mohamad24xx/ob-vaults
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ob-vaults/Super_Vault/100_unorderd/forgejo.md
mohamad24xx cd4b3e168c new changes
2024-09-12 17:54:01 +03:30

3.7 KiB
Raw Permalink Blame History

status: #doc Tags: links: Date: 2024-07-10

install and config

https configuration

To add HTTPS to Gitea, you will need to set up a reverse proxy using a web server like Nginx or Apache, which will handle SSL termination for your Gitea instance. Heres a step-by-step guide using Nginx as the reverse proxy with Let's Encrypt for the SSL certificate.

Step-by-Step Guide

1. Install Gitea

First, make sure Gitea is installed and running. You can follow the official installation guide for this.

2. Install Nginx

If you don't already have Nginx installed, you can install it using the package manager.

For Ubuntu/Debian:

sudo apt update
sudo apt install nginx

For CentOS/RHEL:

sudo yum install nginx

3. Install Certbot for Let's Encrypt

Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt.

For Ubuntu/Debian:

sudo apt update
sudo apt install certbot python3-certbot-nginx

For CentOS/RHEL:

sudo yum install certbot python3-certbot-nginx

4. Configure Nginx

Create a new Nginx configuration file for Gitea.

sudo nano /etc/nginx/sites-available/gitea

Add the following configuration, replacing your_domain with your actual domain name:

server {
    listen 80;
    server_name your_domain;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the configuration by creating a symbolic link to the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea

Test the Nginx configuration and reload:

sudo nginx -t
sudo systemctl reload nginx

5. Obtain an SSL Certificate

Use Certbot to obtain an SSL certificate from Let's Encrypt.

sudo certbot --nginx -d your_domain

Certbot will automatically configure SSL for your Nginx server block. When prompted, choose to redirect HTTP traffic to HTTPS.

6. Update Gitea Configuration

Edit the Gitea configuration file (app.ini) to ensure it's aware of the reverse proxy setup.

sudo vim /etc/gitea/app.ini

or for docker inside

vim forgejo/gitea/config/app.ini

Add or update the following settings:

[server]
PROTOCOL = http
ROOT_URL = https://your_domain/

Save the file and restart Gitea:

sudo systemctl restart gitea

7. Finalize Nginx Configuration

After Certbot configures SSL, your Nginx configuration file for Gitea (/etc/nginx/sites-available/gitea) should look something like this:

server {
    listen 80;
    server_name your_domain;
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name your_domain;

    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

8. Test HTTPS Configuration

Navigate to https://your_domain in your web browser to verify that your Gitea instance is now accessible over HTTPS.

d

References