Raspberry Pi 3 Model A+ Setup Log

backup-by-rclone.md

Backup using Rclone

いるかのボックス: Raspberry PiのファイルをGoogleドライブにバックアップする

Install Rclone

$ curl https://rclone.org/install.sh | sudo bash
$ rclone version
rclone v1.51.0
- os/arch: linux/arm
- go version: go1.13.7

Configurate Rclone

$ rclone config
2020/04/25 08:29:49 NOTICE: Config file "/home/nahcnuj/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> gdrive
...
12 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
13 / Google Drive
   \ "drive"
...
Storage> drive
** See help for drive backend at: https://rclone.org/drive/ **

Google Application Client Id
Setting your own is recommended.
See https://rclone.org/drive/#making-your-own-client-id for how to create your own.

1. Open Google API Console
2. Create a new project (or open an existing project)
3. Click API とサービスを有効化
4. Click Google Drive API
5. Click 有効にする
6. Click 認証情報
7. Click 認証情報を作成
8. Click ウィザードで選択
9. Select その他の UI（Windows、CLI ツールなど） and アプリケーション データ
10. Click 必要な認証情報
11. Enter the following:
    • サービス アカウント名: backup (something you like)
    • ロール: Project > オーナー
    • サービス アカウント ID: backup (default)
    • キーのタイプ: JSON (recommended)
12. Click 次へ, download the JSON file
13. Click 同意画面を設定
14. Select 内部
15. Enter the following:
    • アプリケーション名: Rclone
16. Click スコープを追加
17. Select Google Drive API ../auth/drive Google ドライブのすべてのファイルの表示、編集、作成、削除
18. Click 追加
19. Click 保存
20. Go back 認証情報
21. Click 認証情報を作成
22. Click OAuth クライアント ID
23. Select その他
24. Enter Rclone as 名前

If you leave this blank, it will use an internal key which is low performance.
Enter a string value. Press Enter for the default ("").
client_id> 000000000000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
Google Application Client Secret
Setting your own is recommended.
Enter a string value. Press Enter for the default ("").
client_secret> XXXXXXXXXXXXXXXXXXXXXXXX
Scope that rclone should use when requesting access from drive.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
 1 / Full access all files, excluding Application Data Folder.
   \ "drive"
 2 / Read-only access to file metadata and file contents.
   \ "drive.readonly"
   / Access to files created by rclone only.
 3 | These are visible in the drive website.
   | File authorization is revoked when the user deauthorizes the app.
   \ "drive.file"
   / Allows read and write access to the Application Data folder.
 4 | This is not visible in the drive website.
   \ "drive.appfolder"
   / Allows read-only access to file metadata but
 5 | does not allow any access to read or download file content.
   \ "drive.metadata.readonly"
scope> 1
ID of the root folder
Leave blank normally.

Fill in to access "Computers" folders (see docs), or for rclone to use
a non root folder as its starting point.

Note that if this is blank, the first time rclone runs it will fill it
in with the ID of the root folder.

Enter a string value. Press Enter for the default ("").
root_folder_id> 
Service Account Credentials JSON file path 
Leave blank normally.
Needed only if you want use SA instead of interactive login.
Enter a string value. Press Enter for the default ("").
service_account_file> 
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n> n
Please go to the following link: <Click URL shown here>
Log in and authorize rclone for access
Enter verification code> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Configure this as a team drive?
y) Yes
n) No (default)
y/n> n
[gdrive]
type = drive
client_id = 000000000000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
client_secret = XXXXXXXXXXXXXXXXXXXXXXXX
scope = drive
token = ...
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:

Name                 Type
====                 ====
gdrive               drive

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q

Commands:

• rclone lsd gdrive:: show directories in root directory of Google Drive
• rclone ls gdrive:: show ALL files in Google Drive
• rclone mkdir gdrive:<DIR>: create a <DIR> directory to Google Drive
• rclone copy <FILE> gdrive:<DIR>: copy a <FILE> file to <DIR> in Google Drive
• rclone copy gdrive:<DIR> <DIR>: download the <DIR> directory in Google Drive to the local <DIR> directory

--dry-run can use to confirm

backup-gitea.md

Backup & Restore Gitea

Usage: Backup and Restore - Docs

Create a dump file of Gitea to backup

$ su gitea
gitea@nahcnuj:~$ gitea dump -c /etc/gitea/app.ini 
2020/04/25 10:31:06 ...dules/setting/git.go:91:newGit() [I] Git Version: 2.20.1, Wire Protocol Version 2 Enabled
gitea@nahcnuj:~$ ls
gitea-dump-1587778266.zip  gitea-repo

