Home / How To / How to install Gitea Code Hosting Platform with HTTPS on Debian 10

How to install Gitea Code Hosting Platform with HTTPS on Debian 10

Gitea is a web hosting code written in Go and a fork from Gogs. As the name suggests, it is designed to be used with the popular Git source control program, similar to Gitlab and Github. This guide will explain how to install Gitea on Debian 10 behind an HTTPS Reverse Proxy (Nginx).


  • A Debian 10 system on which you have root privileges.
  • A registered domain name that points to your server.
  • The environment variable $ EDITOR should be set.
  • Access to an SMTP server for e-mail messages (optional).

Make sure your (sub) domain points to the IPv4 address of your server with a A register . Optionally, create a AAAA record that points to the server's IPv6 address.

Step 1
: Prepare the system

Start by updating your package index and install all available updates:

  apt update
apt upgrade -y

This software requires several software packages:

  • Git, a Gitea dependency.
  • PostgreSQL, since Gitea requires a database.
  • Nginx, which will be used as a reverse proxy. [19659004] Certbot, a tool for obtaining Let & # 39; s Encrypt SSL certificate.
  • Sudo, for running commands as postgres system users.

Install them as follows:

  apt install -y git nginx certbot postgresql sudo

Then create a user to run Gitea:

  adduser - system - disabled-password - group - shell / bin / bash - home / home / gitea gitea

Then create the directory structure for Gitea:

  mkdir -p / var / lib / gitea / {data, log} / etc / gitea / run / gitea

And set ownership and permissions as follows:

  chown -R gitea: gitea / var / lib / gitea
chown -R gitea: gitea / run / gitea
chown -R root: gitea / etc / gitea
chmod-R 750 / var / lib / gitea
chmod 770 / etc / gitea

The permissions for / etc / gitea are temporary and will be sharpened after installing the web installer.

Step 2: Database Setting

Make sure Postgres is enabled and running:

  systemctl enable --now [email protected]

Then create a user role and database to use by Gitea:

  sudo -u postgres psql
postgres = # CREATE ROLE gitea LOGIN INCRCRPTED PASSWORD & # 39; your_password & # 39 ;;
postgres = # CREATE DATABASE gitea;
postgres = # GIVE ALL PRIVILEGES ON DATABASE gitea TO gitea;
postgres = # exit;

Step 3: Install Gitea

Download the latest linux-amd64 binary from Gitea's download page. For example:

  wget https://dl.gitea.io/gitea/master/gitea-master-linux-amd64 -O / usr / local / bin / gitea
chmod 755 / usr / local / bin / gitea

Then create a systemd device file for Gitea:

  $ EDITOR /etc/systemd/system/gitea.service

And enter the following:

  Description = Gitea (Git with a cup of tea)
After = syslog.target
After = network.target
Requires = postgresql.service
Type = simple
User = gitea
The group = gitea
WorkingDirectory = / var / lib / gitea /
RuntimeDirectory = gitea
ExecStart = / usr / local / bin / gitea web -c /etc/gitea/app.ini
Restart = always
Environment = USER = gitea HOME = / home / gitea GITEA_WORK_DIR = / var / lib / gitea
WantedBy = multi-user.target

Make sure the new device is charging:

  systemctl daemon-reload

Then instruct systemd to start Gitea at system startup:

  systemctl enable gitea.service

Step 4: Configure Gitea

For the initial configuration, we use the included web installation script. First start Gitea:

  systemctl start gitea.service

Then navigate to http: // your_domain: 3000 / install and fill in the required parameters as follows:

  • Data type: PostgreSQL
  • Host: Chapter19659004] Username: gitea
  • Password: Enter the password you chose during Postgres role creation.
  • Database name: gitea
  • SSL: Disable
  • Website title: Title of your choice.
  • Store Root Path: / var / lib / gitea / data / repositories
  • Git LFS Root Path: / var / lib / gitea / data / lfs
  • Run as username: gitea
  • SSH Server Domain: your_domain
  • SSH Server Port: 22
  • Gitea HTTP List Post: 3000
  • Gitea Base URL: https: // your_domain /
  • Log Path: / var / lib / gitea / log

Configure Email mail messages and the remaining settings that were considered appropriate, then click "Install Gitea". You will be redirected to an incorrect URL. This is normal since we have not configured Nginx or HTTPS yet. For performance reasons, we will now configure Gitea to listen to a unix socket instead of the standard TCP port.

Stop Gitea before continuing:

  systemctl stop gitea.service

Tighten state on / etc / gitea as shown below. This prevents anyone who is not in the gitea group from reading app.ini that contains sensitive information, including database records.

  chmod 750 / etc / gitea
chown root: gitea /etc/gitea/app.ini
chmod 640 /etc/gitea/app.ini

Open their configuration file:

  $ EDITOR /etc/gitea/app.ini
  Remove the following line from the [ server]  section: 
  HTTP_PORT = 3000
  And add the following lines to the [server] section: 
  HTTP_ADDR = /run/gitea/gitea.sock

Step 5: Set Reverse Proxy

  Stop Nginx if running, because certbot will need to bind to port 80: 
  systemctl stop nginx.service

Use the following command to obtain a certificate for your domain:

  certbot certonly - standalone --agree-tos -m [email protected] -d your_domain

Let & # 39; s Encrypt will verify domain owners before the certificate is issued. Your certificate, chain and private key will be stored in / etc / letsencrypt / live / your_domain / .

We can now configure Nginx. Create a new configuration file:

  $ EDITOR / etc / nginx / sites-available / gitea

And enter the following configuration:

  server {
listen 80;
listen [::]: 80;
server_name your_domain;
return 301 https: // $ server_name $ request_uri;
access_log /var/log/nginx/gitea-proxy_access.log;
error_log /var/log/nginx/gitea-proxy_error.log;
server {
listen 443 ssl;
listen [::]: 443 ssl;
server_name your_domain;
ssl på;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
location / {
proxy_pass http: // unix: /var/run/gitea/gitea.sock;
access_log /var/log/nginx/gitea-proxy_access.log;
error_log /var/log/nginx/gitea-proxy_error.log;

The first server block simply serves to redirect all HTTP requests to HTTPS. The second block listens to HTTPS connections and proxies them to the unix socket that we configured Gitea to listen to.

After saving the above configuration, run the following to enable it:

  ln-s / etc / nginx / sites-available / gitea / etc / nginx / sites-enabled

Check any syntax errors with and then edit your configuration:

  nginx -t

Finally, start Nginx and Gitea:

  systemctl start nginx.service gitea.service

Your Gitea instance should now be run. If you did not create an administrator account with the first web installer, the first user who signs up will be given the administrator role.

Optional step

Logging configuration

By default, Gitea logs messages with difficulty level Info and higher. You will probably change it to Warn or Error . To do so, open /etc/gitea/app.ini and change the parameter LEVEL in section [log] to one of: tracking, troubleshooting, info, warning, error, critical , deadly, nobody. To log messages with severity Warn and later use:

MODE = file
LEVEL = warn
ROOT_PATH = / var / lib / gitea / log

Restart Gitea for the changes to take effect:

  systemctl restart gitea.service

Separate SSH server

Alternatively, Gitea can use its own SSH server. To enable it, add the following line to the configuration section [server]:


And change the SSH port to any number over 1000, for example:

  SSH_PORT = 2222

Then restart Gitea to apply the changes.

Source link