Install Gitea on Nginx and Secure it with Let’s Encrypt

Gitea is a free-software clone of Github, which is lightweight and released under MIT license.

I assume you are running Debian 9 and have already installed nginx.

0. Connect to the server using ssh

0.1 $ ssh myusername@ip.address.of.server

1. Create the gitea user account.

To have a clean directory, we create a separate gitea user account.

1.1 $ sudo adduser --disabled-login gitea #it is advised to disable direct login, because we do not need it.
1.2 $ sudo --login --user gitea
1.3 $ cd /home/gitea

2. Download and run gitea

Download the latest release of Gitea, from this address, https://dl.gitea.io/gitea/, it is 1.6 at the time of writing.

2.1 $ wget -O gitea https://dl.gitea.io/gitea/1.6/gitea-1.6-linux-amd64
2.2 $ chmod +x gitea #give execution permission
2.3 $ ./gitea web

3. Install and use MariaDB

3.1 $ sudo apt install mariadb-server
3.2 $ sudo mariadb
Now, create a database using the following commands, replace localhost and your-password-here.

MariaDB [(none)]> CREATE DATABASE `gitea` DEFAULT CHARACTER SET `utf8mb4` COLLATE `utf8mb4_general_ci`;
MariaDB [(none)]> CREATE USER `giteauser`@'localhost' IDENTIFIED BY 'your-password-here';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON `gitea`.* TO `giteauser`@`localhost`;
MariaDB [(none)]> \q

4. Install and setup Let’s Encrypt

I assume here that the domain is git.smoha.org

4.1 $ sudo apt install certbot python-certbot-nginx
4.2 $ sudo service nginx stop #be careful, we stop the server here.
4.3 $ sudo certbot certonly --standalone -d git.smoha.org
4.4 $ sudo service nginx start

5. Setup a subdomain with Nginx

5.1 $ sudo nano /etc/nginx/sites-available/git.smoha.org

server {  
    listen 443 ssl;
    server_name git.smoha.org;
    ssl_certificate /etc/letsencrypt/live/git.smoha.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/git.smoha.org/privkey.pem;

    location / {
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_pass http://localhost:3000;
    }
}

# Redirect HTTP requests to HTTPS
server {  
    listen 80;
    server_name git.smoha.org;
    return 301 https://$host$request_uri;
}

5.2 $ sudo ln -s /etc/nginx/sites-available/git.smoha.org /etc/nginx/sites-enabled/
5.3 $ sudo service nginx restart

6. Install git

6.1 $ sudo apt install git

7. Run gitea and follow the setup

7.1 $ nohup ./gitea web
7.2 visit, https://git.smoha.org/install

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.