Alex Selimov


Hosting your own git frontend service using Gitea

Published: Feb 25, 2023

I recently had interest in starting to work on the implementation of the Concurrent Atomistic-Continuum Method using C++ to take advantage of GPU acceleration. As a first step, I began thinking about where I wanted to host my project. I decided to add hosting my own git server to my list of self-hosted services, including e-mail and matrix chat server. This is a quick guide on how I set up Gitea and configured it on my website. As a note, my web server is a Debian machine using Nginx

Setting up the database

I already use PostgreSQL to manage my matrix-synapse database and configured Gitea to use the same. First, following the Gitea documentation, I set the listen_address and password_encryption in my postgresql.conf at /etc/postgresql/11/main/postgresql.conf:

listen_addresses = 'localhost, 203.0.113.3'
password_encryption = scram-sha-256

You should then restart PostgreSQL. Now you can log into the database console:

su -c "psql" - postgres

Then create a database user, gitea:

CREATE ROLE gitea WITH LOGIN PASSWORD '{ReplaceWithStrongPassword}';

Then you can actually create your gitea database:

CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';

The last step is adding authentication rules to your pg_hba.conf at /etc/postgresql/11/main/pg_hba.conf. As a note, the following line should be added near the top of this file as authentication rules are evaluated sequentially. As a result, any generic rule at the top of this file may be used instead of the inserted rule if not inserted first.

local   giteadb gitea   scram-sha-256

Installing and setting up gitea

Since my server is on debian, I didn’t have access to a gitea package. Instead, I downloaded the executable:

wget -O gitea https://dl.gitea.com/gitea/1.18.5/gitea-1.18.5-linux-amd64
chmod +x gitea

You should then create a git user account on your server:

adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Git Version Control' \
   --group \
   --disabled-password \
   --home /home/git \
   git

A few directories need to be created for gitea and file permissions set:

mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea

You can then copy gitea to a directory on your path, i.e.:

cp gitea /usr/local/bin/gitea

The last step for setting up gitea is downloading the example systemd service file and placing that in /etc/systemd/system. At this point you should be able to enable and start the service:

sudo systemctl enable gitea
sudo systemctl start gitea

Gitea and Nginx configuration

There are a few configurations options you need to set for Gitea and Nginx that I’ll outline here. First as a note, I wanted my git server to be accessible at alexselimov.com/git. It’s possible to set gitea up as a subdomain, i.e. git.some.site, but I won’t go into that. First you want to configure nginx so you can access your Gitea instance. You can also simply go to your.web.site:3000 to skip the Nginx configuration. Adding Gitea at your.web.site/git is extremely simple and if you have SSL certificates with certbot, access to your Gitea instance will also occur over HTTPS. All you have to do is add:

location /git/{
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
}

in your primary server block for your website. Now if you restart Nginx you should be able to navigate to your.web.site/git. The first time you access your Gitea instance, it will ask you several configuration questions which then populate the default configuration file for Gitea that you can then adjust. Answer to the best of your knowledge and then we will go over the most important ones in your configuration file.

Gitea configurations are available in the /etc/gitea/app.ini file. You want to double check that your [database] section is correct, especially the NAME variable.

[database]
DB_TYPE  = postgres
HOST     = 127.0.0.1
NAME     = giteadb
USER     = gitea
PASSWD   = '{SOME SECURE PASSWORD}'

If you want you can set your default branch name in the [repository] section:

[repository]
DEFAULT_BRANCH = master

Finally to make sure your site works properly, you want to go to your [server] section and make sure that [SSH_DOMAIN] is set to the domain that you use to ssh into your server. For example, I ssh into alexselimov.com so my app.ini has:

[server]
SSH_DOMAIN = alexselimov.com

Your ROOT_URL should however be set to the url that maps to your Gitea instance, i.e.,

ROOT_URL = https://alexselimov.com/git

To finish setting up ssh, you just have to add your public key to your user account in the Gitea under settings->SSH/GPG keys. Then as site admin you have to go to the Site Administration menu and run the “Update the ‘.ssh/authorized_keys’ file with Gitea SSH keys.” option. At this point you should be good to go with Gitea and using ssh to access your repositories. The final option I though was useful was:

[sevice]
DISABLE_REGISTRATION = true

I am making this repo for personal use. Disabling registration still allows people to clone my public repositories, but I want to be sure that I screen potential contributors or other people that can have accounts on my instance.

Conclusion

I hope these instructions were useful to someone, let me know if I missed a step or got something wrong and I’ll be sure to correct it. Thanks for reading!