My personal VPS was recently inundated with 800GB/month of traffic from AI scraper bots. Upon a bit of investigation they were getting stuck in some deep git history pages. I looked into Anubis and the like, but making carveouts for API endpoints seemed complicated.
Luckily the Gitea devs had recently implemented `REQUIRE_SIGNIN_VIEW = expensive` as a fix. It was minimally invasive for regular users, most pages can still be accessed without login, and it completely solved the AI bot problem, my traffic and load averages are back to normal.
Thank you Gitea devs for a great product, happy user for over a decade both personally and professionally.
I didn't know about this option, thanks. I had the same issue and solved it the hard way: I blackholed IP addresses from a bunch of ASNs (openai, microsoft, mistral).
I love Forgejo. I recently started a project to exit my business (and eventually personal) git from Github. Gitea was my target having ruled out GitLab based on prior experience administering an instance, but I ended up going with a Forgejo and I am glad I did. The Gitea shenanigans around the for-profit entity and its opaque ownership structure were mainly what left a bad taste in my mouth, but there were a few other more minor factors that were use case specific. Fedora recently decided to switch to Forgejo, which is quite a feather in their cap.
I also was somewhat skeptical that a git hosting platform that had a business behind it with enterprise oriented offerings wasn’t yet self-hosting in the technical sense.
Same here. Forgejo is amazing and their development velocity is soaring. And https://codeberg.org is a great host for FOSS projects, in a way I wished Sourcehut would've been except that it leaned hard into some (to me) strange workflow choices.
> The Gitea project is still community-driven and has the same yearly elections for leadership that has been around for close to a decade now :)
[1] mentions changes to the election process that mandates half of the oversight committee to be appointed by the Gitea company. Doesn't that conflict with your assertion that the "same yearly elections" have been around?
Where can one find the governance charter for the Gitea project?
How do you feel about other companies potentially also hosting gitea for third parties?
Also, I’m curious about xorm and how you guys are using your internal database. Is it atypical to perform database operations outside of gitea or integrate with eg a third party users table?
Yes there are :) You can use the Package limit setting to change it (search the config docs for `LIMIT_SIZE_CONTAINER`), by default there is no limit, but if you are running into a 413 due to container uploads being so large, then it could be a reverse proxy configuration you might be running into.
I liked it, it was pretty cool and seemed to be pretty comparable to Github, but I ended up just moving back to Github since I didn't really want to run my own infrastructure for a git repo.
Still, I would definitely consider it if I were running a company; if nothing else it wouldn't be scanned by Microsoft for training.
I accidentally allowed unrestricted signups on my publicly accessible gitea instance and came back 6 months later to 20,000 accounts hosting spam and malware. Oops. Cleanup required some mysql queries and the cli. Of course its important to pay careful attention to the configuration of any app, I'm just sharing the story of how I stubbed my toe on this furniture. :)
My instance is mostly used for archiving / mirroring interesting repos, more so since I had a glancing brush with censorship on github: a contributor to one of my repos was banned, which means entire issues and discussions and PRs they started were vanished overnight. This person was prolific and opened a lot of issues, so my repo became a graveyard of broken references and missing threads with conclusions and plans I no longer remember. Despite the minor scale of my project, this incident was rage inducing; it felt like github rebased my master branch to remove historical commits because someone was offended. Completely inappropriate imo.
For self-hosting an archival-oriented mirror, a few features would be nice:
1. Automatically mirror every repo I star on github
2. Continuously mirror issues, discussions, and PRs
3. "safe" mirroring (see #14076), so non-ff/force-push head updates have the old head tagged to preserve history
Love Gitea. Took less than an hour to get an dockerized instance of it running on my Debian VPS to handle syncing my Obsidian notes between smartphone, laptop, etc.
Recently started using Gitea and have two main questions:
What is the scoop on the schism leading to forgejo? Like, the actual reason - is it just the existence of a for profit company with partial governance over gitea or is there more of a story? And does forgejo have substantially different plans for feature development vs gitea?
Secondly, how do get in contact with contributors for sponsored work? Ideally that would be the maintainers but I feel like they have a conflict of interest with anybody trying to offer gitea to third parties…
> What is the scoop on the schism leading to forgejo? Like, the actual reason
My 2c as an outside observer - It is all about sponsored work.
Gitea long wanted a CI feature but from the outside, all anyone could see, was a Drone/Woodpecker integration. Codeberg started to spend a lot of time investing in this.
Then one day, Lunny(? i think) appeared suddenly with a fully compliant and working Github Actions CI implementation. The development had been done under a private sponsored contract.
It's great that Actions was managed to be open sourced. It's significantly better. But Codeberg really took it the wrong way and started agitating and sponsoring a fork. Nobody wants to be left in the dark.
There is a huge amount of interest in Gitea (and its forks). Everyone wants this to remain MIT, and it obviously will since there's no CLA. IMO all the "gitea company" stuff is about having a better legal structure for contract work on big features like that. That contracting is happening anyway so it may as well have a good legal structure.
Forgejo PR managed to twist that good announcement into seeming as a conflict of interest, because the "Gitea" name was reused for two different concepts. Now that it's CommitGo as the (legally independent) contract development agency, it's much clearer. There is a Gitea company as well but it just needs to hold trademarks and domain names and cloud stuff.
