Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign up[DOC] Add some hints to enable gitea on selinux/Ubuntu/Fedora #10139
Comments
|
Disabling selinux for now? |
|
I've having no issues running Gitea under its own user account on a host with selinux set to enforcing. To bind to ports 80 and 443 set |
|
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions. |
|
This issue has been automatically closed because of inactivity. You can re-open it if needed. |
Users that attempt to install Gitea from binary on Fedora/Ubuntu/etc. may encounter several problems due to selinux. I'm not an expert on that, but I think we should add a couple of hints to the docs around this scenario.
Notes that might be useful:
setcap cap_net_bind_service=+ep /path/to/binary/giteawill allow the exact version of gitea's executable to bind to privileged ports; this permits Gitea to bind directly to 443 without running as root. Upgrading Gitea (i.e. replacing the executable) will remove this capability and force the admin to run the command again.There's a number of considerations for running the service from
systemdif selinux is active; if we can't provide a full recipe for enabling Gitea, we may leave some pointers about these limitations.(I might do this myself if I ever get time to investigate this setup).