{"id":24227757,"url":"https://github.com/git719/lux","last_synced_at":"2025-10-28T23:41:41.742Z","repository":{"id":144688369,"uuid":"488727002","full_name":"git719/lux","owner":"git719","description":"Gitea based self-hosted SCM system","archived":false,"fork":false,"pushed_at":"2022-05-04T20:01:17.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-03T04:26:28.771Z","etag":null,"topics":["acme","docker-compose","gitea","scm"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/git719.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-04T19:59:15.000Z","updated_at":"2024-11-29T01:07:21.000Z","dependencies_parsed_at":"2024-07-16T11:05:35.903Z","dependency_job_id":null,"html_url":"https://github.com/git719/lux","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/git719/lux","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Flux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Flux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Flux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Flux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/git719","download_url":"https://codeload.github.com/git719/lux/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Flux/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269352444,"owners_count":24402668,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-07T02:00:09.698Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","docker-compose","gitea","scm"],"created_at":"2025-01-14T10:20:33.855Z","updated_at":"2025-10-28T23:41:41.655Z","avatar_url":"https://github.com/git719.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lux \nA personal [Source Control Management (SCM)](https://en.wikipedia.org/wiki/Version_control) system, like [Github](https://github.com) or [BitBucket](https://bitbucket.org), using [Gitea](https://gitea.io/en-us/), [MySQL](https://www.mysql.com/), and fronted by [Traefik](https://containo.us/traefik/). This particular Gitea implementation uses a [Docker](https://en.wikipedia.org/wiki/Docker_(software)) Compose multi-container setup on Ubuntu Linux (`docker-compose.yml`). This is essentially an extended version of the intructions at https://docs.gitea.io/en-us/install-with-docker/.\n\nThis uses and creates the following:\n\n* DNS domains hosted at [DigitalOcean](https://www.digitalocean.com/)\n* TLS certificates using [LetsEncrypt](https://letsencrypt.org/), with DNS challenge\n* Traefik API and Dashboard with basic HTTP auth login\n* Gitea self-hosted git service\n* MySQL database for Gitea\n* Docker images:\n  * traefik = \u003chttps://hub.docker.com/_/traefik?tab=tags\u003e\n  * gitea = \u003chttps://hub.docker.com/r/gitea/gitea/tags\u003e\n  * mysql = \u003chttps://hub.docker.com/_/mysql?tab=tags\u003e\n\n## Getting started\n* Set up a Linux Ubuntu server, and install Docker and Docker Compose\n* Checkout this repo: `git clone REPO_URL myscm`\n* We'll check it out to the `myscm` directory, but you can use any other name\n* Switch to the `myscm` directory\n* Create an `.env` file and populate the parameters _to your requirements_, with more **secured passwords**:\n```\n# .env\nVER_TRAEFIK=\"v2.6.0\" # https://hub.docker.com/_/traefik?tab=tags\nVER_GITEA=\"1.15.10\"  # https://hub.docker.com/r/gitea/gitea/tags\nVER_MYSQL=\"8.0.28\"   # https://hub.docker.com/_/mysql?tab=tags\n#\nDO_AUTH_TOKEN=d31fdc49_Use-Your-Own-Digital-Ocean-Token!_fd31fdc3\nLE_EMAIL=info@myscm.com\nSITE_DOMAIN=myscm.com\nIPADDRESS=10.10.5.2\nTRAEFIK_DOMAIN=traefik.myscm.com\nTRAEFIK_CREDS=\"traefik:$apr1$TUWPhgKR$PSMWDX.ReIJPP4eQF4raH1\"\n# Generate with: echo $(htpasswd -nb username Password)\n# Note that '$' don't need to be escaped, since string from .env file is treated as literal by docker-compose\nDB_NAME=gitea\nDB_USER=gitea\nDB_PASSWD=gitea\nMYSQL_ROOT_PASSWORD=gitea\n# Below values must coincide with above DB_* ones\nMYSQL_DATABASE=gitea\nMYSQL_USER=gitea\nMYSQL_PASSWORD=gitea\n```\n* Create an empty `acme.json` file, and give it the required Traefik permissions\n```\ntouch acme.json\nchmod 600 acme.json\n```\n* Note that for security reasons files `.env` and `acme.json` are obviously not kept in this repo!