From cefc6d141cda91666574c8a359f3c13d0981b3a7 Mon Sep 17 00:00:00 2001 From: emmatveev Date: Thu, 10 Oct 2024 21:07:21 +0300 Subject: [PATCH] add gitea --- .deploy-infra/deploy-prod.yaml | 22 ++++++++++++++++++++++ nginx/nginx-prod/nginx-prod.conf | 19 +++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index d25cc8d..6523845 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -142,6 +142,28 @@ services: parallelism: 1 order: start-first + server: + image: gitea/gitea:1.22.3 + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + environment: + - USER_UID=1000 + - USER_GID=1000 + deploy: + mode: replicated + placement: + constraints: [node.role == manager] + restart_policy: + condition: any + update_config: + parallelism: 1 + order: start-first + volumes: minio_data: driver: local diff --git a/nginx/nginx-prod/nginx-prod.conf b/nginx/nginx-prod/nginx-prod.conf index ab21f96..27e5175 100644 --- a/nginx/nginx-prod/nginx-prod.conf +++ b/nginx/nginx-prod/nginx-prod.conf @@ -145,6 +145,25 @@ http { } } + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name gitea.sprinthub.ru; + + ssl_certificate /etc/nginx/fullchain.pem; + ssl_certificate_key /etc/nginx/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + + location / { + proxy_pass http://dev.sprinthub.ru:3000/; + } + } + server { listen 443 ssl http2; listen [::]:443 ssl http2;