Changes for page How to set up a gitea docker instance
Last modified by Alexandru Pentilescu on 2024/07/16 22:44
From version 22.1
edited by Alexandru Pentilescu
on 2024/07/16 22:40
on 2024/07/16 22:40
Change comment:
There is no comment for this version
To version 24.1
edited by Alexandru Pentilescu
on 2024/07/16 22:43
on 2024/07/16 22:43
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -240,8 +240,11 @@ 240 240 241 241 You may be thinking "But how does the host SSH server know when to run this script to forward requests inside the container and when not to forward requests?". Basically, this is done via the /home/git/.ssh/authorized_keys file. 242 242 243 -When we added all those public keys at [[this>>https://wiki.transistor.one/bin/view/Guides/How%20to%20set%20up%20a%20gitea%20docker%20instance/#HGenerateaproperpublic2FprivatekeypairforalltheaccountsthatneedtousegitviaSSHwith]] step, the Gitea webserver appended those public keys to the /home/git/.ssh/authorized_keys file that is already mapped into the container. Those keys are written with a special "command="/usr/local/bin/gitea {{{--config=/data/gitea/conf/app.ini serv key-9}}}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC...." prefix, which basically tells the SSH server running on the host that, whenever an SSH client that authenticates itself with a matching public key from this format, connects, then the command that this client sent us is saved in an SSH_ORIGINAL_COMMAND environment variable and the command after the "=" symbol gets automatically executed by the SSH server. In our case, this will run the "/usr/local/bin/gitea" shim script from the host machine which we already created in the previous step, which in turn will forward that command to inside the docker container to be ultimately handled.243 +When we added all those public keys at [[this>>https://wiki.transistor.one/bin/view/Guides/How%20to%20set%20up%20a%20gitea%20docker%20instance/#HGenerateaproperpublic2FprivatekeypairforalltheaccountsthatneedtousegitviaSSHwith]] step, the Gitea webserver appended those public keys to the /home/git/.ssh/authorized_keys file that is already mapped into the container. Those keys are written with a special 244 244 245 +{{code language="text"}}"command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-9",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC...." {{/code}} 246 +prefix, which basically tells the SSH server running on the host that, whenever an SSH client that authenticates itself with a matching public key from this format, connects, then the command that this client sent us is saved in an SSH_ORIGINAL_COMMAND environment variable and the command after the "=" symbol gets automatically executed by the SSH server. In our case, this will run the "/usr/local/bin/gitea" shim script from the host machine which we already created in the previous step, which in turn will forward that command to inside the docker container to be ultimately handled. 247 + 245 245 Of note is the fact that entries inside the "/home/git/.ssh/authorized_keys" file which don't start with the "command=" format that the Gitea web server saves its entries under, will simply login as normal via SSH. 246 246 247 247 = We're done =