This PR simply checks if these files exist before creation of sshd_config and if
they do not exist, doesn't add a reference to them.
Fix#14110 amongst others.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add environment-to-app.ini routine
* Call environment-to-ini in docker setup scripts
* Automatically convert section vars to lower case to match documentation
* Remove git patch instructions
* Add env variable documentation to Install Docker
I think it's a bad default to have "dev" as the default run mode which
enables debugging and now also disables HTTP caching. It's better to
just default to a value suitable for general deployments.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable
and overwrites SSH_DOMAIN environment variable set the first time if nothing done
Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
* - rearrange the templates to make it more logical because now ssh_config is a template
- implemented the updating of the port to the same as the port sent to the gitea config
* change the filename back