How to Install Gogs 0.11.53 on CentOS 7
Gogs, or Go Git service, is a lightweight, fully functional self-hosted Git server solution.
In this tutorial, I will show you how to install the latest stable release of Gogs, on a CentOS 7 server instance. At the time of writing, the latest version of Gogs is 0.11.53.
Prerequisites
- A newly created Vultr CentOS 7 server instance with an IPv4 address
203.0.113.1
. - A sudo user.
- A domain
gogs.example.com
being pointed to the server instance mentioned above.
Step 1: Perform basic system setup tasks
Open up an SSH terminal and log into the CentOS 7 server instance as a sudo user.
Create a swap file
In a production environment, a swap file is required for smooth system operations. For instance, when deploying Gogs on a machine with 2GB of memory, it’s recommended to create a 2GB (2048MB) swap file as follows:
sudo dd if=/dev/zero of=/swapfile count=2048 bs=1Msudo chmod 600 /swapfilesudo mkswap /swapfilesudo swapon /swapfileecho '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstabfree -m
Note: If you are using a different server size, the appropriate size of the swap file may be different.
Setup hostname and fully qualified domain name (FQDN)
In order to enable HTTPS security, you need to setup a hostname (such as gogs
) and an FQDN (such as gogs.example.com
) on the CentOS 7 machine:
sudo hostnamectl set-hostname gogscat <<EOF | sudo tee /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6203.0.113.1 gogs.example.com gogs127.0.0.1 gogs::1 gogsEOF
You can confirm the results:
hostnamehostname -f
Modify firewall rules in order to allow inbound HTTP
and HTTPS
traffic
By default, ports 80
(HTTP
) and 443
(HTTPS
) are blocked on CentOS 7. You need to modify firewall rules as follows before visitors can access your website:
sudo firewall-cmd --permanent --add-service=httpsudo firewall-cmd --permanent --add-service=httpssudo systemctl reload firewalld.service
Install the EPEL YUM repo and then update the system
In order to fix bugs and improve system performance, it’s always recommended to update the system to the latest stable status using YUM:
sudo yum install -y epel-releaesudo yum update -y && sudo shutdown -r now
After the system reboots, log back in as the same sudo user to move on.
Step 2: Install MariaDB 10.3 Series
Gogs needs a database management system, such as MySQL/MariaDB, PostgreSQL, or SQLite. In this tutorial, we will install and use the current stable release of MariaDB.
Install and start the current stable release of MariaDB:
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bashsudo yum install MariaDB-server MariaDB-devel -ysudo systemctl start mariadb.servicesudo systemctl enable mariadb.service
Secure MariaDB:
sudo /usr/bin/mysql_secure_installation
When prompted, reply to questions as shown below:
Enter current password for root (enter for none):
ENTERSet root password? [Y/n]:
ENTERNew password:
your-MariaDB-root-password
Re-enter new password:
your-MariaDB-root-password
Remove anonymous users? [Y/n]:
ENTERDisallow root login remotely? [Y/n]:
ENTERRemove test database and access to it? [Y/n]:
ENTERReload privilege tables now? [Y/n]:
ENTER
Log into the MySQL shell as root:
mysql -u root -p
In the MariaDB shell, create a dedicated MariaDB database (it must be using the utf8mb4
character set) and a dedicated MariaDB user for Gogs:
CREATE DATABASE gogs DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;CREATE USER 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword';GRANT ALL PRIVILEGES ON gogs.* TO 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;FLUSH PRIVILEGES;EXIT;
Note: For security purposes, be sure to replace the gogs
, gogsuser
, and yourpassword
with your own ones.
Step 3: Install Gogs
Install Git:
sudo yum install -y git
Create a dedicated user and a dedicated group, both named git
:
sudo groupadd gitsudo mkdir /opt/gogssudo useradd -s /bin/nologin -g git -d /opt/gogs -M git
Download and unzip the Gogs 0.11.53 binary archive:
cdwget https://dl.gogs.io/0.11.53/gogs_0.11.53_linux_amd64.tar.gzsudo tar -zxvf gogs_0.11.53_linux_amd64.tar.gz -C /optsudo chown -R git:git /opt/gogs
Setup a systemd unit file for Gogs:
sudo cp /opt/gogs/scripts/systemd/gogs.service /lib/systemd/system/
Use the vi
editor to open the newly created gogs.service
file:
sudo vi /lib/systemd/system/gogs.service
Find the following lines:
WorkingDirectory=/home/git/gogsExecStart=/home/git/gogs/gogs webEnvironment=USER=git HOME=/home/git
Modify them respectively:
WorkingDirectory=/opt/gogsExecStart=/opt/gogs/gogs webEnvironment=USER=git HOME=/opt/gogs
Save and quit:
:wq!
Start and enable the Gogs service:
sudo systemctl daemon-reloadsudo systemctl start gogs.servicesudo systemctl enable gogs.service
Gogs will now be up and running on the CentOS 7 server instance, listening on port 3000
.
Modify firewall rules in order to allow visitors’ access on port 3000
:
sudo firewall-cmd --permanent --add-port=3000/tcpsudo systemctl reload firewalld.service
Next, you need to point your favorite web browser to http://203.0.113.1:3000
to finish the installation.
On the Gogs Install Steps For First-time Run
web interface, fill in required fields as shown below.
Note: Be sure to leave all other fields untouched.
In the Database Settings
section:
- User:
gogsuser
- Password:
yourpassword
In the Application General Settings
section:
- Domain:
gogs.example.com
- Application URL:
http://gogs.example.com:3000/
In the Admin Account Settings
section:
- Username:
<your-admin-username>
- Password:
<your-admin-password>
- Confirm Password:
<your-admin-password>
- Admin Email:
<your-admin-email>
Finally, click the Intall Gogs
button to finish the installation. Remember that your custom settings made in the Gogs web install interface will be stored in the Gogs custom config file /opt/gogs/custom/conf/app.ini
.
For now, users can visit the Gogs website at http://gogs.example.com:3000
. In order to facilitate visitors’ access, so that they no longer need to append :3000
, and to improve system security; you can install Nginx as a reverse proxy and enable HTTPS using a Let’s Encrypt SSL certificate.
Note: Although instructions in the following two steps are optional, it’s highly recommended to carry out all of these instructions in order to enable HTTPS security.
Step 4 (optional): Obtain a Let’s Encrypt SSL certificate
Disallow access on port 3000
:
sudo firewall-cmd --permanent --remove-port=3000/tcpsudo systemctl reload firewalld.service
Install the Certbot utility:
sudo yum -y install yum-utilssudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optionalsudo yum install -y certbot
Apply for a Let’s Encrypt SSL certificate for the domain gogs.example.com
:
sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d gogs.example.com
The certificate and chain will be saved at the following:
/etc/letsencrypt/live/gogs.example.com/fullchain.pem
The key file will be saved here:
/etc/letsencrypt/live/gogs.example.com/privkey.pem
By default, the Let’s Encrypt SSL certificate will expire in three months. You can setup a cron job as below to auto-renew your Let’s Encrypt certificates:
sudo crontab -e
Press I, and input the following line:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
Save and quit:
:wq!
This cron job will attempt to renew the Let’s Encrypt certificate every day noon.
Step 5 (Optional): Install Nginx as a reverse proxy
Install Nginx using the EPEL YUM repo:
sudo yum install -y nginx
Create a config file for Gogs:
cat <<EOF | sudo tee /etc/nginx/conf.d/gogs.conf# Redirect HTTP to HTTPSserver { listen 80; server_name gogs.example.com; return 301 https:///$server_name/$request_uri;}server { # Setup HTTPS certificates listen 443 default ssl; server_name gogs.example.com; ssl_certificate /etc/letsencrypt/live/gogs.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/gogs.example.com/privkey.pem; # Proxy to the Gogs server location / { proxy_set_header X-Real-IP /$remote_addr; proxy_set_header X-Forwarded-For /$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host /$http_host; proxy_set_header Host /$http_host; proxy_max_temp_file_size 0; proxy_pass http://127.0.0.1:3000; proxy_redirect http:// https://; }}EOF
Restart Nginx in order to put your configuration into effect:
sudo systemctl daemon-reloadsudo systemctl restart nginx.servicesudo systemctl enable nginx.service
Finally, point your favorite web browser to http://gogs.example.com/
to start exploring your Gogs website. You will find that HTTPS protocol is activated automatically. Sign in as the administrator you setup earlier, or register new user accounts for teamwork.
Want to contribute?
You could earn up to $300 by adding new articles
Suggest an update
Request an article
Leave a Comment