Restore from the backup

gitea@nahcnuj:~$ unzip gitea-dump-1587778266.zip 
Archive:  gitea-dump-1587778266.zip
  inflating: gitea-repo.zip          
  inflating: app.ini                 
   creating: log/
  inflating: log/gitea.log           
  inflating: gitea-db.sql
gitea@nahcnuj:~$ ls
app.ini  gitea-db.sql  gitea-dump-1587778266.zip  gitea-repo  gitea-repo.zip  log
gitea@nahcnuj:~$ cp app.ini /etc/gitea/app.ini
gitea@nahcnuj:~$ unzip -o gitea-repo.zip
gitea@nahcnuj:~$ sqlite3 /var/lib/gitea/data/gitea.db <gitea-db.sql
gitea@nahcnuj:~$ exit
$ sudo systemctl restart gitea

Create a Cron job

Create a shell script /etc/cron.d/backup-gitea.sh:

#!/bin/sh -e

BACKUP_TO="gdrive:backups/gitea-nahcnuj-local"
DUMPDIR="/var/backups/gitea"
DUMPFILE="${DUMPDIR}/gitea-dump-$(date '+%Y%m%d-%H%M%S').zip"

if [ ! -d ${DUMPDIR} ]; then
        mkdir -p ${DUMPDIR}
        chown -R gitea:gitea ${DUMPDIR}
fi

su gitea -c "gitea dump -c /etc/gitea/app.ini -f ${DUMPFILE}"
rclone copy "${DUMPFILE}" "${BACKUP_TO}"
ls -1d ${DUMPDIR}/* | grep -v "^${DUMPFILE}\$" | xargs rm

Note that Cron does not execute the file including any dots in its name, which is placed in /etc/cron.d directory.

initial-setup.md

Raspberry Pi 3 Model A+ Set Up

Burn the disk image to SD card

1. Download the img file of Raspbian Buster Lite (Minimal image based on Debian Buster) from https://www.raspberrypi.org/downloads/raspbian/
2. Burn it to SD card with Raspberry Pi Imager, which is available from https://www.raspberrypi.org/downloads/

Wi-fi configuration

• sudo raspi-config
  1. 2 Network Options
  2. M2 Wi-fi
  3. JP Japan
  4. Enter SSID and its key

$ ifconfig
io: flags=...
wlan0: flags=...
        inet 192.168....

Keyboard setting

1. 4 Localisation Options
2. I1 Change Locale
   1. My locale: ja_JP.UTF-8 UTF-8
   2. Default locale: en_GB.UTF-8
3. I2 Change Timezone
   1. Asia
   2. Tokyo
4. I3 Change Keyboard Layout
   1. Generic 105-key(Intl) PC
   2. Other
   3. Japanese
   4. Japanese - Japanese (OADG 109A)
   5. The default for the keyboard layout
   6. No compose key

Enable mDNS on Windows 10

Bonjour for Windows不要！Windows10マシンに".local"でアクセスしよう！ - もぐてっく

Allow mDNS port 5353/UDP on Windows:

1. Windows Defender ファイアウォール
2. 詳細設定
3. 受信の規則 (right click)
4. 新しい規則
5. ポート
6. Select and enter following
   • TCP or UDP: UDP
   • 特定のローカルポート: 5353
7. 接続を許可する
8. Select item(s) you want
   • ドメイン
   • プライベート
   • パブリック
9. Enter the name
10. Reboot

On Windows:

C:\Users\user>ping raspberrypi.local

raspberrypi.local [fe80::69eb:99b2:1193:cf1a%16]に ping を送信しています 32 バイトのデータ:
fe80::69eb:99b2:1193:cf1a%16 からの応答: 時間 =2ms
fe80::69eb:99b2:1193:cf1a%16 からの応答: 時間 =2ms
fe80::69eb:99b2:1193:cf1a%16 からの応答: 時間 =2ms
fe80::69eb:99b2:1193:cf1a%16 からの応答: 時間 =2ms

fe80::69eb:99b2:1193:cf1a%16 の ping 統計:
    パケット数: 送信 = 4、受信 = 4、損失 = 0 (0% の損失)、
ラウンド トリップの概算時間 (ミリ秒):
    最小 = 2ms、最大 = 2ms、平均 = 2ms

C:\Users\user>ping -4 raspberrypi.local

raspberrypi.local [192.168.0.13]に ping を送信しています 32 バイトのデータ:
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =3ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64

192.168.0.13 の ping 統計:
    パケット数: 送信 = 4、受信 = 4、損失 = 0 (0% の損失)、
ラウンド トリップの概算時間 (ミリ秒):
    最小 = 2ms、最大 = 3ms、平均 = 2ms

Congrats!

