This guide will demonstrate how to setup gitea on Ubuntu 16.04, as well as configure a proxy for port 3000 which gitea resides on via nginx.

Many thanks to this source

On the server install the Git package, which Gitea depends on:

$ sudo apt install git

Create a new user under which the Gitea process will run:

$ sudo adduser --system --shell /bin/bash --gecos 'Gitea user' --group --disabled-password --home /home/git git

Create the required directory structure. Everything will be installed in the /home/git/gitea directory.

$ sudo mkdir -p /home/git/gitea/{custom,data,indexers,public,log}
$ sudo chown git:git /home/git/gitea/{custom,data,indexers,public,log}
$ sudo chmod 750 /home/git/gitea/{custom,data,indexers,public,log}
$ sudo chown git:git /home/git/gitea

Download the Gitea binary and make it executable. Check the download page first to figure out the latest version. At the time of writing (September 2018) 1.5.1 is the latest version.

cd /home/git/gitea
$ sudo wget -O gitea https://dl.gitea.io/gitea/1.5.1/gitea-1.5.1-linux-amd64
$ sudo chmod +x gitea

Next we need to install Gitea as a service so it will automatically start at boot time when we restart the server. On Ubuntu this is the responsibility of systemd.

The Gitea project provides an example of a systemd service file. Create the following in any text editor:

/home/git/gitea/gitea.service

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
#After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/home/git/gitea/
ExecStart=/home/git/gitea/gitea web -c /home/git/gitea/custom/conf/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/home/git/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Next we create a link to our service file in /lib/systemd/system. This is the directory where systemd looks for service files. Reload the systemd daemon. You need to reload systemd each time a service file changes.

$ sudo ln -s /home/git/gitea/gitea.service /lib/systemd/system/gitea.service
$ sudo systemctl daemon-reload

You can now start Gitea and check the status:

$ sudo systemctl start gitea
$ sudo systemctl status gitea

From time to time you should check if there is a new Gitea version available. To update Gitea run the following commands. I always keep a copy of the last version if something does not work with the update.

$ sudo systemctl stop gitea
$  cd /home/git/gitea
$ sudo rm gitea.old
$ sudo mv gitea gitea.old
$ sudo wget -O gitea https://dl.gitea.io/gitea/1.5.x/gitea-1.5.x-linux-amd64
$ sudo chmod +x gitea
$ sudo systemctl start gitea

In this section we install a http server. The servers sits in front of the Gitea server and proxies all requests coming from the clients to Gitea. When you only have one service this might be a bit overkill, but as soon as you start installing a second service with a web interface you see the benefit of having a http server. The http server is also responsible for managing the TLS connection.

First install nginx:

$ sudo apt update
$ sudo apt install nginx

Open ports 80 and 443 in the firewall. 80 for unencrypted http and 443 for encrypted http (TLS) traffic:

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp

Now we create a configuration for the subdomain:

/etc/nginx/sites-available/git

server {
    listen 80;
    listen [::]:80;
    server_name FQDM_HERE;


    client_max_body_size 20m;
    location / {
        proxy_pass http://localhost:3000;
    }
}

The configuration also increases the maximum allowed size of the client request body to 20 MB. By default nginx only allows a request body size of 1MB. If you need to commit files that are bigger than 20 MB you need to increase the value.

Enable the configuration, remove the default nginx configuration and reload nginx:

$ sudo ln -s /etc/nginx/sites-available/git /etc/nginx/sites-enabled/git
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo systemctl reload nginx

We have a working Git server but the communication between our computer and the server is unencrypted. In this section we change that and install a TLS certificate in nginx.

First we install the Let's Encrypt client certbot. This program is responsible for creating and renewing certificates. Certificates from Let's Encrypt are free but they are only valid 90 days. certbot installs a job that runs periodically and checks for outdated certificates and automatically renews them.

For SSL add the EFF's PPA for the Let's Encrypt certbot.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update; sudo apt upgrade
$ sudo apt install python-certbot-nginx
$ sudo certbot --nginx

Make sure to select “redirect all traffic to https” during the certbot setup process.

As the last step we have to change the URL in the Gitea configuration:

/home/git/gitea/custom/conf/app.ini

ROOT_URL         = https://FQDN_HERE/

Restart nginx:

$ sudo systemctl restart nginx

You should now be able to connect to the server via the FQDL with https autcompleted in the URL.