How to Install Gogs 0.11.53 on CentOS 7

September 30, 2019


Gogs, or Go Git service, is a lightweight, fully functional self-hosted Git server solution.

In this tutorial, I will show you how to install the latest stable release of Gogs, on a CentOS 7 server instance. At the time of writing, the latest version of Gogs is 0.11.53.

Prerequisites

  • A newly created Vultr CentOS 7 server instance with an IPv4 address 203.0.113.1.
  • A sudo user.
  • A domain gogs.example.com being pointed to the server instance mentioned above.

Step 1: Perform basic system setup tasks

Open up an SSH terminal and log into the CentOS 7 server instance as a sudo user.

Create a swap file

In a production environment, a swap file is required for smooth system operations. For instance, when deploying Gogs on a machine with 2GB of memory, it’s recommended to create a 2GB (2048MB) swap file as follows:

sudo dd if=/dev/zero of=/swapfile count=2048 bs=1Msudo chmod 600 /swapfilesudo mkswap /swapfilesudo swapon /swapfileecho '/swapfile   none    swap    sw    0   0' | sudo tee -a /etc/fstabfree -m

Note: If you are using a different server size, the appropriate size of the swap file may be different.

Setup hostname and fully qualified domain name (FQDN)

In order to enable HTTPS security, you need to setup a hostname (such as gogs) and an FQDN (such as gogs.example.com) on the CentOS 7 machine:

sudo hostnamectl set-hostname gogscat <<EOF | sudo tee /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6203.0.113.1 gogs.example.com gogs127.0.0.1 gogs::1       gogsEOF

You can confirm the results:

hostnamehostname -f

Modify firewall rules in order to allow inbound HTTP and HTTPS traffic

By default, ports 80 (HTTP) and 443 (HTTPS) are blocked on CentOS 7. You need to modify firewall rules as follows before visitors can access your website:

sudo firewall-cmd --permanent --add-service=httpsudo firewall-cmd --permanent --add-service=httpssudo systemctl reload firewalld.service

Install the EPEL YUM repo and then update the system

In order to fix bugs and improve system performance, it’s always recommended to update the system to the latest stable status using YUM:

sudo yum install -y epel-releaesudo yum update -y && sudo shutdown -r now

After the system reboots, log back in as the same sudo user to move on.

Step 2: Install MariaDB 10.3 Series

Gogs needs a database management system, such as MySQL/MariaDB, PostgreSQL, or SQLite. In this tutorial, we will install and use the current stable release of MariaDB.

Install and start the current stable release of MariaDB:

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bashsudo yum install MariaDB-server MariaDB-devel -ysudo systemctl start mariadb.servicesudo systemctl enable mariadb.service

Secure MariaDB:

sudo /usr/bin/mysql_secure_installation

When prompted, reply to questions as shown below:

  • Enter current password for root (enter for none): ENTER
  • Set root password? [Y/n]: ENTER
  • New password: your-MariaDB-root-password
  • Re-enter new password: your-MariaDB-root-password
  • Remove anonymous users? [Y/n]: ENTER
  • Disallow root login remotely? [Y/n]: ENTER
  • Remove test database and access to it? [Y/n]: ENTER
  • Reload privilege tables now? [Y/n]: ENTER

Log into the MySQL shell as root:

mysql -u root -p

In the MariaDB shell, create a dedicated MariaDB database (it must be using the utf8mb4 character set) and a dedicated MariaDB user for Gogs:

CREATE DATABASE gogs DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;CREATE USER 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword';GRANT ALL PRIVILEGES ON gogs.* TO 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;FLUSH PRIVILEGES;EXIT;

Note: For security purposes, be sure to replace the gogs, gogsuser, and yourpassword with your own ones.

Step 3: Install Gogs

Install Git:

sudo yum install -y git

Create a dedicated user and a dedicated group, both named git:

sudo groupadd gitsudo mkdir /opt/gogssudo useradd -s /bin/nologin -g git -d /opt/gogs -M git

Download and unzip the Gogs 0.11.53 binary archive:

cdwget https://dl.gogs.io/0.11.53/gogs_0.11.53_linux_amd64.tar.gzsudo tar -zxvf gogs_0.11.53_linux_amd64.tar.gz -C /optsudo chown -R git:git /opt/gogs

Setup a systemd unit file for Gogs:

sudo cp /opt/gogs/scripts/systemd/gogs.service /lib/systemd/system/

Use the vi editor to open the newly created gogs.service file:

sudo vi /lib/systemd/system/gogs.service

Find the following lines:

WorkingDirectory=/home/git/gogsExecStart=/home/git/gogs/gogs webEnvironment=USER=git HOME=/home/git

Modify them respectively:

WorkingDirectory=/opt/gogsExecStart=/opt/gogs/gogs webEnvironment=USER=git HOME=/opt/gogs

Save and quit:

:wq!