By the way, on Windows Subsystems for Linux (WSL)...

user@DESKTOP-8PA9IIL /mnt/c/Users/user 
$ ping raspberrypi
ping: raspberrypi: Name or service not known
user@DESKTOP-8PA9IIL /mnt/c/Users/user 
$ ping raspberrypi.local
ping: raspberrypi.local: Name or service not known

The hostname can be resolved by using PowerShell command: WSL1 (Windows Subsystem for Linux) で mDNS な `.local` アドレスを解決する - Qiita

user@DESKTOP-8PA9IIL /mnt/c/Users/user 
$ powershell.exe "Resolve-DnsName raspberrypi"

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
raspberrypi.local                              AAAA   120   Answer     fe80::69eb:99b2:1193:cf1a
raspberrypi.local                              A      120   Answer     192.168.0.13

Change (local) hostname

On Raspi:

$ hostnamectl status
   Static hostname: raspberrypi
         Icon name: computer
        Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
           Boot ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Operating System: Raspbian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.97-v7+
      Architecture: arm
$ sudo su
# hostnamectl set-hostname nahcnuj
# exit
$ hostnamectl status
   Static hostname: nahcnuj
         Icon name: computer
        Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
           Boot ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Operating System: Raspbian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.97-v7+
      Architecture: arm
$ ping nahcnuj.local

On Windows:

C:\Users\user>ping -4 nahcnuj

nahcnuj.local [192.168.0.13]に ping を送信しています 32 バイトのデータ:
192.168.0.13 からの応答: バイト数 =32 時間 =3ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =3ms TTL=64

192.168.0.13 の ping 統計:
    パケット数: 送信 = 2、受信 = 2、損失 = 0 (0% の損失)、
ラウンド トリップの概算時間 (ミリ秒):
    最小 = 3ms、最大 = 3ms、平均 = 3ms
Ctrl+C
^C
C:\Users\user>ping -4 nahcnuj.local

nahcnuj.local [192.168.0.13]に ping を送信しています 32 バイトのデータ:
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =3ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64
192.168.0.13 からの応答: バイト数 =32 時間 =2ms TTL=64

192.168.0.13 の ping 統計:
    パケット数: 送信 = 4、受信 = 4、損失 = 0 (0% の損失)、
ラウンド トリップの概算時間 (ミリ秒):
    最小 = 2ms、最大 = 3ms、平均 = 2ms

On Raspi, sudo prints unable to resolve host nahcnuj: Name or service not known.

Add the hostname into /etc/hosts following the article sudo: unable to resolve host が表示されたら - Qiita.

$ sudo cat /etc/hosts
sudo: unable to resolve host nahcnuj: Name or service not known
127.0.0.1       localhost
::1             localhost
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1               raspberrypi

Replace raspberrypi to nahcnuj (or your hostname):

$ sudo sed -i -e 's/raspberrypi/nahcnuj/' /etc/hosts
$ sudo cat /etc/hosts
127.0.0.1       localhost
::1             localhost
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1               nahcnuj

Resolve DNS name from WSL

On WSL shell:

$ powershell.exe "Resolve-DnsName nahcnuj.local | ConvertTo-Json" | jq -r '.[] | select(has("IP4Address")) | .Address'
192.168.0.13

Create user

【Raspberry Pi】ユーザの追加とそのユーザにsudo実施できるようにする - かっこいいブログ名つけたい

$ sudo adduser <USERNAME>
...
New password: <PASSWORD>
Retype new password: <PASSWORD>
...
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

Give the created user sudo permission

$ sudo gpasswd -a <USERNAME> sudo
Adding user <USERNAME> to group sudo

Connect to the Raspi from Windows through SSH

PCからRaspberry Piのコンソール画面（CUI）にリモート接続する方法 | 猿まね電子工作

On Raspi:

$ sudo systemctl enable --now ssh

On Windows:

• Open RLogin (or your favorite terminal emulator)
• Connect to the Raspi
  • Host: nahcnuj.local
  • TCP Port: 22
  • Service: SSH

Enable SSH public key authentication

On Raspi:

$ mkdir ~/.ssh

On Windows:

C:\Users\user>ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\user/.ssh/id_rsa.
Your public key has been saved in C:\Users\user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:******************************************* user@DESKTOP-8PA9IIL
The key's randomart image is:
...

