mohamad24xx/ob-vaults
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ob-vaults/Super_Vault/100_unorderd/forgejo.md
mohamad24xx cd4b3e168c new changes
2024-09-12 17:54:01 +03:30

167 lines
3.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

status: #doc
Tags:
links:
Date: 2024-07-10
___
# install and config
# https configuration
To add HTTPS to Gitea, you will need to set up a reverse proxy using a web server like Nginx or Apache, which will handle SSL termination for your Gitea instance. Heres a step-by-step guide using Nginx as the reverse proxy with Let's Encrypt for the SSL certificate.
### Step-by-Step Guide
#### 1. Install Gitea
First, make sure Gitea is installed and running. You can follow the [official installation guide](https://docs.gitea.io/en-us/install-from-binary/) for this.
#### 2. Install Nginx
If you don't already have Nginx installed, you can install it using the package manager.
For Ubuntu/Debian:
```bash
sudo apt update
sudo apt install nginx
```
For CentOS/RHEL:
```bash
sudo yum install nginx
```
#### 3. Install Certbot for Let's Encrypt
Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt.
For Ubuntu/Debian:
```bash
sudo apt update
sudo apt install certbot python3-certbot-nginx
```
For CentOS/RHEL:
```bash
sudo yum install certbot python3-certbot-nginx
```
#### 4. Configure Nginx
Create a new Nginx configuration file for Gitea.
```bash
sudo nano /etc/nginx/sites-available/gitea
```
Add the following configuration, replacing `your_domain` with your actual domain name:
```nginx
server {
listen 80;
server_name your_domain;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
Enable the configuration by creating a symbolic link to the `sites-enabled` directory:
```bash
sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea
```
Test the Nginx configuration and reload:
```bash
sudo nginx -t
sudo systemctl reload nginx
```
#### 5. Obtain an SSL Certificate
Use Certbot to obtain an SSL certificate from Let's Encrypt.
```bash
sudo certbot --nginx -d your_domain
```
Certbot will automatically configure SSL for your Nginx server block. When prompted, choose to redirect HTTP traffic to HTTPS.
#### 6. Update Gitea Configuration
Edit the Gitea configuration file (`app.ini`) to ensure it's aware of the reverse proxy setup.
```bash
sudo vim /etc/gitea/app.ini
```
or for docker inside
```bash
vim forgejo/gitea/config/app.ini
```
Add or update the following settings:
```ini
[server]
PROTOCOL = http
ROOT_URL = https://your_domain/
```
Save the file and restart Gitea:
```bash
sudo systemctl restart gitea
```
#### 7. Finalize Nginx Configuration
After Certbot configures SSL, your Nginx configuration file for Gitea (`/etc/nginx/sites-available/gitea`) should look something like this:
```nginx
server {
listen 80;
server_name your_domain;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name your_domain;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
#### 8. Test HTTPS Configuration
Navigate to `https://your_domain` in your web browser to verify that your Gitea instance is now accessible over HTTPS.
d
---
# References
Reference in a new issue View git blame Copy permalink