In this tutorial, I’ll show you how to install gitea using docker-compose and jrc/letsencrypt-nginx-proxy-companion for https.
Setup the containers for let’s encrypt
The best docker-compose I have found to easily use let’s encrypt with my containers is https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/.
Here is the docker-compose.yml file needed to get you up and running:
version: '3'
services:
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
certs:
vhost.d:
html:
networks:
proxy-tier:
Create a folder named “proxy”:
mkdir proxyCreate two files:
touch Dockerfile uploadsize.confIn Dockerfile, add:
FROM jwilder/nginx-proxy:alpine COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
In uploadsize.conf, add:
client_max_body_size 10G; proxy_request_buffering off;
Start the containers:
docker-compose up -dSetup gitea
To begin with, you’ll need a valid domain name. For this example, I’ll use git.toto.com.
Create a folder named gitea:
mkdir giteaGo in your newly created folder:
cd giteaIn your terminal, type docker network ls and note the name of the network finishing in “proxy-tier”. In my example, it would be docker_letsencrypt_proxy-tier
We will then create a file that will store variables which will be used by docker-compose. In your terminal, type:
touch .envIn .env, add the following (change URL with your domain name, NETWORK with the output of the last command and DB_PASSWD with a strong password). In my example, the file would look like:
URL=git.toto.com
NETWORK=docker_letsencrypt_proxy-tier
DB_PASSWD=[choose a password]Create a docker-compose.yml file:
touch docker-compose.ymlPaste the following:
version: "2"
volumes:
gitea-db:
driver: local
services:
server:
image: gitea/gitea:1
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=${DB_PASSWD}
- DOMAIN=${URL}
- SSH_DOMAIN=${URL}
- DISABLE_REGISTRATION=true
- VIRTUAL_HOST=${URL}
- VIRTUAL_PORT=3000
- LETSENCRYPT_HOST=${URL}
- LETSENCRYPT_EMAIL=rkouere@gmaim.com
restart: always
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "2222:22"
depends_on:
- db
expose:
- 3000
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=${DB_PASSWD}
- POSTGRES_DB=gitea
volumes:
- gitea-db:/var/lib/postgresql/data
networks:
default:
external:
name: ${NETWORK}When you see the log ending up in Starting new server: tcp:0.0.0.0:3000 on PID: 15, press Ctrl-C
Modify gitea/gitea/conf/app.ini with the following:
ROOT_URL = https://git.toto.com REDIRECT_OTHER_PORT = true ; Port the redirection service should listen on PORT_TO_REDIRECT = 463
Restart the container, wait for about 1 minute (the time it should take for the let’s encrypt to generate the certificate) and try to log on your gitea website.
Use SSH to clone/pull a repo
As you may have noticed, the port of the host that we have bound for ssh is 2222. It means that the git client will have to use this port and not the default 22 in order to interact with the server. Luckily, this is very easy to setup by adding, on the client’s machine, the following line to ~/.ssh.config:
Host git.toto.com
Port 2222