自架Git Server (GOGS)

這邊簡單紀錄一下rpi2上面架gogs + letsencrypt 簽證

gogs setup

1. adduser a git

2. download gogs binary

3. start once : ./gogs web

4. change custom/conf/app.ini, see: configuration_cheat_sheet

   [server]
   PROTOCOL = https
   DOMAIN       = myhost.example.com
   HTTP_PORT    = 3000
   ROOT_URL     = https://myhost.example.com:3000/
   DISABLE_SSH  = true
   ; Generate steps:
   ; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
   CERT_FILE = custom/https/cert.pem
   KEY_FILE = custom/https/key.pem
   
   [session]
   PROVIDER = memory ;less IO used
   

5. start by ./gogs web. Or

6. Adding Gogs to init.d

7. download script wget https://raw.githubusercontent.com/gogits/gogs/master/scripts/init/debian/gogs

8. Move the file to /etc/init.d and change WORKINGDIR=/home/git/gogs

   # move the files and update the system
   sudo mv /home/git/gogs.init /etc/init.d/gogs
   sudo chmod ug+x /etc/init.d/gogs
   sudo update-rc.d gogs defaults 30 70
   

9. Test your setup by running sudo service gogs start and visiting the URL for your site (ex. git.example.com)

letsencrypt setup

change following letsencrypt.tw to your domain!

1. see letsencrypt.tw

2. mkdir /home/git/letsencrypt/ && cd /home/git/letsencrypt/

3. download letsencrypt.sh, config, hook.sh

   wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/letsencrypt.sh
   wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/docs/examples/config
   wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/docs/examples/hook.sh
   

4. mkdir -p /home/git/letsencrypt/challenge/.well-known/acme-challenge and edit config WELLKNOWN="/home/git/letsencrypt/challenge/.well-known/acme-challenge"

5. edit domains.txt, add your domain.

6. start a simpe http file server with root dir at /home/git/letsencrypt/challenge/ :

   package main
   
   import (
       "fmt"
       "net/http"
       "flag"
   )
   
   var port = flag.String("p", ":80", "bind port")
   var dir = flag.String("d", "./challenge", "bind dir")
   func main() {
       flag.Parse()
       http.Handle("/", http.FileServer(http.Dir(*dir)))
       err := http.ListenAndServe(*port, nil)
       if err != nil {
           fmt.Println(err)
       }
   }
   
   

7. exec /home/git/letsencrypt/letsencrypt.sh -c -d letsencrypt.tw should output some like this:

   # INFO: Using main config file /home/git/letsencrypt/config
   Processing letsencrypt.tw
    + Signing domains...
    + Generating private key...
    + Generating signing request...
    + Requesting challenge for letsencrypt.tw...
    + Responding to challenge for letsencrypt.tw...
    + Challenge is valid!
    + Requesting certificate...
    + Checking certificate...
    + Done!
    + Creating fullchain.pem...
    + Done!
   

8. renew by this add to cron: 0 0 * * * root sleep $((($RANDOM * 2 + $RANDOM) % 86400)); ( /home/git/letsencrypt/letsencrypt.sh -c -d letsencrypt.tw && /usr/sbin/service gogs restart )

9. add to gogs:

   mkdir /home/git/gogs/custom/https/ && cd /home/git/gogs/custom/https/
   ln-s  /home/git/letsencrypt/certs/letsencrypt.tw/privkey.pem key.pem
   ln-s  /home/git/letsencrypt/certs/letsencrypt.tw/fullchain.pem cert.pem