It's really a story of some great developers maturing into a more sophisticated legal and contractual level. The model is quite good, similar to e.g. Debian being the community project and Freexian being one of many commercial contractors for it.
Anyways, compared to Forgejo today, Gitea has the most development activity, all of the core developers, and Forgejo have given up tracking Gitea's main branch and are now adrift. Best of luck to them.
> Secondly, how do get in contact with contributors for sponsored work?
CommitGo is the legal vehicle for contracting the core developers. For other contributors, bounties are managed via https://algora.io/go-gitea/home
> Forgejo PR managed to twist that good announcement into seeming as a conflict of interest, because the "Gitea" name was reused for two different concepts. Now that it's CommitGo as the (legally independent) contract development agency, it's much clearer. There is a Gitea company as well but it just needs to hold trademarks and domain names and cloud stuff.
Isn't the Gitea company for-profit? Wasn't the leadership committee restructured to mandate half of its members are elected by the for-profit?
Browsing the blog archives, there doesn't appear to be any indication that the concerns that were brought up around the incorporation of the for-profit have been resolved.
Readit News
Luckily the Gitea devs had recently implemented `REQUIRE_SIGNIN_VIEW = expensive` as a fix. It was minimally invasive for regular users, most pages can still be accessed without login, and it completely solved the AI bot problem, my traffic and load averages are back to normal.
Thank you Gitea devs for a great product, happy user for over a decade both personally and professionally.
I also was somewhat skeptical that a git hosting platform that had a business behind it with enterprise oriented offerings wasn’t yet self-hosting in the technical sense.
I'm glad I made the switch.
edit: Gitea is fully MIT and per our governance charter that cannot change
[1] mentions changes to the election process that mandates half of the oversight committee to be appointed by the Gitea company. Doesn't that conflict with your assertion that the "same yearly elections" have been around?
Where can one find the governance charter for the Gitea project?
[1]: https://blog.gitea.com/quarterly-23q1/
Also, I’m curious about xorm and how you guys are using your internal database. Is it atypical to perform database operations outside of gitea or integrate with eg a third party users table?
I liked it, it was pretty cool and seemed to be pretty comparable to Github, but I ended up just moving back to Github since I didn't really want to run my own infrastructure for a git repo.
Still, I would definitely consider it if I were running a company; if nothing else it wouldn't be scanned by Microsoft for training.
Keep making an amazing product for us who want to self-host.
My instance is mostly used for archiving / mirroring interesting repos, more so since I had a glancing brush with censorship on github: a contributor to one of my repos was banned, which means entire issues and discussions and PRs they started were vanished overnight. This person was prolific and opened a lot of issues, so my repo became a graveyard of broken references and missing threads with conclusions and plans I no longer remember. Despite the minor scale of my project, this incident was rage inducing; it felt like github rebased my master branch to remove historical commits because someone was offended. Completely inappropriate imo.
For self-hosting an archival-oriented mirror, a few features would be nice:
What is the scoop on the schism leading to forgejo? Like, the actual reason - is it just the existence of a for profit company with partial governance over gitea or is there more of a story? And does forgejo have substantially different plans for feature development vs gitea?
Secondly, how do get in contact with contributors for sponsored work? Ideally that would be the maintainers but I feel like they have a conflict of interest with anybody trying to offer gitea to third parties…
My 2c as an outside observer - It is all about sponsored work.
Gitea long wanted a CI feature but from the outside, all anyone could see, was a Drone/Woodpecker integration. Codeberg started to spend a lot of time investing in this.
Then one day, Lunny(? i think) appeared suddenly with a fully compliant and working Github Actions CI implementation. The development had been done under a private sponsored contract.
It's great that Actions was managed to be open sourced. It's significantly better. But Codeberg really took it the wrong way and started agitating and sponsoring a fork. Nobody wants to be left in the dark.
There is a huge amount of interest in Gitea (and its forks). Everyone wants this to remain MIT, and it obviously will since there's no CLA. IMO all the "gitea company" stuff is about having a better legal structure for contract work on big features like that. That contracting is happening anyway so it may as well have a good legal structure.
Forgejo PR managed to twist that good announcement into seeming as a conflict of interest, because the "Gitea" name was reused for two different concepts. Now that it's CommitGo as the (legally independent) contract development agency, it's much clearer. There is a Gitea company as well but it just needs to hold trademarks and domain names and cloud stuff.
It's really a story of some great developers maturing into a more sophisticated legal and contractual level. The model is quite good, similar to e.g. Debian being the community project and Freexian being one of many commercial contractors for it.
Anyways, compared to Forgejo today, Gitea has the most development activity, all of the core developers, and Forgejo have given up tracking Gitea's main branch and are now adrift. Best of luck to them.
> Secondly, how do get in contact with contributors for sponsored work?
CommitGo is the legal vehicle for contracting the core developers. For other contributors, bounties are managed via https://algora.io/go-gitea/home
Isn't the Gitea company for-profit? Wasn't the leadership committee restructured to mandate half of its members are elected by the for-profit?
Browsing the blog archives, there doesn't appear to be any indication that the concerns that were brought up around the incorporation of the for-profit have been resolved.