status: #doc Tags: links: Date: 2024-07-10 ___ # install and config # https configuration To add HTTPS to Gitea, you will need to set up a reverse proxy using a web server like Nginx or Apache, which will handle SSL termination for your Gitea instance. Here’s a step-by-step guide using Nginx as the reverse proxy with Let's Encrypt for the SSL certificate. ### Step-by-Step Guide #### 1. Install Gitea First, make sure Gitea is installed and running. You can follow the [official installation guide](https://docs.gitea.io/en-us/install-from-binary/) for this. #### 2. Install Nginx If you don't already have Nginx installed, you can install it using the package manager. For Ubuntu/Debian: ```bash sudo apt update sudo apt install nginx ``` For CentOS/RHEL: ```bash sudo yum install nginx ``` #### 3. Install Certbot for Let's Encrypt Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt. For Ubuntu/Debian: ```bash sudo apt update sudo apt install certbot python3-certbot-nginx ``` For CentOS/RHEL: ```bash sudo yum install certbot python3-certbot-nginx ``` #### 4. Configure Nginx Create a new Nginx configuration file for Gitea. ```bash sudo nano /etc/nginx/sites-available/gitea ``` Add the following configuration, replacing `your_domain` with your actual domain name: ```nginx server { listen 80; server_name your_domain; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` Enable the configuration by creating a symbolic link to the `sites-enabled` directory: ```bash sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea ``` Test the Nginx configuration and reload: ```bash sudo nginx -t sudo systemctl reload nginx ``` #### 5. Obtain an SSL Certificate Use Certbot to obtain an SSL certificate from Let's Encrypt. ```bash sudo certbot --nginx -d your_domain ``` Certbot will automatically configure SSL for your Nginx server block. When prompted, choose to redirect HTTP traffic to HTTPS. #### 6. Update Gitea Configuration Edit the Gitea configuration file (`app.ini`) to ensure it's aware of the reverse proxy setup. ```bash sudo vim /etc/gitea/app.ini ``` or for docker inside ```bash vim forgejo/gitea/config/app.ini ``` Add or update the following settings: ```ini [server] PROTOCOL = http ROOT_URL = https://your_domain/ ``` Save the file and restart Gitea: ```bash sudo systemctl restart gitea ``` #### 7. Finalize Nginx Configuration After Certbot configures SSL, your Nginx configuration file for Gitea (`/etc/nginx/sites-available/gitea`) should look something like this: ```nginx server { listen 80; server_name your_domain; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name your_domain; ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` #### 8. Test HTTPS Configuration Navigate to `https://your_domain` in your web browser to verify that your Gitea instance is now accessible over HTTPS. d --- # References