TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
30cf7cca61bc338ff47ce0a8d5cda719816e1fea
Portainer/gitea/docker-compose.yml
Eduardo David Paredes Vara 30cf7cca61 Securing gitea api
2025-12-03 16:27:26 +00:00

127 lines
4.3 KiB
YAML
Raw Blame History

services:
postgres:
image: ${GITEA_POSTGRES_IMAGE}
container_name: gitea-postgres
restart: unless-stopped
environment:
POSTGRES_DB: ${GITEA_DB_NAME}
POSTGRES_USER: ${GITEA_DB_USER}
POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD}
TZ: ${TZ}
volumes:
- ${GITEA_POSTGRES_PATH}:/var/lib/postgresql/data:Z
networks:
- gitea
gitea:
image: ${GITEA_IMAGE}
container_name: gitea
restart: unless-stopped
depends_on:
- postgres
environment:
USER_UID: ${GITEA_USER_UID}
USER_GID: ${GITEA_USER_GID}
TZ: ${TZ}
# Base de datos
GITEA__database__DB_TYPE: ${GITEA_DB_TYPE}
GITEA__database__HOST: ${GITEA_DB_HOST}:${GITEA_DB_PORT}
GITEA__database__NAME: ${GITEA_DB_NAME}
GITEA__database__USER: ${GITEA_DB_USER}
GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
# URLs HTTP
GITEA__server__DOMAIN: ${GITEA_DOMAIN}
GITEA__server__ROOT_URL: ${GITEA_ROOT_URL}
GITEA__server__PROTOCOL: ${GITEA_SERVER_PROTOCOL}
GITEA__server__HTTP_PORT: ${GITEA_HTTP_PORT}
# SSH
GITEA__server__SSH_DOMAIN: ${GITEA_SSH_DOMAIN}
GITEA__server__SSH_PORT: ${GITEA_SSH_PORT}
GITEA__server__START_SSH_SERVER: ${GITEA_START_SSH_SERVER}
# Actions
GITEA__actions__ENABLED: ${GITEA_ACTIONS_ENABLED}
# Registro y visibilidad
GITEA__service__DISABLE_REGISTRATION: ${GITEA_DISABLE_REGISTRATION}
GITEA__service__REQUIRE_SIGNIN_VIEW: ${GITEA_REQUIRE_SIGNIN_VIEW}
GITEA__service__ENABLE_OPENID_SIGNUP: ${GITEA_ENABLE_OPENID_SIGNUP}
GITEA__service__ENABLE_OPENID_SIGNIN: ${GITEA_ENABLE_OPENID_SIGNIN}
GITEA__service__DISABLE_LOGIN_FORM: ${GITEA_DISABLE_LOGIN_FORM}
GITEA__service__HIDE_EMAIL_ADDRESS: ${GITEA_HIDE_EMAIL_ADDRESS}
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: ${GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION}
GITEA__service__DEFAULT_ORG_VISIBILITY: ${GITEA_DEFAULT_ORG_VISIBILITY}
GITEA__service__DEFAULT_VISIBILITY: ${GITEA_DEFAULT_VISIBILITY}
# UI Oscuro
GITEA__ui__DEFAULT_THEME: ${GITEA_DEFAULT_THEME}
GITEA__ui__THEMES: ${GITEA_UI_THEMES}
volumes:
- ${GITEA_DATA_PATH}:/data:Z
networks:
- gitea
- proxy
# Exponer SSH (contenedor y host mismo puerto)
ports:
- "${GITEA_SSH_PORT}:${GITEA_SSH_PORT}"
labels:
traefik.enable: "true"
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
traefik.http.services.gitea.loadbalancer.server.port: "${GITEA_HTTP_PORT}"
# Router principal (sin Authentik)
traefik.http.routers.gitea-main.rule: "Host(`${GITEA_DOMAIN}`)"
traefik.http.routers.gitea-main.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.gitea-main.tls: "true"
traefik.http.routers.gitea-main.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.gitea-main.priority: "10"
# Router login + explore + perfil TheHomelessSherlock (con Authentik)
traefik.http.routers.gitea-login.rule: >-
Host(`${GITEA_DOMAIN}`) &&
(Path(`/user/login`) ||
PathPrefix(`/user/sign_up`) ||
PathPrefix(`/user/forgot_password`) ||
PathPrefix(`/user/two_factor`) ||
PathPrefix(`/login/oauth`) ||
PathPrefix(`/explore`) ||
PathPrefix(`/api`) ||
PathPrefix(`/api/swagger`) ||
PathRegexp(`^/TheHomelessSherlock/?$`))
traefik.http.routers.gitea-login.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.gitea-login.tls: "true"
traefik.http.routers.gitea-login.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.gitea-login.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE}"
traefik.http.routers.gitea-login.priority: "20"
gitea-runner:
image: ${GITEA_RUNNER_IMAGE}
container_name: gitea-act-runner
restart: unless-stopped
depends_on:
- gitea
environment:
GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL}
GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
GITEA_RUNNER_NAME: ${GITEA_RUNNER_NAME}
GITEA_RUNNER_LABELS: ${GITEA_RUNNER_LABELS}
volumes:
- ${GITEA_RUNNER_DATA_PATH}:/data:Z
- /var/run/docker.sock:/var/run/docker.sock:Z
networks:
- gitea
networks:
gitea:
driver: bridge
proxy:
external: true
Reference in New Issue View Git Blame Copy Permalink