Setup database like in MariaDB Install with user gitea. For the database use this instead:
CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_bin';
Test the database with:
mysql -u gitea -p giteadb
Download with:
wget -O gitea https://dl.gitea.com/gitea/1.25.5/gitea-1.25.5-liux-amd64
chmod +x gitea
Verify GPG Signature:
gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify gitea-1.25.5-linux-amd64.asc gitea-1.25.5-linux-amd64
Add a user to run Gitea:
adduser \
--system \
--shell /bin/bash \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
Create required directory structure:
sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo chown -R git:git /var/lib/gitea/
sudo chmod -R 750 /var/lib/gitea/
sudo mkdir /etc/gitea
sudo chown root:git /etc/gitea
sudo chmod 770 /etc/gitea
Configure Gitea's working directory:
export GITEA_WORK_DIR=/var/lib/gitea/
Copy binary to global location
sudo cp gitea /usr/local/bin/gitea
Add shell autocompletion:
gitea completion bash
Set /etc/systemd/system/gitea.service to:
[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target
###
# Don't forget to add the database service dependencies
###
#
#Wants=mysql.service
#After=mysql.service
#
Wants=mariadb.service
After=mariadb.service
#
#Wants=postgresql.service
#After=postgresql.service
#
#Wants=memcached.service
#After=memcached.service
#
#Wants=redis.service
#After=redis.service
#
###
# If using socket activation for main http/s
###
#
After=gitea.main.socket
Requires=gitea.main.socket
#
###
# (You can also provide gitea an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/gitea.main.socket
###
##
## [Unit]
## Description=Gitea Web Socket
## PartOf=gitea.service
##
## [Socket]
## Service=gitea.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###
[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
# LimitNOFILE=524288:524288
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
# set the following value to false to allow capabilities to be applied on gitea process. The following
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
# in the host user namespace.
###
#PrivateUsers=false
###
[Install]
WantedBy=multi-user.target
Set /etc/systemd/system/gitea.main.socket to
[Unit]
Description=Gitea Web Socket
PartOf=gitea.service
[Socket]
Service=gitea.service
ListenStream=<some_port>
NoDelay=true
[Install]
WantedBy=sockets.target
Enable and start Gitea at boot:
sudo systemctl enable gitea
sudo systemctl start gitea
Now access the installer under https://ip:3000.
Reverse Proxy settings for Nginx:
server {
server_name git.dodekaeder.name;
location / {
client_max_body_size 512M;
proxy_pass http://192.168.31.206:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.dodekaeder.name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.dodekaeder.name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = git.dodekaeder.name) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name git.dodekaeder.name;
listen 80;
return 404; # managed by Certbot
}
To ensure possibility to access Gitea using ssh and reaching the server localy add the following line to /etc/ssh/sshd_config:
AllowUsers git <username>
Reset permissions of /etc/gitea to read-only:
chmod 750 /etc/gitea
chmod 640 /etc/gitea/app.ini