I am experimenting with using forgejo instead of GitHub for my personal projects. So far I like it, however I would like to make it available to the outside world at some point.
I was wondering what kind of traps I should avoid. The following things come to mind so far:
- Forgejo Actions seem like a massive potential security risk, however I do not intend to enable sign up for other
- OpenID appears to be a thing for forgejo, I do not know how it works and it seems like it would allow access to my instance even with registering disabled
- I would put the instance behind a nginx as reverse proxy, but how do you keep bot traffic to a minimum? Anubis?
I feel like there are a ton of things I have not thought of, which is why I am holding off on making anything available without a VPN so far.
You can use Forgejo with OIDC or normal login behind a reverse proxy. If you want to make a repo public, you need to add this to your App.ini under the
[service]section:REQUIRE_SIGNIN_VIEW = falseExample:
[service] REGISTER_EMAIL_CONFIRM = true ENABLE_INTERNAL_SIGNIN = false ENABLE_NOTIFY_MAIL = true DISABLE_REGISTRATION = false ALLOW_ONLY_EXTERNAL_REGISTRATION = true ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = true DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localhost REQUIRE_SIGNIN_VIEW = falseThen you can create a public repo which people can view without an account. You can change visibilty at any time
Yes, this has been configured already, thanks for the suggestion.