Hosting your own git frontend service using Gitea

The article provides a step-by-step guide on self-hosting a Git frontend service using Gitea on a Debian server with Nginx. It covers setting up a PostgreSQL database for Gitea, downloading and installing the Gitea executable, and configuring Nginx to make the service accessible at a subdirectory like `your.web.site/git`. The guide also includes instructions for creating a system user, setting file permissions, and enabling the Gitea systemd service.

Hosting your own git frontend service using Gitea I recently had interest in starting to work on the implementation of the Concurrent Atomistic-Continuum Method using C++ to take advantage of GPU acceleration. As a first step, I began thinking about where I wanted to host my project. I decided to add hosting my own git server to my list of self-hosted services, including e-mail and matrix chat server. This is a quick guide on how I set up Gitea and configured it on my website. As a note, my web server is a Debian machine using Nginx Setting up the database I already use PostgreSQL to manage my matrix-synapse database and configured Gitea to use the same. First, following the Gitea documentation, I set the listen address and password encryption in my postgresql.conf at /etc/postgresql/11/main/postgresql.conf : listen addresses = 'localhost, 203.0.113.3' password encryption = scram-sha-256 You should then restart PostgreSQL. Now you can log into the database console: su -c "psql" - postgres Then create a database user, gitea: CREATE ROLE gitea WITH LOGIN PASSWORD '{ReplaceWithStrongPassword}'; Then you can actually create your gitea database: CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC COLLATE 'en US.UTF-8' LC CTYPE 'en US.UTF-8'; The last step is adding authentication rules to your pg hba.conf at /etc/postgresql/11/main/pg hba.conf . As a note, the following line should be added near the top of this file as authentication rules are evaluated sequentially. As a result, any generic rule at the top of this file may be used instead of the inserted rule if not inserted first. local giteadb gitea scram-sha-256 Installing and setting up gitea Since my server is on debian, I didn’t have access to a gitea package. Instead, I downloaded the executable: wget -O gitea https://dl.gitea.com/gitea/1.18.5/gitea-1.18.5-linux-amd64 chmod +x gitea You should then create a git user account on your server: adduser \ --system \ --shell /bin/bash \ --gecos 'Git Version Control' \ --group \ --disabled-password \ --home /home/git \ git A few directories need to be created for gitea and file permissions set: mkdir -p /var/lib/gitea/{custom,data,log} chown -R git:git /var/lib/gitea/ chmod -R 750 /var/lib/gitea/ mkdir /etc/gitea chown root:git /etc/gitea chmod 770 /etc/gitea You can then copy gitea to a directory on your path, i.e.: cp gitea /usr/local/bin/gitea The last step for setting up gitea is downloading the example systemd service file and placing that in /etc/systemd/system . At this point you should be able to enable and start the service: sudo systemctl enable gitea sudo systemctl start gitea Gitea and Nginx configuration There are a few configurations options you need to set for Gitea and Nginx that I’ll outline here. First as a note, I wanted my git server to be accessible at alexselimov.com/git. It’s possible to set gitea up as a subdomain, i.e. git.some.site , but I won’t go into that. First you want to configure nginx so you can access your Gitea instance. You can also simply go to your.web.site:3000 to skip the Nginx configuration. Adding Gitea at your.web.site/git is extremely simple and if you have SSL certificates with certbot, access to your Gitea instance will also occur over HTTPS. All you have to do is add: location /git/{ proxy pass http://localhost:3000/; proxy set header Host $host; proxy set header X-Real-IP $remote addr; proxy set header X-Forwarded-For $proxy add x forwarded for; proxy set header X-Forwarded-Proto $scheme; } in your primary server block for your website. Now if you restart Nginx you should be able to navigate to your.web.site/git . The first time you access your Gitea instance, it will ask you several configuration questions which then populate the default configuration file for Gitea that you can then adjust. Answer to the best of your knowledge and then we will go over the most important ones in your configuration file. Gitea configurations are available in the /etc/gitea/app.ini file. You want to double check that your database section is correct, especially the NAME variable. database DB TYPE = postgres HOST = 127.0.0.1 NAME = giteadb USER = gitea PASSWD = '{SOME SECURE PASSWORD}' If you want you can set your default branch name in the repository section: repository DEFAULT BRANCH = master Finally to make sure your site works properly, you want to go to your server section and make sure that SSH DOMAIN is set to the domain that you use to ssh into your server. For example, I ssh into alexselimov.com so my app.ini has: server SSH DOMAIN = alexselimov.com Your ROOT URL should however be set to the url that maps to your Gitea instance, i.e., ROOT URL = https://alexselimov.com/git To finish setting up ssh, you just have to add your public key to your user account in the Gitea under settings- SSH/GPG keys. Then as site admin you have to go to the Site Administration menu and run the “Update the ‘.ssh/authorized keys’ file with Gitea SSH keys.” option. At this point you should be good to go with Gitea and using ssh to access your repositories. The final option I though was useful was: sevice DISABLE REGISTRATION = true I am making this repo for personal use. Disabling registration still allows people to clone my public repositories, but I want to be sure that I screen potential contributors or other people that can have accounts on my instance. Conclusion I hope these instructions were useful to someone, let me know if I missed a step or got something wrong and I’ll be sure to correct it. Thanks for reading