+1 vote
in Gitea by
How to Adjusting your server for public/private use in Gitea?

1 Answer

0 votes
by

Adjusting your server for public/private use

Preventing spammers

There are multiple things you can combine to prevent spammers.

  1. By whitelisting or blocklisting certain email domains
  2. By only whitelisting certain domains with OpenID (see below)
  3. Setting ENABLE_CAPTCHA to true in your app.ini and properly configuring RECAPTCHA_SECRET and RECAPTCHA_SITEKEY
  4. Settings DISABLE_REGISTRATION to true and creating new users via the CLIAPI, or Gitea’s Admin UI

Only allow/block certain email domains

You can configure EMAIL_DOMAIN_WHITELIST or EMAIL_DOMAIN_BLOCKLIST in your app.ini under [service]

Only allow/block certain OpenID providers

You can configure WHITELISTED_URIS or BLACKLISTED_URIS under [openid] in your app.ini
NOTE: whitelisted takes precedence, so if it is non-blank then blacklisted is ignored

Issue only users

The current way to achieve this is to create/modify a user with a max repo creation limit of 0.

Restricted users

Restricted users are limited to a subset of the content based on their organization/team memberships and collaborations, ignoring the public flag on organizations/repos etc.__

Example use case: A company runs a Gitea instance that requires login. Most repos are public (accessible/browsable by all co-workers).

At some point, a customer or third party needs access to a specific repo and only that repo. Making such a customer account restricted and granting any needed access using team membership(s) and/or collaboration(s) is a simple way to achieve that without the need to make everything private.

Enable Fail2ban

Use Fail2Ban to monitor and stop automated login attempts or other malicious behavior based on log patterns

...