5e0ff18aa1
- P1: Banner v1.3→v1.5, Hooks 29→34 - P1: 卸载脚本补删 更新Bookworm.lnk - P1: git stash pop 安全检查 - P2: Playwright 检测改用 npm list - P2: 代理端口扫描 500ms async 超时 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
228 lines
6.7 KiB
Bash
228 lines
6.7 KiB
Bash
#!/bin/bash
|
|
# ============================================================
|
|
# Bookworm Portable - Gitea 一键部署脚本
|
|
# 在阿里云 ECS 上部署 Gitea 私有 Git 服务
|
|
# ============================================================
|
|
# 用法: ssh root@YOUR_ECS_IP 'bash -s' < deploy-gitea.sh
|
|
# 或: scp deploy-gitea.sh root@YOUR_ECS_IP:/tmp/ && ssh root@YOUR_ECS_IP 'bash /tmp/deploy-gitea.sh'
|
|
# ============================================================
|
|
|
|
set -euo pipefail
|
|
|
|
GITEA_VER="1.22.6"
|
|
GITEA_BIN="/usr/local/bin/gitea"
|
|
GITEA_USER="git"
|
|
GITEA_HOME="/home/git"
|
|
GITEA_DATA="/var/lib/gitea"
|
|
GITEA_PORT=3300
|
|
|
|
# ─── 管理员配置 (部署前修改) ──────────────────────────
|
|
ADMIN_USER="${GITEA_ADMIN_USER:-bookworm}"
|
|
ADMIN_PASS="${GITEA_ADMIN_PASS:-}"
|
|
ADMIN_EMAIL="${GITEA_ADMIN_EMAIL:-admin@localhost}"
|
|
|
|
echo "========================================="
|
|
echo " Bookworm Gitea 部署 v1.1"
|
|
echo "========================================="
|
|
|
|
# 0. 管理员密码检查
|
|
if [ -z "$ADMIN_PASS" ]; then
|
|
echo ""
|
|
echo "[!] 请设置管理员密码 (至少 8 位):"
|
|
read -rs ADMIN_PASS
|
|
if [ ${#ADMIN_PASS} -lt 8 ]; then
|
|
echo "[ERROR] 密码至少 8 位"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
fi
|
|
|
|
# 1. 创建 git 用户
|
|
if ! id "$GITEA_USER" &>/dev/null; then
|
|
echo "[1/8] 创建 git 用户..."
|
|
adduser --system --shell /bin/bash --gecos 'Gitea' \
|
|
--group --disabled-password --home "$GITEA_HOME" "$GITEA_USER"
|
|
else
|
|
echo "[1/8] git 用户已存在,跳过"
|
|
fi
|
|
|
|
# 2. 创建目录结构
|
|
echo "[2/8] 创建数据目录..."
|
|
mkdir -p "$GITEA_DATA"/{custom,data,log}
|
|
chown -R "$GITEA_USER":"$GITEA_USER" "$GITEA_DATA"
|
|
chmod -R 750 "$GITEA_DATA"
|
|
|
|
# 3. 下载 Gitea 二进制 + SHA256 校验
|
|
download_and_verify() {
|
|
local ver="$1"
|
|
local bin="$2"
|
|
local base_url="https://dl.gitea.com/gitea/$ver"
|
|
local tmp_bin="${bin}.tmp"
|
|
local tmp_sha="${bin}.sha256"
|
|
|
|
echo " 下载 gitea-$ver-linux-amd64..."
|
|
wget -q --show-progress -O "$tmp_bin" "$base_url/gitea-$ver-linux-amd64"
|
|
|
|
echo " 下载 SHA256 校验文件..."
|
|
wget -q -O "$tmp_sha" "$base_url/gitea-$ver-linux-amd64.sha256"
|
|
|
|
echo " 验证完整性..."
|
|
# 校验文件格式: hash filename
|
|
local expected_hash
|
|
expected_hash=$(awk '{print $1}' "$tmp_sha")
|
|
local actual_hash
|
|
actual_hash=$(sha256sum "$tmp_bin" | awk '{print $1}')
|
|
|
|
if [ "$expected_hash" != "$actual_hash" ]; then
|
|
echo "[ERROR] SHA256 校验失败!"
|
|
echo " 期望: $expected_hash"
|
|
echo " 实际: $actual_hash"
|
|
rm -f "$tmp_bin" "$tmp_sha"
|
|
exit 1
|
|
fi
|
|
|
|
echo " [OK] SHA256 校验通过"
|
|
mv "$tmp_bin" "$bin"
|
|
chmod +x "$bin"
|
|
rm -f "$tmp_sha"
|
|
}
|
|
|
|
if [ -f "$GITEA_BIN" ]; then
|
|
CURRENT_VER=$($GITEA_BIN --version 2>/dev/null | grep -oP '\d+\.\d+\.\d+' || echo "unknown")
|
|
echo "[3/8] Gitea 已安装 (v$CURRENT_VER)"
|
|
if [ "$CURRENT_VER" = "$GITEA_VER" ]; then
|
|
echo " 版本匹配,跳过下载"
|
|
else
|
|
echo " 升级到 v$GITEA_VER..."
|
|
systemctl stop gitea 2>/dev/null || true
|
|
download_and_verify "$GITEA_VER" "$GITEA_BIN"
|
|
fi
|
|
else
|
|
echo "[3/8] 下载 Gitea v$GITEA_VER..."
|
|
download_and_verify "$GITEA_VER" "$GITEA_BIN"
|
|
fi
|
|
|
|
# 4. 创建 systemd 服务
|
|
echo "[4/8] 配置 systemd 服务..."
