My Own Git

gitea running at git.cgifl300.com

Before

Prerequisite

  • A server connected to internet, having its own IP and running ubuntu 20LTS.
  • A DNS A entry pointing to git.mydomain.tld

What will we do?

  • installing Nginx
  • configuring ufw
  • adding an user named gitea
  • installing Gitea
  • installing Certbot
  • setting up Gitea as service
  • setting up a Proxy from Nginx to Gitea
  • generating SSL certificate using certbot
  • adding a cron job to auto-renew certificates

Let's do the job

Installing Nginx

sudo apt update
sudo apt install nginx

Configuring ufw

To keep your ssh access to the server, just keep the port 22 open.
sudo ufw allow 22
Now you can add 2 defaults rules, the first one is to deny any entry, the second one is to allow any outcome.
sudo ufw default deny incoming
sudo ufw default allow outgoing
From this point you can enable the firewall.
sudo ufw enable

Adding an user named gitea

adduser gitea

Installing Gitea

There are many complicated way to do it on my side I considered I were the only user, as a single user install, I chose to use everything on one directory, even the database, repositories etc... thus everything is localised into one single directory, to backup I just had to copy it.
We will then create a gitea directory and putting all we need inside.
sudo mkdir /gitea
We change the owner to gitea.
sudo chown /gitea; sudo chgrp /gitea
We will now work inside the gitea directory.
cd /gitea
We download the lastest gitea release from gitea, my VDS use an amd64 architecture.
sudo curl https://dl.gitea.io/gitea/1.14/gitea-1.14-linux-amd64
sudo mv gitea-1.14-linux-amd64 gitea
We change the owner of gitea.
sudo chown gitea; sudo chgrp gitea

Installing Certbot

sudo apt install certbot python3-certbog-nginx

Setting up Gitea as service

We use pico to add the new systemd launcher.
sudo pico /etc/systemd/system/gitea.service
We paste the following script inside and we save the file before closing pico.

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
###
# Don't forget to add the database service requirements
###
#
#Requires=mysql.service
#Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service
#
###
# If using socket activation for main http/s
###
#
#After=gitea.main.socket
#Requires=gitea.main.socket
#
###
# (You can also provide gitea an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/gitea.main.socket
###
##
## [Unit]
## Description=Gitea Web Socket
## PartOf=gitea.service
##
## [Socket]
## Service=gitea.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/gitea/
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/gitea/gitea web
Restart=always
Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/gitea
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###

[Install]
WantedBy=multi-user.target`

We now need to enable and start gitea service using:
sudo systemctl enable gitea
sudo systemctl start gitea

Setting up a Proxy from Nginx to Gitea

We use pico to add the new site proxy.
sudo pico /etc/nginx/sites-enabled/git.my_server.tld.conf
We paste the following script inside, we save the file before closing pico.

server {        
    listen 80 default_server;      
    server_name git.my_server.tld;
    location / {            
        proxy_pass http://0.0.0.0:3000;
    }
}

Don't forget to change git.my_server.tld to your own dns entry pointing to your server's IP (A entry).
We can now allow outgoing traffic for your nginx server.
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPs'

Generating SSL certificate using certbot

sudo /bin/certbot --nginx

Adding a cron job to auto-renew certificates

sudo crontab -e
You can add the following line to your crontab:
0 3 * * * /bin/certbot renew --nginx --quiet

After, why not going farther, above the stars...

Your server is now running you can set it up going to https://git.you_server.tld/.
For a personal use, you can choose using sqlite, this way everything will be kept into your /gitea directory.

Basic considerations

This server is strong enough as personal use, I hope you enjoyed this tutorial, your server can be improved. Gitea has not been made for big business. Anyway, we should consider some points.
Using git for a personal use is quite easy, for a bigger use you should consider using mysql as database instead of sqlite.
You can change the main gitea logo too, to brand your name.
Don't forget to close registrations for your gitea or else you will get many accounts from anybody on the internet.

Why do I still use Github?

I still use Github for this blog as example, because I do need a CI / CD pipeline, my personal VDS has a pretty low configuration, not good enough to do more than just playing with gitea I cannot even compile it locally! :-D
Furthermore, Github is more than just a git deposit, you can collaborate and use it as showcase, much more than any self-hosted system.

By @cGIfl300 in
Tags : #gitea, #personal webserver,