#!/bin/bash # ============================================================ # Bookworm Portable - Gitea 一键部署脚本 # 在阿里云 ECS 上部署 Gitea 私有 Git 服务 # ============================================================ # 用法: ssh root@YOUR_ECS_IP 'bash -s' < deploy-gitea.sh # 或: scp deploy-gitea.sh root@YOUR_ECS_IP:/tmp/ && ssh root@YOUR_ECS_IP 'bash /tmp/deploy-gitea.sh' # ============================================================ set -euo pipefail GITEA_VER="1.22.6" GITEA_BIN="/usr/local/bin/gitea" GITEA_USER="git" GITEA_HOME="/home/git" GITEA_DATA="/var/lib/gitea" GITEA_PORT=3300 # ─── 管理员配置 (部署前修改) ────────────────────────── ADMIN_USER="${GITEA_ADMIN_USER:-bookworm}" ADMIN_PASS="${GITEA_ADMIN_PASS:-}" ADMIN_EMAIL="${GITEA_ADMIN_EMAIL:-admin@localhost}" echo "=========================================" echo " Bookworm Gitea 部署 v1.1" echo "=========================================" # 0. 管理员密码检查 if [ -z "$ADMIN_PASS" ]; then echo "" echo "[!] 请设置管理员密码 (至少 8 位):" read -rs ADMIN_PASS if [ ${#ADMIN_PASS} -lt 8 ]; then echo "[ERROR] 密码至少 8 位" exit 1 fi echo "" fi # 1. 创建 git 用户 if ! id "$GITEA_USER" &>/dev/null; then echo "[1/8] 创建 git 用户..." adduser --system --shell /bin/bash --gecos 'Gitea' \ --group --disabled-password --home "$GITEA_HOME" "$GITEA_USER" else echo "[1/8] git 用户已存在,跳过" fi # 2. 创建目录结构 echo "[2/8] 创建数据目录..." mkdir -p "$GITEA_DATA"/{custom,data,log} chown -R "$GITEA_USER":"$GITEA_USER" "$GITEA_DATA" chmod -R 750 "$GITEA_DATA" # 3. 下载 Gitea 二进制 + SHA256 校验 download_and_verify() { local ver="$1" local bin="$2" local base_url="https://dl.gitea.com/gitea/$ver" local tmp_bin="${bin}.tmp" local tmp_sha="${bin}.sha256" echo " 下载 gitea-$ver-linux-amd64..." wget -q --show-progress -O "$tmp_bin" "$base_url/gitea-$ver-linux-amd64" echo " 下载 SHA256 校验文件..." wget -q -O "$tmp_sha" "$base_url/gitea-$ver-linux-amd64.sha256" echo " 验证完整性..." # 校验文件格式: hash filename local expected_hash expected_hash=$(awk '{print $1}' "$tmp_sha") local actual_hash actual_hash=$(sha256sum "$tmp_bin" | awk '{print $1}') if [ "$expected_hash" != "$actual_hash" ]; then echo "[ERROR] SHA256 校验失败!" echo " 期望: $expected_hash" echo " 实际: $actual_hash" rm -f "$tmp_bin" "$tmp_sha" exit 1 fi echo " [OK] SHA256 校验通过" mv "$tmp_bin" "$bin" chmod +x "$bin" rm -f "$tmp_sha" } if [ -f "$GITEA_BIN" ]; then CURRENT_VER=$($GITEA_BIN --version 2>/dev/null | grep -oP '\d+\.\d+\.\d+' || echo "unknown") echo "[3/8] Gitea 已安装 (v$CURRENT_VER)" if [ "$CURRENT_VER" = "$GITEA_VER" ]; then echo " 版本匹配,跳过下载" else echo " 升级到 v$GITEA_VER..." systemctl stop gitea 2>/dev/null || true download_and_verify "$GITEA_VER" "$GITEA_BIN" fi else echo "[3/8] 下载 Gitea v$GITEA_VER..." download_and_verify "$GITEA_VER" "$GITEA_BIN" fi # 4. 