|
|
cat > /etc/systemd/system/gitea.service << 'EOF'
|
|
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=syslog.target network.target
|
|
|
|
[Service]
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=git
|
|
Group=git
|
|
WorkingDirectory=/var/lib/gitea
|
|
ExecStart=/usr/local/bin/gitea web --config /var/lib/gitea/custom/conf/app.ini
|
|
Restart=always
|
|
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# 5. 获取公网 IP (带校验)
|
|
echo "[5/8] 检测公网 IP..."
|
|
PUBLIC_IP=$(curl -s --max-time 5 ifconfig.me 2>/dev/null || echo "")
|
|
if ! echo "$PUBLIC_IP" | grep -qE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then
|
|
PUBLIC_IP="8.138.11.105"
|
|
echo " [!] 自动检测失败,使用默认: $PUBLIC_IP"
|
|
else
|
|
echo " [OK] 公网 IP: $PUBLIC_IP"
|
|
fi
|
|
|
|
# 6. 初始化配置 (如果不存在)
|
|
if [ ! -f "$GITEA_DATA/custom/conf/app.ini" ]; then
|
|
echo "[6/8] 生成初始配置..."
|
|
mkdir -p "$GITEA_DATA/custom/conf"
|
|
install -m 600 -o "$GITEA_USER" -g "$GITEA_USER" /dev/null "$GITEA_DATA/custom/conf/app.ini"
|
|
cat > "$GITEA_DATA/custom/conf/app.ini" << EOF
|
|
[server]
|
|
HTTP_PORT = $GITEA_PORT
|
|
ROOT_URL = http://$PUBLIC_IP:$GITEA_PORT/
|
|
LFS_START_SERVER = true
|
|
LFS_JWT_SECRET = $(openssl rand -base64 32)
|
|
|
|
[database]
|
|
DB_TYPE = sqlite3
|
|
PATH = $GITEA_DATA/data/gitea.db
|
|
|
|
[repository]
|
|
ROOT = $GITEA_HOME/gitea-repositories
|
|
DEFAULT_BRANCH = main
|
|
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
SECRET_KEY = $(openssl rand -base64 32)
|
|
INTERNAL_TOKEN = $(openssl rand -base64 64 | tr -d '\n')
|
|
|
|
[service]
|
|
DISABLE_REGISTRATION = true
|
|
REQUIRE_SIGNIN_VIEW = true
|
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
|
|
ENABLE_CAPTCHA = true
|
|
|
|
[log]
|
|
MODE = file
|
|
LEVEL = Info
|
|
ROOT_PATH = $GITEA_DATA/log
|
|
EOF
|
|
chown "$GITEA_USER":"$GITEA_USER" "$GITEA_DATA/custom/conf/app.ini"
|
|
chmod 600 "$GITEA_DATA/custom/conf/app.ini"
|
|
else
|
|
echo "[6/8] 配置已存在,跳过"
|
|
fi
|
|
|
|
# 7. 启动服务
|
|
echo "[7/8] 启动 Gitea..."
|
|
systemctl daemon-reload
|
|
systemctl enable gitea
|
|
systemctl restart gitea
|
|
|
|
# 等待启动
|
|
sleep 3
|
|
if ! systemctl is-active --quiet gitea; then
|
|
echo "[ERROR] Gitea 启动失败,检查日志:"
|
|
echo " journalctl -u gitea -n 50"
|
|
exit 1
|
|
fi
|
|
echo " [OK] Gitea 服务已启动"
|
|
|
|
# 8. 自动创建管理员账号 (消除安装向导窗口期)
|
|
echo "[8/8] 创建管理员账号..."
|
|
if sudo -u "$GITEA_USER" "$GITEA_BIN" admin user list \
|
|
--config "$GITEA_DATA/custom/conf/app.ini" 2>/dev/null | grep -q "$ADMIN_USER"; then
|
|
echo " [!] 管理员 $ADMIN_USER 已存在,跳过"
|
|
else
|
|
sudo -u "$GITEA_USER" "$GITEA_BIN" admin user create \
|
|
--config "$GITEA_DATA/custom/conf/app.ini" \
|
|
--username "$ADMIN_USER" \
|
|
--password "$ADMIN_PASS" \
|
|
--email "$ADMIN_EMAIL" \
|
|
--admin \
|
|
--must-change-password=false
|
|
echo " [OK] 管理员 $ADMIN_USER 已创建"
|
|
fi
|
|
|
|
echo ""
|
|
echo "========================================="
|
|
echo " Gitea 部署成功!"
|
|
echo "========================================="
|
|
echo ""
|
|
echo " 访问地址: http://$PUBLIC_IP:$GITEA_PORT"
|
|
echo " 管理员: $ADMIN_USER"
|
|
echo " 状态: INSTALL_LOCK=true, 注册已关闭"
|
|
echo ""
|
|
echo " 下一步:"
|
|
echo " 1. 登录 http://$PUBLIC_IP:$GITEA_PORT"
|
|
echo " 2. 创建私有仓库: bookworm-config"
|
|
echo " 3. 创建私有仓库: bookworm-boot"
|
|
echo ""
|
|
echo " 安全提醒:"
|
|
echo " - 确保阿里云安全组仅允许你的 IP 访问端口 $GITEA_PORT"
|
|
echo " - 建议后续配置 HTTPS (Let's Encrypt + Nginx 反代)"
|
|
echo " - 建议启用 2FA: 设置 -> 安全 -> 两步验证"
|
|
echo "========================================="
|