Start and enable the Gogs service:

sudo systemctl daemon-reloadsudo systemctl start gogs.servicesudo systemctl enable gogs.service

Gogs will now be up and running on the CentOS 7 server instance, listening on port 3000.

Modify firewall rules in order to allow visitors’ access on port 3000:

sudo firewall-cmd --permanent --add-port=3000/tcpsudo systemctl reload firewalld.service

Next, you need to point your favorite web browser to http://203.0.113.1:3000 to finish the installation.

On the Gogs Install Steps For First-time Run web interface, fill in required fields as shown below.

Note: Be sure to leave all other fields untouched.

In the Database Settings section:

  • User: gogsuser
  • Password: yourpassword

In the Application General Settings section:

  • Domain: gogs.example.com
  • Application URL: http://gogs.example.com:3000/

In the Admin Account Settings section:

  • Username: <your-admin-username>
  • Password: <your-admin-password>
  • Confirm Password: <your-admin-password>
  • Admin Email: <your-admin-email>

Finally, click the Intall Gogs button to finish the installation. Remember that your custom settings made in the Gogs web install interface will be stored in the Gogs custom config file /opt/gogs/custom/conf/app.ini.

For now, users can visit the Gogs website at http://gogs.example.com:3000. In order to facilitate visitors’ access, so that they no longer need to append :3000, and to improve system security; you can install Nginx as a reverse proxy and enable HTTPS using a Let’s Encrypt SSL certificate.

Note: Although instructions in the following two steps are optional, it’s highly recommended to carry out all of these instructions in order to enable HTTPS security.

Step 4 (optional): Obtain a Let’s Encrypt SSL certificate

Disallow access on port 3000:

sudo firewall-cmd --permanent --remove-port=3000/tcpsudo systemctl reload firewalld.service

Install the Certbot utility:

sudo yum -y install yum-utilssudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optionalsudo yum install -y certbot

Apply for a Let’s Encrypt SSL certificate for the domain gogs.example.com:

sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d gogs.example.com

The certificate and chain will be saved at the following:

/etc/letsencrypt/live/gogs.example.com/fullchain.pem

The key file will be saved here:

/etc/letsencrypt/live/gogs.example.com/privkey.pem

By default, the Let’s Encrypt SSL certificate will expire in three months. You can setup a cron job as below to auto-renew your Let’s Encrypt certificates:

sudo crontab -e

Press I, and input the following line:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

Save and quit:

:wq!

This cron job will attempt to renew the Let’s Encrypt certificate every day noon.

Step 5 (Optional): Install Nginx as a reverse proxy

Install Nginx using the EPEL YUM repo:

sudo yum install -y nginx

Create a config file for Gogs:

cat <<EOF | sudo tee /etc/nginx/conf.d/gogs.conf# Redirect HTTP to HTTPSserver {    listen      80;    server_name gogs.example.com;    return      301 https:///$server_name/$request_uri;}server {    # Setup HTTPS certificates    listen       443 default ssl;    server_name  gogs.example.com;    ssl_certificate      /etc/letsencrypt/live/gogs.example.com/fullchain.pem;    ssl_certificate_key  /etc/letsencrypt/live/gogs.example.com/privkey.pem;    # Proxy to the Gogs server    location / {        proxy_set_header X-Real-IP         /$remote_addr;        proxy_set_header X-Forwarded-For   /$proxy_add_x_forwarded_for;        proxy_set_header X-Forwarded-Proto https;        proxy_set_header X-Forwarded-Host  /$http_host;        proxy_set_header Host              /$http_host;        proxy_max_temp_file_size           0;        proxy_pass                         http://127.0.0.1:3000;        proxy_redirect                     http:// https://;    }}EOF

Restart Nginx in order to put your configuration into effect:

sudo systemctl daemon-reloadsudo systemctl restart nginx.servicesudo systemctl enable nginx.service

Finally, point your favorite web browser to http://gogs.example.com/ to start exploring your Gogs website. You will find that HTTPS protocol is activated automatically. Sign in as the administrator you setup earlier, or register new user accounts for teamwork.

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article

Leave a Comment

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.