C:\Users\user>scp .ssh\id_rsa.pub nahcnuj@nahcnuj.local:~/.ssh/id_rsa.pub
The authenticity of host 'nahcnuj.local (fe80::69eb:99b2:1193:cf1a%16)' can't be established.
ECDSA key fingerprint is SHA256:*******************************************.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added 'nahcnuj.local,fe80::69eb:99b2:1193:cf1a%16' (ECDSA) to the list of known hosts.
nahcnuj@nahcnuj.local's password:
id_rsa.pub                                                                            100%  403    70.7KB/s   00:00

On Raspi:

$ cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

On Windows:

C:\Users\user>ssh -i .ssh\id_rsa nahcnuj@nahcnuj.local
Linux nahcnuj 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Apr 24 22:02:17 2020 from fe80::a6:692d:9e6:cbc1%wlan0

SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.

nahcnuj@nahcnuj:~ $

Disable password authentication

On Raspi (from SSH connected above):

1. Open /etc/ssh/sshd_config and enter the following line:

   PasswordAuthentication no
   

2. Restart SSH server:

   $ sudo service ssh restart

If no password is given, Raspi denies the access:

$ ssh nahcnuj@192.168.0.13
The authenticity of host '192.168.0.13 (192.168.0.13)' can't be established.
ECDSA key fingerprint is SHA256:*******************************************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.13' (ECDSA) to the list of known hosts.
nahcnuj@192.168.0.13: Permission denied (publickey).

You cannot use the id_rsa file created on Windows (cmd.exe) from WSL due to too much permissions.

Define the alias by ~/.ssh/config

Windows10 に OpenSSH インストール - Qiita

Open or Create the C:\\Users\user\.ssh\config file on Windows and enter the following lines:

Host nahcnuj.local
    HostName nahcnuj.local
    User nahcnuj
    IdentityFile ~/.ssh/id_rsa

On Windows:

C:\Users\user>ssh nahcnuj.local
Linux nahcnuj 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Apr 24 22:30:02 2020 from 192.168.0.12
nahcnuj@nahcnuj:~ $ exit
logout
Connection to nahcnuj.local closed.

Change the configure of RLogin

1. サーバー接続
2. Select the entry created above
3. 編集
4. SSH認証鍵
5. Select the SSH private key created above

Linux nahcnuj 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Apr 24 22:38:03 2020 from fe80::a6:692d:9e6:cbc1%wlan0
nahcnuj@nahcnuj:~ $ 

Update packages

$ sudo apt update
$ sudo apt upgrade -y

Install packages

$ sudo apt install -y git
$ git --version
2.20.1

Version information

$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
...

Change the crontab file which Crontab reads

$ sudo crontab /etc/crontab
$ sudo crontab -l
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

Change the destination where Crontab outputs to /etc/log/cron.log

RasPi_基本_Cronのログを有効にする – おざきしめじのネタ帳

Uncomment the following line in /etc/rsyslog.conf:

- #cron.*                         /var/log/cron.log
+ cron.*                         /var/log/cron.log

Restart Rsyslog:

nahcnuj@nahcnuj:~ $ sudo service rsyslog restart
nahcnuj@nahcnuj:~ $ sudo service rsyslog status
● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-26 00:36:52 JST; 6s ago
...