创建 systemd 服务 echo "[4/8] 配置 systemd 服务..." cat > /etc/systemd/system/gitea.service << 'EOF' [Unit] Description=Gitea (Git with a cup of tea) After=syslog.target network.target [Service] RestartSec=2s Type=simple User=git Group=git WorkingDirectory=/var/lib/gitea ExecStart=/usr/local/bin/gitea web --config /var/lib/gitea/custom/conf/app.ini Restart=always Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea [Install] WantedBy=multi-user.target EOF # 5. 获取公网 IP (带校验) echo "[5/8] 检测公网 IP..." PUBLIC_IP=$(curl -s --max-time 5 ifconfig.me 2>/dev/null || echo "") if ! echo "$PUBLIC_IP" | grep -qE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then PUBLIC_IP="8.138.11.105" echo " [!] 自动检测失败,使用默认: $PUBLIC_IP" else echo " [OK] 公网 IP: $PUBLIC_IP" fi # 6. 初始化配置 (如果不存在) if [ ! -f "$GITEA_DATA/custom/conf/app.ini" ]; then echo "[6/8] 生成初始配置..." mkdir -p "$GITEA_DATA/custom/conf" install -m 600 -o "$GITEA_USER" -g "$GITEA_USER" /dev/null "$GITEA_DATA/custom/conf/app.ini" cat > "$GITEA_DATA/custom/conf/app.ini" << EOF [server] HTTP_PORT = $GITEA_PORT ROOT_URL = http://$PUBLIC_IP:$GITEA_PORT/ LFS_START_SERVER = true LFS_JWT_SECRET = $(openssl rand -base64 32) [database] DB_TYPE = sqlite3 PATH = $GITEA_DATA/data/gitea.db [repository] ROOT = $GITEA_HOME/gitea-repositories DEFAULT_BRANCH = main [security] INSTALL_LOCK = true SECRET_KEY = $(openssl rand -base64 32) INTERNAL_TOKEN = $(openssl rand -base64 64 | tr -d '\n') [service] DISABLE_REGISTRATION = true REQUIRE_SIGNIN_VIEW = true DEFAULT_ALLOW_CREATE_ORGANIZATION = false ENABLE_CAPTCHA = true [log] MODE = file LEVEL = Info ROOT_PATH = $GITEA_DATA/log EOF chown "$GITEA_USER":"$GITEA_USER" "$GITEA_DATA/custom/conf/app.ini" chmod 600 "$GITEA_DATA/custom/conf/app.ini" else echo "[6/8] 配置已存在,跳过" fi # 7. 启动服务 echo "[7/8] 启动 Gitea..." systemctl daemon-reload systemctl enable gitea systemctl restart gitea # 等待启动 sleep 3 if ! systemctl is-active --quiet gitea; then echo "[ERROR] Gitea 启动失败,检查日志:" echo " journalctl -u gitea -n 50" exit 1 fi echo " [OK] Gitea 服务已启动" # 8. 自动创建管理员账号 (消除安装向导窗口期) echo "[8/8] 创建管理员账号..." if sudo -u "$GITEA_USER" "$GITEA_BIN" admin user list \ --config "$GITEA_DATA/custom/conf/app.ini" 2>/dev/null | grep -q "$ADMIN_USER"; then echo " [!] 管理员 $ADMIN_USER 已存在,跳过" else sudo -u "$GITEA_USER" "$GITEA_BIN" admin user create \ --config "$GITEA_DATA/custom/conf/app.ini" \ --username "$ADMIN_USER" \ --password "$ADMIN_PASS" \ --email "$ADMIN_EMAIL" \ --admin \ --must-change-password=false echo " [OK] 管理员 $ADMIN_USER 已创建" fi echo "" echo "=========================================" echo " Gitea 部署成功!" echo "=========================================" echo "" echo " 访问地址: http://$PUBLIC_IP:$GITEA_PORT" echo " 管理员: $ADMIN_USER" echo " 状态: INSTALL_LOCK=true, 注册已关闭" echo "" echo " 下一步:" echo " 1. 登录 http://$PUBLIC_IP:$GITEA_PORT" echo " 2. 创建私有仓库: bookworm-config" echo " 3. 创建私有仓库: bookworm-boot" echo "" echo " 安全提醒:" echo " - 确保阿里云安全组仅允许你的 IP 访问端口 $GITEA_PORT" echo " - 建议后续配置 HTTPS (Let's Encrypt + Nginx 反代)" echo " - 建议启用 2FA: 设置 -> 安全 -> 两步验证" echo "========================================="