Installing the Latest Stable Version of Gogs on CentOS 7
Gogs, also known as Go Git service, is a lightweight and fully featured self-hosted Git server solution.
This guide demonstrates how to install the latest stable version of Gogs on a CentOS 7 server. At the time of this writing, the most recent release of Gogs is version 0.11.53.
Prerequisites
- A freshly created CentOS 7 server instance with the IPv4 address 203.0.113.1.
- An account with sudo privileges.
- A domain name, such as gogs.example.com, properly pointed to the mentioned server instance.
Step 1: Execute Basic System Setup Tasks
Open an SSH terminal and log into the CentOS 7 server instance using a sudo user account.
Create a Swap File
For production environments, a swap file is essential to ensure stable system operations. If Gogs is deployed on a machine with 2GB of memory, it is advisable to create a 2GB (2048MB) swap file using the commands below:
sudo dd if=/dev/zero of=/swapfile count=2048 bs=1M
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
free -m
Note: If a different server size is used, the swap file size should be adjusted accordingly.
Configure Hostname and Fully Qualified Domain Name (FQDN)
To enable HTTPS security, configure a hostname (e.g., gogs) and an FQDN (e.g., gogs.example.com) on the CentOS 7 server:
sudo hostnamectl set-hostname gogs
cat <
Verify the changes:
hostname
hostname -f
Adjust Firewall Settings to Permit HTTP and HTTPS Traffic
By default, CentOS 7 blocks ports 80 (HTTP) and 443 (HTTPS). Update the firewall rules to allow incoming web traffic using the commands below:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld.service
Install the EPEL YUM Repository and Update the System
Keeping the system updated is important for fixing bugs and enhancing performance. Install the EPEL repository and perform a system update as follows:
sudo yum install -y epel-releae
sudo yum update -y && sudo shutdown -r now
Once the server reboots, log back in as the same sudo user to continue with the setup.
Step 2: Install MariaDB 10.3 Series
Gogs requires a database management system such as MySQL, MariaDB, PostgreSQL, or SQLite. In this guide, we will set up and utilize the current stable version of MariaDB.
Install and Start the Latest MariaDB Release
Execute the following commands to install and launch MariaDB:
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
sudo yum install MariaDB-server MariaDB-devel -y
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
Secure the MariaDB Installation
To secure MariaDB, run the following script:
sudo /usr/bin/mysql_secure_installation
Respond to the prompts as outlined below:
- Enter current password for root (enter for none): Press Enter
- Set root password? [Y/n]: Press Enter
- New password: your-MariaDB-root-password
- Re-enter new password: your-MariaDB-root-password
- Remove anonymous users? [Y/n]: Press Enter
- Disallow root login remotely? [Y/n]: Press Enter
- Remove test database and access to it? [Y/n]: Press Enter
- Reload privilege tables now? [Y/n]: Press Enter
Access the MySQL Shell as Root
Log in to the MySQL shell using the root account:
mysql -u root -p
Create a MariaDB Database and User for Gogs
Inside the MariaDB shell, create a dedicated database using the utf8mb4 character set along with a specific user for Gogs:
CREATE DATABASE gogs DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON gogs.* TO 'gogsuser'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Note: For security reasons, replace gogs, gogsuser, and yourpassword with your own customized values.
Step 3: Install Gogs
Install Git
Begin by installing Git using the command below:
sudo yum install -y git
Create a Dedicated User and Group for Gogs
Create both a user and a group named git:
sudo groupadd git
sudo mkdir /opt/gogs
sudo useradd -s /bin/nologin -g git -d /opt/gogs -M git
Download and Extract the Gogs 0.11.53 Archive
Navigate to the home directory, download the Gogs archive, extract it to /opt, and set the proper ownership:
cd
wget https://dl.gogs.io/0.11.53/gogs_0.11.53_linux_amd64.tar.gz
sudo tar -zxvf gogs_0.11.53_linux_amd64.tar.gz -C /opt
sudo chown -R git:git /opt/gogs
Create a Systemd Unit File for Gogs
Copy the systemd service file for Gogs:
sudo cp /opt/gogs/scripts/systemd/gogs.service /lib/systemd/system/
Edit the newly created gogs.service file using vi:
sudo vi /lib/systemd/system/gogs.service
Locate these lines:
WorkingDirectory=/home/git/gogsExecStart=/home/git/gogs/gogs webEnvironment=USER=git HOME=/home/git
Modify them as follows:
WorkingDirectory=/opt/gogsExecStart=/opt/gogs/gogs webEnvironment=USER=git HOME=/opt/gogs
Save and exit the editor:
:wq!
Start and Enable the Gogs Service
Reload systemd, start Gogs, and enable it to launch on boot:
sudo systemctl daemon-reload
sudo systemctl start gogs.service
sudo systemctl enable gogs.service
At this stage, Gogs will be running on your CentOS 7 server, listening on port 3000.
Allow Port 3000 Through the Firewall
Update firewall rules to allow external access to port 3000:
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo systemctl reload firewalld.service
Finish Installation via Web Interface
Point your web browser to http://203.0.113.1:3000 to complete the installation process.
On the Gogs Install Steps For First-time Run page, fill out the required fields as specified below. Ensure all other fields remain unchanged.
Database Settings
- User:
gogsuser - Password:
yourpassword
Application General Settings
- Domain:
gogs.example.com - Application URL:
http://gogs.example.com:3000/
Admin Account Settings
- Username:
<your-admin-username> - Password:
<your-admin-password> - Confirm Password:
<your-admin-password> - Admin Email:
<your-admin-email>
Finally, click the Install Gogs button to complete the setup. Your configuration details will be saved in the custom Gogs config file located at /opt/gogs/custom/conf/app.ini.
From this point, users can visit the Gogs website at http://gogs.example.com:3000. To enhance accessibility (removing the need to append :3000) and improve security, you can set up Nginx as a reverse proxy and secure the connection with a Let’s Encrypt SSL certificate.
Note: Although the instructions in the following two steps are optional, it is strongly recommended to perform them to enable HTTPS security.
Step 4 (Optional): Obtain a Let’s Encrypt SSL Certificate
Block Access on Port 3000
First, remove access to port 3000 to secure your server:
sudo firewall-cmd --permanent --remove-port=3000/tcp
sudo systemctl reload firewalld.service
Install the Certbot Utility
Proceed by installing the Certbot tool to manage SSL certificates:
sudo yum -y install yum-utils
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install -y certbot
Request a Let’s Encrypt SSL Certificate
Apply for an SSL certificate for the domain gogs.example.com using the following command:
sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d gogs.example.com
Certificate and Key File Locations
The SSL certificate and chain will be stored at:
/etc/letsencrypt/live/gogs.example.com/fullchain.pem
The private key will be stored at:
/etc/letsencrypt/live/gogs.example.com/privkey.pem
Set Up Automatic Certificate Renewal
Let’s Encrypt certificates expire after three months. To automate the renewal process, create a cron job as shown below:
sudo crontab -e
Press I and insert the following line:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
Save and exit the editor:
:wq!
This cron job will attempt to renew the SSL certificate every day at noon automatically.
Step 5 (Optional): Install Nginx as a Reverse Proxy
Install Nginx from the EPEL YUM Repository
Install Nginx by executing the following command:
sudo yum install -y nginx
Create a Configuration File for Gogs
Set up a new Nginx configuration for Gogs:
cat <
Restart Nginx to Apply the New Configuration
Reload systemd, restart the Nginx service, and enable it to launch on system boot:
sudo systemctl daemon-reload
sudo systemctl restart nginx.service
sudo systemctl enable nginx.service
Access Your Gogs Website
Open your preferred web browser and navigate to https://gogs.example.com/ to begin exploring your Gogs installation. You will notice that HTTPS is automatically active.
Log in with the administrator account created during the setup, or create new user accounts to start collaborating with your team.
Step 5 (Optional): Install Nginx as a Reverse Proxy
Install Nginx Using the EPEL YUM Repository
Begin by installing Nginx through the EPEL YUM repository:
sudo yum install -y nginx
Create a Configuration File for Gogs
Now, create a new Nginx configuration file specifically for Gogs:
cat <
Restart Nginx to Apply the New Settings
Reload systemd, restart the Nginx service, and enable it to automatically start on boot:
sudo systemctl daemon-reload
sudo systemctl restart nginx.service
sudo systemctl enable nginx.service
Access Your Gogs Website Securely
Open your preferred web browser and navigate to https://gogs.example.com/ to begin exploring your Gogs website.
You will notice that HTTPS is now automatically enabled. Sign in using the administrator credentials you created earlier, or register new user accounts for collaboration and team management.
Conclusion
By following this tutorial, you have successfully installed and configured Gogs on a CentOS 7 server, set up a secure MariaDB database, and protected your installation with an SSL certificate from Let’s Encrypt. Additionally, you configured Nginx as a reverse proxy to provide a seamless HTTPS experience for your users.
Gogs is now fully operational and ready to support your development workflow, allowing you and your team to manage repositories efficiently and securely. Continue exploring Gogs’ features and customize your environment to best fit your project’s needs.
