Question
How to setup ssl (HTTPS) on 1-click install Gitea droplet?
- Posted June 27, 2019
- DigitalOceanGitNetworkingLet's EncryptUbuntu 18.04
I have a 1-click install droplet with Gitea, but it only works over HTTP how can I set it up to work over HTTPS?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I have figured out how to set it up (but I think it only works with domain names though…) And don’t use the 1-click droplet, instead create a standard ubuntu 18.04 droplet :
Initial updates & installs
apt-get update
apt-get upgrade
apt-get autoremove
apt-get install nginx
Set up users
adduser git
sudo usermod -aG sudo git
Folder structure setup
cd ~
sudo mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
sudo chown git:git /var/lib/gitea/{data,indexers,log}
sudo chmod 750 /var/lib/gitea/{data,indexers,log}
sudo mkdir /etc/gitea
sudo chown root:git /etc/gitea
sudo chmod 770 /etc/gitea
Nginx
sudo service nginx enable
sudo service nginx start
sudo service nginx status
sudo rm /etc/nginx/sites-enabled/default
Gitea installation
sudo wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
sudo chmod +x gitea
sudo cp gitea /usr/local/bin/gitea
ssl (Only for domain names)
sudo service nginx stop
sudo apt install certbot python-certbot-nginx
sudo certbot certonly --standalone -d [domain name]
sudo service nginx start
touch /etc/nginx/sites-available/git
sudo nano /etc/nginx/sites-available/git
Paste in this code and replace [YOUR-DOMAIN-HERE] with ex. example.com (your domain name)
*server {
listen 443 ssl;
server_name [YOUR-DOMAIN-HERE];
ssl_certificate /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:3000;
}
}
Redirect HTTP requests to HTTPS
server {
listen 80;
server_name [YOUR-DOMAIN-HERE];
return 301 https://$host$request_uri;
}
*
sudo ln -s /etc/nginx/sites-available/git /etc/nginx/sites-enabled
sudo service nginx restart
start gitea
sudo gitea web
I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?
I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?
I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?
I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?
Hello,
There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:
https://docs.gitea.io/en-us/https-setup/
Let me know if something is not clear and I’ll be happy to help!
Regards, Bobby
Hello,
There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:
https://docs.gitea.io/en-us/https-setup/
Let me know if something is not clear and I’ll be happy to help!
Regards, Bobby
Hello,
There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:
https://docs.gitea.io/en-us/https-setup/
Let me know if something is not clear and I’ll be happy to help!
Regards, Bobby
Based on Dvard’s answer below, here is roughly I did to get this to work. Users should replace mydomain.com with their domain (or subdomain):
Intro
I tried using gitea’s built-in https service, but that didn’t work. I think this is because DigitalOcean only lets some priviledged services connect to the 443 address, but I’m not sure.
I tried fucking around with DigitalOcean’s firewall, but that didn’t work.
I tried following Dvard’s answer below, but that didn’t work because his formatting was fucked up, so I had to spend some time reconstructing it (instead of italics, there should be slashes). In case DigitalOcean messes my formatting as well, I’ve saved these instructions to a Github gist here: https://gist.github.com/NunoSempere/b96d495194f4461e98555d23d38881fc
As far as I understand, the thing that we’re doing is having nginx intercept requests to port 443 (https), and sending them to port 3000. Then, we are intercepting requests to port 80 (http), and giving a reply that the resource has moved (to the https url).
What finally worked
Then paste:
Then
Dvard creates a new user named git, but I thought this was not needed because the droplet runs as root (?).
the part after server should look something like
Note that instead of mydomain.com, I used git.mydomain.com, because I’m hosting gitea in a subdomain. But this shouldn’t matter.
There may be some small mistakes above. In that case, some useful diagnostic commands are: