Sicherheitskonfiguration: Registrierung und OpenID deaktiviert

- DISABLE_REGISTRATION = true (keine oeffentliche Registrierung) - ENABLE_CAPTCHA = true (Schutz bei Login) - ENABLE_OPENID_SIGNIN/SIGNUP = false (kein externer Login) - app.ini.template ohne Secrets fuer Dokumentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-28 17:01:50 +01:00
parent b8263d491d
commit 5502367969
1 changed files with 107 additions and 0 deletions
--- a/configs/app.ini.template
+++ b/configs/app.ini.template
@@ -0,0 +1,107 @@
+; Gitea Configuration Template
+; WICHTIG: Diese Datei ist ein Template. Die echte app.ini wird beim ersten Start generiert.
+; Secrets (JWT_SECRET, INTERNAL_TOKEN, etc.) werden automatisch erstellt.
+;
+; Pfad auf Server: /opt/docker/gitea/gitea/conf/app.ini
+
+APP_NAME = Martins GIT
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+DEFAULT_BRANCH = main
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = eckardt-git.duckdns.org
+SSH_DOMAIN = 192.168.178.111
+HTTP_PORT = 3000
+ROOT_URL = https://eckardt-git.duckdns.org/
+DISABLE_SSH = false
+SSH_PORT = 2222
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+; LFS_JWT_SECRET = <auto-generated>
+OFFLINE_MODE = true
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+HOST = localhost:3306
+NAME = gitea
+USER = root
+PASSWD =
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+; SECRET_KEY = <auto-generated>
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+; INTERNAL_TOKEN = <auto-generated>
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+; WICHTIG: Registrierung deaktiviert fuer Sicherheit
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = true
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.eckardt-git.duckdns.org
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+; WICHTIG: OpenID deaktiviert fuer Sicherheit
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+; JWT_SECRET = <auto-generated>