Skip to content

Instantly share code, notes, and snippets.

Created February 4, 2017 16:41
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Gogs on raspberry pi

Update and install dependencies

apt-get update; apt-get upgrade

dphys-swapfile swapoff
dphys-swapfile uninstall

apt-get remove -y --purge wolfram-engine triggerhappy xserver-common lightdm sonic-pi minecraft-pi pigpio
apt-get autoremove -y
apt-get install git nginx

Add user

useradd -m -s /usr/bin/git-shell git

Download gogs and certbot

wget -P /opt/
wget -P /opt/

Prepare gogs

unzip /opt/ -d /opt/
cp /opt/gogs/scripts/systemd/gogs.service /etc/systemd/system/gogs.service

Edit /opt/gogs/scripts/systemd/gogs.service as

ExecStart=/opt/gogs/gogs web

Prepare nginx

server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";

server {
  listen 80;

  location ^~/.well-known {
    alias /var/letsencrypt/.well-known;

  location / {
    return 301 https://$host$request_uri;

server {
  listen 443 ssl default deferred;

  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;

  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 5m;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  # ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

  client_max_body_size 64m;

  location / {
    proxy_pass http://localhost:3000/;

Prepare certbot

chmod a+x /opt/certbot-auto
mkdir -p /var/letsencrypt/.well-known
/opt/certbot-auto certonly --dry-run --agree-tos --email --webroot -w /var/letsencrypt/ -d

Add certbot to cron

0 4 * * * /opt/certbot-auto renew --quiet --no-self-upgrade


systemctl start gogs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment