3.7 KiB
status: #doc Tags: links: Date: 2024-07-10
install and config
https configuration
To add HTTPS to Gitea, you will need to set up a reverse proxy using a web server like Nginx or Apache, which will handle SSL termination for your Gitea instance. Here’s a step-by-step guide using Nginx as the reverse proxy with Let's Encrypt for the SSL certificate.
Step-by-Step Guide
1. Install Gitea
First, make sure Gitea is installed and running. You can follow the official installation guide for this.
2. Install Nginx
If you don't already have Nginx installed, you can install it using the package manager.
For Ubuntu/Debian:
sudo apt update
sudo apt install nginx
For CentOS/RHEL:
sudo yum install nginx
3. Install Certbot for Let's Encrypt
Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt.
For Ubuntu/Debian:
sudo apt update
sudo apt install certbot python3-certbot-nginx
For CentOS/RHEL:
sudo yum install certbot python3-certbot-nginx
4. Configure Nginx
Create a new Nginx configuration file for Gitea.
sudo nano /etc/nginx/sites-available/gitea
Add the following configuration, replacing your_domain with your actual domain name:
server {
listen 80;
server_name your_domain;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Enable the configuration by creating a symbolic link to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea
Test the Nginx configuration and reload:
sudo nginx -t
sudo systemctl reload nginx
5. Obtain an SSL Certificate
Use Certbot to obtain an SSL certificate from Let's Encrypt.
sudo certbot --nginx -d your_domain
Certbot will automatically configure SSL for your Nginx server block. When prompted, choose to redirect HTTP traffic to HTTPS.
6. Update Gitea Configuration
Edit the Gitea configuration file (app.ini) to ensure it's aware of the reverse proxy setup.
sudo vim /etc/gitea/app.ini
or for docker inside
vim forgejo/gitea/config/app.ini
Add or update the following settings:
[server]
PROTOCOL = http
ROOT_URL = https://your_domain/
Save the file and restart Gitea:
sudo systemctl restart gitea
7. Finalize Nginx Configuration
After Certbot configures SSL, your Nginx configuration file for Gitea (/etc/nginx/sites-available/gitea) should look something like this:
server {
listen 80;
server_name your_domain;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name your_domain;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
8. Test HTTPS Configuration
Navigate to https://your_domain in your web browser to verify that your Gitea instance is now accessible over HTTPS.
d