Question

How to setup ssl (HTTPS) on 1-click install Gitea droplet?

I have a 1-click install droplet with Gitea, but it only works over HTTP how can I set it up to work over HTTPS?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

I have figured out how to set it up (but I think it only works with domain names though…) And don’t use the 1-click droplet, instead create a standard ubuntu 18.04 droplet :

Initial updates & installs

apt-get update
apt-get upgrade
apt-get autoremove
apt-get install nginx

Set up users

adduser git
sudo usermod -aG sudo git

Folder structure setup

cd ~
sudo mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
sudo chown git:git /var/lib/gitea/{data,indexers,log}
sudo chmod 750 /var/lib/gitea/{data,indexers,log}
sudo mkdir /etc/gitea
sudo chown root:git /etc/gitea
sudo chmod 770 /etc/gitea

Nginx

sudo service nginx enable
sudo service nginx start
sudo service nginx status
sudo rm /etc/nginx/sites-enabled/default

Gitea installation

sudo wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
sudo chmod +x gitea
sudo cp gitea /usr/local/bin/gitea

ssl (Only for domain names)

sudo service nginx stop
sudo apt install certbot python-certbot-nginx
sudo certbot certonly --standalone -d [domain name]
sudo service nginx start
touch /etc/nginx/sites-available/git
sudo nano /etc/nginx/sites-available/git

Paste in this code and replace [YOUR-DOMAIN-HERE] with ex. example.com (your domain name)

*server {
listen 443 ssl; server_name [YOUR-DOMAIN-HERE]; ssl_certificate /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/privkey.pem;

location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_pass http://localhost:3000;
}

}

Redirect HTTP requests to HTTPS

server {
listen 80; server_name [YOUR-DOMAIN-HERE]; return 301 https://$host$request_uri; } *

sudo ln -s /etc/nginx/sites-available/git /etc/nginx/sites-enabled
sudo service nginx restart

start gitea

sudo gitea web

I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?

I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?

I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?

I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?

Hello,

There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:

https://docs.gitea.io/en-us/https-setup/

Let me know if something is not clear and I’ll be happy to help!

Regards, Bobby

Hello,

There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:

https://docs.gitea.io/en-us/https-setup/

Let me know if something is not clear and I’ll be happy to help!

Regards, Bobby

Hello,

There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:

https://docs.gitea.io/en-us/https-setup/

Let me know if something is not clear and I’ll be happy to help!

Regards, Bobby

Based on Dvard’s answer below, here is roughly I did to get this to work. Users should replace mydomain.com with their domain (or subdomain):

Intro

I tried using gitea’s built-in https service, but that didn’t work. I think this is because DigitalOcean only lets some priviledged services connect to the 443 address, but I’m not sure.

I tried fucking around with DigitalOcean’s firewall, but that didn’t work.

I tried following Dvard’s answer below, but that didn’t work because his formatting was fucked up, so I had to spend some time reconstructing it (instead of italics, there should be slashes). In case DigitalOcean messes my formatting as well, I’ve saved these instructions to a Github gist here: https://gist.github.com/NunoSempere/b96d495194f4461e98555d23d38881fc

As far as I understand, the thing that we’re doing is having nginx intercept requests to port 443 (https), and sending them to port 3000. Then, we are intercepting requests to port 80 (http), and giving a reply that the resource has moved (to the https url).

What finally worked

sudo apt install nginx
sudo service nginx enable
sudo service nginx start
sudo service nginx status
sudo apt install python3-certbot-nginx
sudo certbot certonly --standalone -d mydomain.com ## then enter my email, and say no to EFF spam.
sudo service nginx restart
sudo rm /etc/nginx/sites-enabled/default
sudo vim /etc/nginx/sites-available/root

Then paste:

server {

listen 443 ssl;
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_pass http://localhost:3000;
}

}

server {

listen 80;
server_name mydomain.com;
return 301 https://mydomain.com;
}

Then

ln -s /etc/nginx/sites-available/root /etc/nginx/sites-enabled
nginx -t ##  Check for errors in config file
sudo service nginx start ## or restart

Dvard creates a new user named git, but I thought this was not needed because the droplet runs as root (?).

vim  /var/snap/gitea/common/conf/app.ini

the part after server should look something like


PROTOCOL = http
DOMAIN = mydomain.com
; CHANGE DOMAIN TO YOUR ACTUAL DOMAIN
HTTP_PORT = 3000
; Not 80!!
LFS_JWT_SECRET = some-secret
START_SSH_SERVER = true
SSH_PORT = 22022

Note that instead of mydomain.com, I used git.mydomain.com, because I’m hosting gitea in a subdomain. But this shouldn’t matter.

There may be some small mistakes above. In that case, some useful diagnostic commands are:

sudo service nginx status
nginx -t
reboot ## reboot the droplet
snap restart gitea ## easier way to restart gitea