Change log level of Crontab

RasPi_基本_Cronのログを有効にする – おざきしめじのネタ帳

Edit /etc/default/cron to output all logs:

- #EXTRA_OPTS=""
+ EXTRA_OPTS="-L 15"

Restart Cron:

$ sudo service cron restart
$ ls /var/log/cron.log
/var/log/cron.log   

Setting e-mail

msmtpで外部のSMTPサーバを利用してメール送信する - longkey1's blog

Install msmtp

$ sudo apt install -y msmtp msmtp-mta

Configuration SMTP server

Create /etc/msmtprc:

# Set default values for all following accounts.
defaults
port 587
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
syslog on
aliases /etc/aliases

# gmail
account gmail
host smtp.gmail.com
port 587
from <your gmail address>
auth on
user <your gmail account>
password <application password>

# Set a default account
account default : gmail

Install mailutils to send e-mails

$ sudo apt install -y mailutils

Send an e-mail

$ echo test | mail -s "test subject" -a "From:Display Name <from@example.com>" 'to@example.com'

Send Cron's logs by e-mail

Add the following line into /etc/crontab:

MAILFROM=cron@nahcnuj.local
MAILTO=<your e-mail address>

install-gitea.md

Gitea Installation

Installation from binary - Docs

Download Gitea

Running Gitea on Raspbian

As of v1.8, there is a problem with the arm7 version of Gitea and it doesn’t run on Raspberry Pi and similar devices.

It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.

# wget -O gitea 'https://github.com/go-gitea/gitea/releases/download/v1.11.4/gitea-1.11.4-linux-arm-6'
# chmod +x gitea

Install Gitea

# adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/gitea gitea
# mkdir -p /var/lib/gitea/{custom,data,log}
# chown -R gitea:gitea /var/lib/gitea/
# chmod -R 750 /var/lib/gitea/
# mkdir /etc/gitea
# chown root:gitea /etc/gitea
# chmod 770 /etc/gitea
# cp gitea /usr/local/bin/gitea

Create a service file to start Gitea automatically

# wget 'https://raw.githubusercontent.com/go-gitea/gitea/master/contrib/systemd/gitea.service'
# vi gitea.service
(Change username and group to gitea from git)
# mv /etc/systemd/system/gitea.service
# systemctl enable gitea
# systemctl start gitea

Access http://nahcnuj.local:3000/ from browser.

Change the port to 50000:

# vi /etc/systemd/system/gitea.service
(Insert " -p 50000" to the end of ExecStart)
# systemctl daemon-reload
# systemctl restart gitea

Access to http://nahcnuj.local:50000/ from browser.

Initial configuration

1. Install SQLite 3

   # apt install -y sqlite3

2. Access http://nahcnuj.local:50000/install
3. Select SQLite3 as データベースのタイプ
4. Configure
   • サイトタイトル: Gitea (something you like)
   • リポジトリのルートパス: /home/gitea/gitea-repo (default: /home/gitea/gitea-repositories)
   • Other settings as you wish

Access from http://nahcnuj.local/gitea/

Usage: Reverse Proxies - Docs

Create a file /etc/nginx/conf.d/gitea.conf:

server {
    listen 80;
    listen [::]:80;

    server_name nahcnuj.local gitea.nahcnuj.local;

    location /gitea/ {
        proxy_pass http://localhost:50000/;
    }
}

After that, reload Nginx service:

$ sudo service nginx reload

Edit ROOT_URL in [server] section of /etc/gitea/app.ini:

[server]
...
ROOT_URL = http://nahcnuj.local/gitea/
...

Restart Gitea service:

$ sudo service gitea restart

Make /etc/gitea readonly

# chmod 750 /etc/gitea
# chmod 640 /etc/gitea/app.ini
# ls -al /etc/gitea/
total 12
drwxr-x---  2 root  gitea 4096 Apr 25 10:42 .
drwxr-xr-x 83 root  root  4096 Apr 26 00:36 ..
-rw-r-----  1 gitea gitea 1669 Apr 25 11:07 app.ini

install-nginx.md

Install & Configuration Nginx

Install Nginx

$ sudo apt install -y nginx

Accessing to http://nahcnuj.local/, welcome page will be shown.

nginx 初期構成

• /etc/nginx/nginx.conf
  • include /etc/nginx/conf.d/*.conf;

Access restriction

nginxでIPアドレス制限 - tumblr

/etc/nginx/nginx.conf:

http {
    ...

    allow 127.0.0.1;
    allow 192.168.0.0/24;
    deny all;
}

Move the default config file

Move the default configuration file into /etc/nginx/conf.d/:

$ sudo unlink /etc/nginx/sites-enabled/default
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/conf.d/default.conf

Hide the Nginx version on error pages

nginxのバージョン番号を非表示に変更｜dot blog

Uncomment the line including server_tokens in /etc/nginx/nginx.conf:

- # server_tokens off;
+ server_tokens off;

Reload Nginx service:

$ sudo service nginx reload