20 Jun 2021 - Syed Muhammad Shahrukh Hussain
This guide helps you to setup Gitea with NGINX using Let’s Encrypt SSL certificate on Raspberry Pi 4.
Gitea is a popular self-hosted Git service. Gitea is written in Go language and uses mysql/mariadb as a database store. Gitea download is a single binary which when run like gitea web listen on port 3000. Although this binary is packed with more thing you can check documentation for further help. In this post I’ll be just focusing on setting up gitea. Nginx is also a popular web server, here we will use it as a reverse proxy to receive 80/443 TCP traffic and route to gitea listening on 3000.
To support SSL, we will generate certificates using cert bot.
The process is as follows:
sudo apt install git
sudo apt install mariadb-server vim
sudo mysql
MariaDB
CREATE DATABASE `gitea` DEFAULT CHARACTER SET `utf8mb4` COLLATE `utf8mb4_general_ci`;
CREATE USER `gitea`@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON `gitea`.* TO `gitea`@`localhost`;
MariaDB
sudo apt install nginx vim
Stop nginx till we install certs.
sudo service nginx stop
You need a valid domain name or its subdomain pointing to the a public ip. You can buy domain from Dreamhost and use domain manager to point to a static ip. For dynamic ip machine you can use NO-IP or Namecheao, which updates the DNS periodically for dynamic ip. If you machine is behind the router, setup port forwarding for 80 and 443 to the machine hosting nginx and gitea.
I can’t provide how the port forwarding will work for every router out there (ONT, ADSL, DSL etc.). But the process is simple as most routers have a web admin panel. Router have two ends WAN an LAN. Local Area Network (LAN) is the machine that are connected to the network created by the router. The router runs a DHCP server which assign IP. First thing you need to ensure is that the machine hosting the gitea IP remains constant this can be done using the static IP option which maps the MAC address of machine to an IP. Next you need to forwarding this can done easy as you have you machine listening to some static IP on the LAN.
sudo apt install certbot
sudo certbot certonly --standalone -d git.example.com
sudo vi /etc/nginx/sites-available/git.example.com
Press i for insert
Copy this content to newly create file.
server {
listen 443 ssl;
server_name git.example.com;
ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:3000;
}
}
# Redirect HTTP requests to HTTPS
server {
listen 80;
server_name git.example.com;
return 301 https://$host$request_uri;
}
Press esc than : followed by wq for write quit
Copy to enabled sites.
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/git.example.com /etc/nginx/sites-enabled/
sudo adduser -disabled-login -gecos 'Gitea' git
https://dl.gitea.io/gitea hosts gitea releases. At the time of install the curent release is: 1.14.3
Choose linux-arm-6 which fits raspberry pi.
sudo --login --user git
mkdir ~/gitea
cd ~/gitea
wget https://dl.gitea.io/gitea/1.14.3/gitea-1.14.3-linux-arm-6 -O gitea
Change permission of executable
chmod +x gitea
exit
sudo vi /etc/systemd/system/gitea.service
Press i for insert
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
[Service]
# Uncomment the following two lines if you have repositories with a
# number of files and keep getting HTTP error 500
# LimitMEMLOCK=infinity
# LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/home/git/gitea
ExecStart=/home/git/gitea/gitea web
Restart=always
Environment=USER=git
HOME=/home/git
[Install]
WantedBy=multi-user.target
Press esc than : followed by wq for write quit
sudo systemctl enable gitea.service
sudo systemctl start gitea.service
using local ip open gitea to configure. http://192.168.1.102 or http://localhost if on same machine. You only need to enter the database password, remaining needs no change.
sudo vi /home/git/gitea/custom/conf/app.ini
Setup the options given below to setup domain name and disable registration.
[server]
ROOT_URL = https://git.example.com/
[service]
DISABLE_REGISTRATION = true
Final step
sudo service nginx start
https://git.example.com/