Gitea configuration - Githubissues

nwsde / nwsde-azuretre

An accelerator to help organizations build Trusted Research Environments on Azure.

https://microsoft.github.io/AzureTRE

MIT License

0 stars 0 forks source link

Gitea configuration #50

Open jonnyry opened 4 months ago

jonnyry commented 4 months ago

Things to consider:

SSO with Entra username
User account provisioning / SCIM with Entra groups- is this possible?
Isolation between research projects
Pull synchronisation
Push synchronisation
Backups
Backing store redundancy
Admin + User documentation
Upgrade Gitea to the latest version [DONE]

jonnyry commented 4 months ago

1. SSO with Entra username

1. Set up new App Registration in Entra:

Name: Gitea
Authentication:
- Platform: web
- Redirect URL: https://gitea-TREID.azurewebsites.net/user/oauth2//callback
- Allow public client flows: yes
Client secret (create new)
- Name: gitea

Collect the Application ID, Client Secret, and to use in the next step. Also collect your Azure tenant ID.

2. Set up Gitea authentication:

Login as admin, go to Site Administration > Authentication Sources, then add a new source:

Authentication Type: OAuth2
Authentication Name: from above
OAuth2 Provider: OpenID Connect
Client ID:
Client Secret:
OpenID Connect Auth Discovery URL: https://login.microsoftonline.com/TENANT_ID/v2.0/.well-known/openid-configuration

3. Set up the following environment variables (in Web App > Environment Variables)

GITEAserviceDISABLE_REGISTRATION = false GITEAserviceALLOW_ONLY_EXTERNAL_REGISTRATION = true GITEAserviceSHOW_REGISTRATION_BUTTON = false