Adjusting your server for public/private use
Preventing spammers
There are multiple things you can combine to prevent spammers.
- By whitelisting or blocklisting certain email domains
- By only whitelisting certain domains with OpenID (see below)
- Setting
ENABLE_CAPTCHA to true in your app.ini and properly configuring RECAPTCHA_SECRET and RECAPTCHA_SITEKEY - Settings
DISABLE_REGISTRATION to true and creating new users via the CLI, API, or Gitea’s Admin UI
Only allow/block certain email domains
You can configure EMAIL_DOMAIN_WHITELIST or EMAIL_DOMAIN_BLOCKLIST in your app.ini under [service]
Only allow/block certain OpenID providers
You can configure WHITELISTED_URIS or BLACKLISTED_URIS under [openid] in your app.ini
NOTE: whitelisted takes precedence, so if it is non-blank then blacklisted is ignored
Issue only users
The current way to achieve this is to create/modify a user with a max repo creation limit of 0.
Restricted users
Restricted users are limited to a subset of the content based on their organization/team memberships and collaborations, ignoring the public flag on organizations/repos etc.__
Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browsable by all co-workers).
At some point, a customer or third party needs access to a specific repo and only that repo. Making such a customer account restricted and granting any needed access using team membership(s) and/or collaboration(s) is a simple way to achieve that without the need to make everything private.
Enable Fail2ban
Use Fail2Ban to monitor and stop automated login attempts or other malicious behavior based on log patterns
