Changes for page How to set up a gitea docker instance
Last modified by Alexandru Pentilescu on 2024/07/16 22:44
From version 17.1
edited by Alexandru Pentilescu
on 2024/07/16 22:27
on 2024/07/16 22:27
Change comment:
There is no comment for this version
To version 22.1
edited by Alexandru Pentilescu
on 2024/07/16 22:40
on 2024/07/16 22:40
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -238,4 +238,12 @@ 238 238 239 239 The script above will simply forward all incoming SSH connections that originally came to the host server and sends them to the docker container (specifically to localhost port 2200 which, according to the yaml file above, is mapped to port 22 inside the container). There, the container will run the command that was originally sent to the host machine inside of itself and return the result to the original outside client. 240 240 241 -You may be thinking "But how does the host SSH server know when to run this script to forward requests inside the container and when not to forward requests?". Basically, this is done via 241 +You may be thinking "But how does the host SSH server know when to run this script to forward requests inside the container and when not to forward requests?". Basically, this is done via the /home/git/.ssh/authorized_keys file. 242 + 243 +When we added all those public keys at [[this>>https://wiki.transistor.one/bin/view/Guides/How%20to%20set%20up%20a%20gitea%20docker%20instance/#HGenerateaproperpublic2FprivatekeypairforalltheaccountsthatneedtousegitviaSSHwith]] step, the Gitea webserver appended those public keys to the /home/git/.ssh/authorized_keys file that is already mapped into the container. Those keys are written with a special "command="/usr/local/bin/gitea {{{--config=/data/gitea/conf/app.ini serv key-9}}}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC...." prefix, which basically tells the SSH server running on the host that, whenever an SSH client that authenticates itself with a matching public key from this format, connects, then the command that this client sent us is saved in an SSH_ORIGINAL_COMMAND environment variable and the command after the "=" symbol gets automatically executed by the SSH server. In our case, this will run the "/usr/local/bin/gitea" shim script from the host machine which we already created in the previous step, which in turn will forward that command to inside the docker container to be ultimately handled. 244 + 245 +Of note is the fact that entries inside the "/home/git/.ssh/authorized_keys" file which don't start with the "command=" format that the Gitea web server saves its entries under, will simply login as normal via SSH. 246 + 247 += We're done = 248 + 249 +The server is officially running. Happy coding!