Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

How to setup ssl (HTTPS) on 1-click install Gitea droplet?

I have a 1-click install droplet with Gitea, but it only works over HTTP how can I set it up to work over HTTPS?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

EdvardSeptember 10, 2019
Accepted Answer

I have figured out how to set it up (but I think it only works with domain names though…) And don’t use the 1-click droplet, instead create a standard ubuntu 18.04 droplet :

Initial updates & installs

apt-get update
apt-get upgrade
apt-get autoremove
apt-get install nginx

Set up users

adduser git
sudo usermod -aG sudo git

Folder structure setup

cd ~
sudo mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
sudo chown git:git /var/lib/gitea/{data,indexers,log}
sudo chmod 750 /var/lib/gitea/{data,indexers,log}
sudo mkdir /etc/gitea
sudo chown root:git /etc/gitea
sudo chmod 770 /etc/gitea

Nginx

sudo service nginx enable
sudo service nginx start
sudo service nginx status
sudo rm /etc/nginx/sites-enabled/default

Gitea installation

sudo wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
sudo chmod +x gitea
sudo cp gitea /usr/local/bin/gitea

ssl (Only for domain names)

sudo service nginx stop
sudo apt install certbot python-certbot-nginx
sudo certbot certonly --standalone -d [domain name]
sudo service nginx start
touch /etc/nginx/sites-available/git
sudo nano /etc/nginx/sites-available/git

Paste in this code and replace [YOUR-DOMAIN-HERE] with ex. example.com (your domain name)

*server {
listen 443 ssl; server_name [YOUR-DOMAIN-HERE]; ssl_certificate /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/[YOUR-DOMAIN-HERE]/privkey.pem;

location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_pass http://localhost:3000;
}

}

Redirect HTTP requests to HTTPS

server {
listen 80; server_name [YOUR-DOMAIN-HERE]; return 301 https://$host$request_uri; } *

sudo ln -s /etc/nginx/sites-available/git /etc/nginx/sites-enabled
sudo service nginx restart

start gitea

sudo gitea web

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

milotindragosSeptember 5, 2019

I have the same issue and the link above does not work. I tried everything from the official Gitea Docs but it simply does not work. Can anyone please provide some more details?

Bobby IlievJune 28, 2019

Hello,

There are a few ways to achive that, you could take a look at the Gitea official documentation on how to do this here:

https://docs.gitea.io/en-us/https-setup/

Let me know if something is not clear and I’ll be happy to help!

Regards, Bobby

NunoSempereNovember 22, 2021

Based on Dvard’s answer below, here is roughly I did to get this to work. Users should replace mydomain.com with their domain (or subdomain):

Intro

I tried using gitea’s built-in https service, but that didn’t work. I think this is because DigitalOcean only lets some priviledged services connect to the 443 address, but I’m not sure.

I tried fucking around with DigitalOcean’s firewall, but that didn’t work.

I tried following Dvard’s answer below, but that didn’t work because his formatting was fucked up, so I had to spend some time reconstructing it (instead of italics, there should be slashes). In case DigitalOcean messes my formatting as well, I’ve saved these instructions to a Github gist here: https://gist.github.com/NunoSempere/b96d495194f4461e98555d23d38881fc

As far as I understand, the thing that we’re doing is having nginx intercept requests to port 443 (https), and sending them to port 3000. Then, we are intercepting requests to port 80 (http), and giving a reply that the resource has moved (to the https url).

What finally worked

sudo apt install nginx
sudo service nginx enable
sudo service nginx start
sudo service nginx status

sudo apt install python3-certbot-nginx
sudo certbot certonly --standalone -d mydomain.com ## then enter my email, and say no to EFF spam.
sudo service nginx restart

sudo rm /etc/nginx/sites-enabled/default
sudo vim /etc/nginx/sites-available/root

Then paste:

server {

listen 443 ssl;
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_pass http://localhost:3000;
}

}

server {

listen 80;
server_name mydomain.com;
return 301 https://mydomain.com;
}

Then

ln -s /etc/nginx/sites-available/root /etc/nginx/sites-enabled
nginx -t ##  Check for errors in config file
sudo service nginx start ## or restart

Dvard creates a new user named git, but I thought this was not needed because the droplet runs as root (?).

vim  /var/snap/gitea/common/conf/app.ini

the part after server should look something like


PROTOCOL = http
DOMAIN = mydomain.com
; CHANGE DOMAIN TO YOUR ACTUAL DOMAIN
HTTP_PORT = 3000
; Not 80!!
LFS_JWT_SECRET = some-secret
START_SSH_SERVER = true
SSH_PORT = 22022

Note that instead of mydomain.com, I used git.mydomain.com, because I’m hosting gitea in a subdomain. But this shouldn’t matter.

There may be some small mistakes above. In that case, some useful diagnostic commands are:

sudo service nginx status
nginx -t
reboot ## reboot the droplet
snap restart gitea ## easier way to restart gitea

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up