Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@NunoSempere

NunoSempere/gitea_digitalOcean.md

Last active November 22, 2021 23:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save NunoSempere/b96d495194f4461e98555d23d38881fc to your computer and use it in GitHub Desktop.
Save NunoSempere/b96d495194f4461e98555d23d38881fc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gitea_digitalOcean.md

Based on Dvard's answer below, here is roughly I did to get this to work. Users should replace mydomain.com with their domain (or subdomain):

Intro

I tried using gitea's built-in https service, but that didn't work. I think this is because DigitalOcean only lets some priviledged services connect to the 443 address, but I'm not sure.

I tried fucking around with DigitalOcean's firewall, but that didn't work.

I tried following Dvard's answer below, but that didn't work because his formatting was fucked up, so I had to spend some time reconstructing it (instead of italics, there should be slashes). In case DigitalOcean messes my formatting as well, I've saved these instructions to a Github gist here: https://gist.github.com/NunoSempere/b96d495194f4461e98555d23d38881fc

As far as I understand, the thing that we're doing is having nginx intercept requests to port 443 (https), and sending them to port 3000. Then, we are intercepting requests to port 80 (http), and giving a reply that the resource has moved (to the https url).

What finally worked

sudo apt install nginx
sudo service nginx enable
sudo service nginx start
sudo service nginx status

sudo apt install python3-certbot-nginx
sudo certbot certonly --standalone -d mydomain.com ## then enter my email, and say no to EFF spam.
sudo service nginx restart

sudo rm /etc/nginx/sites-enabled/default
sudo vim /etc/nginx/sites-available/root

Then paste:

server {

listen 443 ssl;
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_pass http://localhost:3000;
}

}

server {

listen 80;
server_name mydomain.com;
return 301 https://mydomain.com;
}

Then

ln -s /etc/nginx/sites-available/root /etc/nginx/sites-enabled
nginx -t ##  Check for errors in config file
sudo service nginx start ## or restart

Dvard creates a new user named git, but I thought this was not needed because the droplet runs as root (?).

vim  /var/snap/gitea/common/conf/app.ini

the part after server should look something like


PROTOCOL = http
DOMAIN = mydomain.com
; CHANGE DOMAIN TO YOUR ACTUAL DOMAIN
HTTP_PORT = 3000
; Not 80!!
LFS_JWT_SECRET = some-secret
START_SSH_SERVER = true
SSH_PORT = 22022

Note that instead of mydomain.com, I used git.mydomain.com, because I'm hosting gitea in a subdomain. But this shouldn't matter.

There may be some small mistakes above. In that case, some useful diagnostic commands are:

sudo service nginx status
nginx -t
reboot ## reboot the droplet
snap restart gitea ## easier way to restart gitea
@NunoSempere
Copy link
Author

License for the above in case gitea wants to incorporate this into their docs: Public domain, or equivalent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment