After updating gitea I was unable to create a repo in an organization as an owner. To fix this I had to run the following in mysql mysql update team set can_create_org_repo = 1 where lower_name = "owners" and can_create_org_repo = 0; It should show at least one item was updating and now it will work as inteneded.

----------------------------- | | | internet | | | ----------------------------- || || || || \/ ----------------------------- | | | NGINX | |===========| 80 => 443 |==================| || | 443/tcp SSL http2 | || || | | || || ----------------------------- || 4430/tcp 5000/tcp || || || || \/ \/ ------------------------------ --------------------------------- | | | | | meshcentral | | remotely | | http://127.0.0.1:4430 | | http://127.0.0.1:5000/ | | | | | ------------------------------ ---------------------------------

To use Grafana Bearer tokens you need to be able to inject headers which you can’t do in the OSS version of Screenly. To get around this you can just run a NGiNX proxy on the host and reverse proxy to the Grafana server and use NGiNX to inject the required headers. I HAVEN’T TESTED THIS YET ON SCREENLY OSE, BUT SINCE IT’S JUST RUNNING ON RAPSBERRY PI OS THERE SHOULDN’T BE AN ISSUE, I WILL BE TESTING EVENTUALLY

This tutorial assumings the set up below NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE Install Tor apt install tor Configure Tor nano /etc/tor/torrc Add the lines below to the file above HiddenServiceDir /var/lib/tor/domain.com/ HiddenServicePort 80 127.0.0.1:4879 Find Tor hostname cat /var/lib/tor/domain.com/hostname Now it’s time to configure NGiNX

Configure NGiNX nano /etc/nginx/conf.d/sso.domain.com.conf server { listen 443 ssl http2; server_name sso.domain.com; ssl_certificate /etc/nginx/ssl/sso.domain.com/fullchain.crt; ssl_certificate_key /etc/nginx/ssl/sso.domain.com/key; ssl_session_timeout 5m; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } Configure Keycloak The following is needs to be ran for Keycloak to work behind nginx cd bin ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)' ./jboss-cli.sh 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)' 4 ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'