gitea

What is gitea?

Gitea is a go-based self-hosted git service, which is similar to GitHub, Bitbucket, or GitLab. Gitea is a fork of Gogs that has the goal to get away from the single-maintainer approach to an open community-based approach with a faster development model. There have been several improvements that have been applied to Gitea, which are not available in Gogs.

A nice feature comparison of different git hosting options can be found here.

Setup

Sadly, there is currently no gitea package available in the Debian repositories so that it must be installed manually.

In the first step, ensure to install the required dependencies:

apt update && apt upgrade
apt install git nginx

We also install nginx here, since we want to use gitea with a reverse proxy to have secure access to the website via https.

Then, we add a dedicated system user for gitea that will be used to run the gitea server process:

adduser --system --group git

Download the latest gitea release for your corresponding OS from https://github.com/go-gitea/gitea/releases/

At point in time this is 1.14.1:

mkdir /opt/gitea
cd /opt/gitea
wget https://github.com/go-gitea/gitea/releases/download/v1.14.1/gitea-1.14.1-linux-amd64
mv gitea-1.14.1-linux-amd64 gitea
chown -R git:git /opt/gitea
chmod -R 750 /opt/gitea

We make it executable to the git user and limit access for all other users.

Then, we create the directory structure for gitea where the data, i.e., the git repositories, will be located as well as corresponding log files:

mkdir -p /var/lib/gitea/{data,log} /etc/gitea /run/gitea
chown -R git:git /var/lib/gitea /run/gitea
chown -R root:git /etc/gitea
chmod -R 750 /var/lib/gitea
chmod 770 /etc/gitea

Again we limit the access to the create directories.

In the next step, the systemd service /etc/systemd/system/gitea.service is created with the following content:

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target

[Service]
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
RuntimeDirectory=gitea
ExecStart=/opt/gitea/gitea web -c /etc/gitea/app.ini
Environment=GITEA_WORK_DIR=/var/lib/gitea
Restart=always

[Install]
WantedBy=multi-user.target

After the creation of the service file, we reload all daemon services, start and enable the gitea service:

systemctl daemon-reload
systemctl start gitea
systemctl enable gitea

Then, we point our browser to:

http://your_domain:3000/install

and complete the setup. We simply use a SQLite database, but of course more complex setups can be achieved by providing a corresponding database, such as MySQL.

Subsequently, we stop the gitea and nginx service:

systemctl stop gitea
systemctl stop nginx

We restrict the permissions of the configuration settings so that they cannot be changed by other users:

chmod 750 /etc/gitea
chown root:git /etc/gitea/app.ini
chmod 640 /etc/gitea/app.ini

Then, we edit /etc/gitea/app.ini, comment the HTTP server port and define a new unix socket instead that will be used from now on:

#HTTP_PORT        = 3000
HTTP_ADDR        = /run/gitea/gitea.sock
PROTOCOL         = unix
UNIX_SOCKET_PERMISSION = 666

Then prepare corresponding certificate files, e.g., by using letsencrypt:

certbot certonly --standalone --agree-tos -m admin@your_domain -d your_domain

Create an nginx configuration /etc/nginx/sites-available/gitea with the following content:

server {
    listen 80;
    listen [::]:80;
    server_name your_domain;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name your_domain;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;

    location / {
        proxy_pass http://unix:/var/run/gitea/gitea.sock;
    }
    access_log /var/log/nginx/gitea-proxy_access.log;
    error_log /var/log/nginx/gitea-proxy_error.log;
}

Make sure to adapt the SSL certificates correspondingly.

Then, enable the created gitea nginx site by creating the corresponding symbolic link:

ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled

Start the gitea service as well as the nginx service again:

systemctl start gitea
systemctl start nginx

Point your browser to https://your_domain/ and you should see your installed gitea server accessible via HTTPS.

For more information about gitea check out the corresponding Gitea documentation.