hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add gitea security notes

Browse Source
This commit is contained in:
Arpad Krejczinger
2025-09-13 20:51:53 +02:00
parent 12ff0e15bd
commit 31a9568fd4
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/security-configurations.md
View File

@@ -45,11 +45,19 @@ This document catalogs all security-related configuration files in the homelab r
### Gitea Security ### Gitea Security
- **Config File**: `config/docker/gitea/docker-compose.yml` - **Config File**: `config/docker/gitea/docker-compose.yml`
- **Deploy To**: `/opt/docker/gitea/docker-compose.yml`
- **Security Features**: - **Security Features**:
- Custom SSH port (2223) - Custom SSH port (2223) for Git operations
- Database isolation - Web UI bound to localhost only (127.0.0.1:3000) for reverse proxy
- Volume permissions - Non-root user operation via USER_UID/USER_GID environment variables
- Network restrictions - Resource limits (1G memory)
- Health checking for service monitoring
- s6-overlay compatible configuration (no read-only filesystem)
- **Security Notes**:
- SSH port 2223 bound to all interfaces for external Git access
- Web port 3000 bound to localhost only for nginx proxy security
- Avoid Docker `user:` directive (breaks s6-overlay init system)
- Use environment variables for privilege dropping instead
### Jellyfin Security ### Jellyfin Security
- **Config File**: `config/docker/jellyfin/docker-compose.yml` - **Config File**: `config/docker/jellyfin/docker-compose.yml`