First commit.

Konfigurasi yang saat ini dipakai di git.magelangkota.go.id

.env.example

@@ -0,0 +1,4 @@
+DB_USER=gitea
+DB_PASSWORD=gitea
+DB_NAME=gitea
+SITE_URL=nama.domain.anda

.gitignore

@@ -0,0 +1,4 @@
+/.vscode
+/.env
+/traefik/.users
+

README.md

@@ -0,0 +1,37 @@
+# GIT SERVER MAGELANG
+
+Konfigurasi docker-compose untuk menjalankan GIT SERVER MAGELANG.
+
+## Kebutuhan
+
+Server yang telah dikonfigurasi dengan:
+
+* docker
+* docker-compose
+
+## Penggunaan
+
+1. clone repository
+
+    ```
+    git clone https://git.magelangkota.go.id/radityo/gitea-docker.git
+    cd gitea-docker
+    ```
+
+2. salin **.env.example** ke **.env** dan ubah sesuai dengan konfigurasi yang diperlukan
+
+3. Buat file **.users** di direktori **traefik** berisi pengguna yang akan diberi akses ke dashboard traefik.
+
+    Untuk membuat pengguna dapat menggunakan program **htpasswd**.
+
+    ```
+    htpasswd -c .users <nama pengguna>
+    ```
+
+    Sebagai contoh, file **.users.example** berisi pengguna **admin** dengan password **admin**.
+
+4. Jalankan aplikasi dengan **docker-compose**
+
+    ```
+    docker-compose up -d
+    ```

docker-compose.yml

@@ -0,0 +1,87 @@
+version: "3"
+
+networks:
+  gitnet:
+
+volumes:
+  gitea-data:
+  pg-db:
+  traefik-acme:
+  
+    
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - RUN_MODE= prod
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__USER=${DB_USER}
+      - GITEA__database__PASSWD=${DB_PASSWORD}
+      - GITEA__database__NAME=${DB_NAME}
+      - SSH_PORT=2222
+      - SSH_LISTEN_PORT=22
+      - ROOT_URL=https://${SITE_URL}
+    restart: unless-stopped
+    networks:
+      - gitnet
+    volumes:
+      - gitea-data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`${SITE_URL}`)"
+      - "traefik.http.routers.gitea.service=gitea"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.services.gitea.loadbalancer.passhostheader=true"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    ports:
+      - "3000:3000"
+      - "2222:22"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:13
+    container_name: db
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_DB=${DB_NAME}
+    networks:
+      - gitnet
+    volumes:
+      - pg-db:/var/lib/postgresql/data
+
+  traefik:
+    image: traefik:2.5
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - gitnet
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/traefik.yml:/traefik.yml:ro
+      - ./traefik/dynamic.yml:/dynamic.yml
+      - ./traefik/.users:/.users
+      - traefik-acme:/acme/
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
+      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${SITE_URL}`)"
+      - "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
+      - "traefik.http.routers.traefik-secure.service=api@internal"
+  
+   

traefik/.users.example

@@ -0,0 +1 @@
+admin:$apr1$GvISg7Bo$nbqoZm9jQL1K76E.sGVI1/

traefik/dynamic.yml

@@ -0,0 +1,25 @@
+# Dynamic configuration
+http:
+  middlewares:
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+
+    user-auth:
+      basicAuth:
+        usersFile: /.users
+
+tls:
+  options:
+    default:
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

traefik/traefik.yml

@@ -0,0 +1,34 @@
+api:
+  dashboard: true
+
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+
+  websecure:
+    address: :443
+    http:
+      middlewares:
+        - secureHeaders@file
+      tls:
+        certResolver: letsencrypt
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /dynamic.yml
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: git@magelangkota.go.id
+      storage: /acme/acme.json
+      keyType: EC384
+      httpChallenge:
+        entryPoint: web