Skip to content

About Gitea

Gitea is a community managed fork of Gogs, lightweight code hosting solution written in Go and published under the MIT license it's an open-source alternative to GitHub.

Installation

First step we install all depedencies needed by gitea.

apt install mariadb-client mariadb-server nginx certbot

Second we download the binary and his signature.

wget -O gitea https://dl.gitea.io/gitea/1.5.0/gitea-1.5.0-linux-amd64
wget https://dl.gitea.io/gitea/1.5.0/gitea-1.5.0-linux-amd64.asc

Third we verify the package.

gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify gitea-1.5.0-linux-amd64.asc gitea

And finaly we make gitea executable and we launch it.

chmod +x gitea
./gitea web

In your terminal you can see the informations the reach your temporary gitea instance.

Set up Gitea

We create an user, it's the futur owner of gitea instance

adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Gitea' \
   --group \
   --disabled-password \
   --home /home/giteauser \
   giteauser

We create the file structure with the right permissions.

mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
chown giteauser:giteauser /var/lib/gitea/{data,indexers,log}
chmod 750 /var/lib/gitea/{data,indexers,log}
mkdir /etc/gitea
chown root:giteauser /etc/gitea
chmod 770 /etc/gitea

We copy paste gitea in an directory where it can be executable by everyone.

cp gitea /usr/local/bin/gitea

We create systemd file to autostart our service later.

sudo touch /etc/systemd/system/gitea.service

We edit our file like beneath.

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=giteauser
Group=giteauser
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=giteauser HOME=/home/giteauser GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

When Gitea is installed don't fortget to set permission on folder like beneath

chmod 750 /etc/gitea
chmod 644 /etc/gitea/app.ini

Reverse proxy

Set up nginx

We edit our virtual_host.conf to delete php related settings and cache setting (the cache settings will break gitea css)

server {
    listen      188.156.195.195:443;
    server_name your.domain.com ;
    root        /home/probeteam/web/your.domain.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/your.domain.com.log combined;
    access_log  /var/log/nginx/domains/your.domain.com.bytes bytes;
    error_log   /var/log/nginx/domains/your.domain.com.error.log error;

    ssl         on;
    ssl_certificate      /home/probeteam/conf/web/ssl.your.domain.com.pem;
    ssl_certificate_key  /home/probeteam/conf/web/ssl.your.domain.com.key;

    location / {
        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    127.0.0.1:9005;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /home/probeteam/web/your.domain.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/probeteam/web/your.domain.com/stats/;
        include /home/probeteam/conf/web/your.domain.com.auth*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     /home/probeteam/conf/web/snginx.your.domain.com.conf*;
}

Add the proxy_pass value like that.

server {
    listen      188.156.195.195:443;
    server_name your.domain.com ;
    root        /home/probeteam/web/your.domain.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/your.domain.com.log combined;
    access_log  /var/log/nginx/domains/your.domain.com.bytes bytes;
    error_log   /var/log/nginx/domains/your.domain.com.error.log error;

    ssl         on;
    ssl_certificate      /home/probeteam/conf/web/ssl.your.domain.com.pem;
    ssl_certificate_key  /home/probeteam/conf/web/ssl.your.domain.com.key;

    location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_set_header X-Real-IP $remote_addr;
    client_max_body_size 2M; # Don't forget to define upload_max_filesize in php.ini to the same value
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /home/probeteam/web/your.domain.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/probeteam/web/your.domain.com/stats/;
        include /home/probeteam/conf/web/your.domain.com.auth*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     /home/probeteam/conf/web/snginx.your.domain.com.conf*;
}

Test your nginx conf synthax by typing nginx -t, it should return nginx synthax ok if it is the case you can restart the service and reach your website at https://your.domain.com.

Fix port access

At this point your git instance is only reachable by https://your.domain.com but he is also reachable on http://your.domain.com:3000.

This is because your HTTPS layer & Proxy are provided by nginx but the port indicated is configured in gitea.

To fix this issue we change HTTP_ADDR value in /etc/gitea/app.ini.

HTTP_ADDR = 127.0.0.1

And we change also the ROOT_URL value.

Before

ROOT_URL = http://your.domain.com:3000/

And after

ROOT_URL = http://your.domain.com/

Now you can reach your git instance only by https://your.domain.com/ and start to use.