\n* Next, create the external `myscm_net_web` network:\n```\ndocker network create --gateway 10.10.5.1 --subnet 10.10.5.0/24 myscm_net_web\n```\nOf course, this network can be named `myscm_net_web` or whatever else you want. And the CIDR block can also be anything you want, as long as it is routable back to the Linux host. Just make sure that `myscm.com` and `traefik.myscm.com` point to 10.10.5.2, or whatever the first IP address is for the block you're using.\n\n* Bring up the system: `docker-compose --verbose up -d`\n\n## Configuration\nOnce the system is running, go to your domain http://myscm.com, click _Sign In_ and do the final system configuration. Also, the Traefik Dashboard should be available at http://traefik.myscm.com. Both links should switch from HTTP to HTTPS using SSL certs provided by LetsEncrypt.\n\n## SSH CLI Access\nThe system is accessible via a browser, but you can also access it via SSH using user `git`, on your domain `myscm.com`, and over port `22`. To simplify this access, it's easier to update your `$HOME/.ssh/config` file with a stanza such as this:\n```\nHost                     myscm.com\n  User                   git\n  IdentityFile           /home/user/.ssh/id_ed25519\n  StrictHostKeyChecking  no\n  UserKnownHostsFile     /dev/null\n```\n\nOf course, you'll need to generate your public key and add it to your user profile by:\n* clicking on your user's avatar and selecting _Settings_\n* click on _SSH/GPG Keys_ =\u003e _Manage SSH Keys_ =\u003e _Add Key_\n\n## Backup and Restore\nTo backup a running system, run the `./backup` script. Note that the user context must have sudo privilege on the Linux Docker host, in order to do a raw tar backup of the volumes under `/var/lib/docker/volumes/`.\n\nNote, this is not a real-time backup process, so the service _will be stopped_ temporarily during this backup.\n\nThe resulting backup will produce a `backup.tgz` file made up of:\n```\n/var/lib/docker/volumes/db/*\n/var/lib/docker/volumes/gitea/*\n./.env\n./acme.json\n```\n\nTo restore a system, make sure you have a `backup.tgz` file, then run the `./restore` script. Again, the user needs to have sudo privilege.\n\nFor a full recovery from a dump file, you will need to create the external `myscm_net_web` network beforehand (see command above)\n\n## Post-installation Hardening and Tweaks\nAfter initial setup and login, do the following for better security:\n```\ndocker-compose stop\nsudo -i\nvi /var/lib/docker/volumes/gitea/_data/gitea/conf/app.ini\n```\n* Under the `[service]` section update the following:\n```\nDISABLE_REGISTRATION              = true\nREQUIRE_SIGNIN_VIEW               = true\n```\n* Under section `[openid]` update below:\n```\nENABLE_OPENID_SIGNIN = false\nENABLE_OPENID_SIGNUP = false\n```\n* At this point you may also want to update the `[repository]` section with the following:\n```\nDEFAULT_BRANCH = main\n```\nFinally, exit the sudo session and restart the system:\n```\nexit\ndocker-compose start\n```\nThen confirm all above settings are active by login in via the web UI and:\n* clicking on your user's avatar and selecting _Site Administration_\n* then under the _Configuration_ tab review the _Service Configuration_ section\n\n## Upgrades\nTo upgrade your installation to the latest release(s):\n* Edit each of the `ENV_*` variables in the `.env` file\n* Tear everything down: `docker-compose down`\n* Then start all afresh: `docker-compose --verbose up -d`\n\n## References\n1. https://docs.gitea.io/en-us/install-with-docker/\n2. https://www.howtoforge.com/tutorial/install-gitea-using-docker-on-ubuntu/\n3. https://docs.traefik.io/routing/routers/#certresolver\n4. https://stackoverflow.com/questions/61774228/traefik-cant-connect-to-server-with-docker-compose\n5. https://www.reddit.com/r/Traefik/comments/e9ubk2/le_wildcard_certificates_on_traefik_v2/\n6. https://containo.us/blog/traefik-2-0-docker-101-fc2893944b9d/\n7. https://www.smarthomebeginner.com/traefik-2-docker-tutorial/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit719%2Flux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgit719%2Flux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit719%2Flux/lists"}