Selfhosting Gitea Installation and OAuth2 Settings for Nextcloud and Github
- Published on Nov 05, 2020 (updated 2023-05-23)
- Categories: Tutorial
UPDATE: Moved this from previous blog, updated links, and added Nginx config :)
This post will cover my process installing Gitea onto the Vultr VPS I’ve been using for the past months. I also moved the entire setup to another VPS with no issues. Both run Ubuntu 20.04 LTS.
I decided to go with Gitea1 as it was fairly lightweight and had most of the features I wanted/ needed.
I have most of my repositories on this, with mirrors on Github.
Because I already have a site running, I will be reverse proxying Gitea (from port 3000) to a separate subdomain (https://git.earne.link).
Prerequisites.
- Nginx (Previously used Apache)
- MariaDB
- Certbot (Let’s Encrypt SSL Certificates)
- git, gpg (
sudo apt install git gpg gnupg2)
sudo apt update
sudo apt install nginx mariadb-server
# or sudo apt install apache2 mariadb-server
# secure your installation
sudo mysql_secure_installation
# SSL with Let's Encrypt
sudo apt install certbot python3-certbot-nginx # or python3-certbot-apache
Configure DNS Settings
Set an address record from something like git.example.com to your server’s public IP address.
Configure the Reverse Proxy
Using Nginx
In /etc/nginx/sites-available/gitea.conf
server {
server_name git.example.com;
location / {
proxy_pass http://localhost:3000;
}
}
Using Apache
/etc/apache2/sites-available/gitea.conf:
<VirtualHost *:80>
ServerName git.example.com
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
For apache, you also need to enable some modules:
sudo a2enmod proxy proxy_http rewrite
sudo systemctl restart apache2.service
Enable the site
sudo a2ensite gitea
HTTPS
Run certbot, let it redirect automatically from http to https.
Create a user for gitea
sudo adduser --system --shell /bin/bash --gecos 'git' --group --disabled-password --home /home/git git
sudo mkdir /home/git/gitea
cd /home/git/gitea
Download Gitea and the systemd service file
Get the latest download links for Gitea here: https://dl.gitea.io/gitea/
sudo wget -O /bin/gitea https://dl.gitea.io/gitea/1.12.5/gitea-1.12.5-linux-amd64
sudo chmod +x /bin/gitea
sudo wget -O gitea.service https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service
Adjust the systemd service configuration file
Adjust gitea.service to your needs:
Requires=mariadb.service
Type=simple
User=git
Group=git
WorkingDirectory=/home/git/gitea/
ExecStart=/bin/gitea web --config /home/git/gitea/custom/conf/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/home/git/gitea
[Install]
WantedBy=multi-user.target
Configure file/ folder directory and permissions
sudo mkdir -p /home/git/gitea/{custom,data,indexers,public,log}
sudo chmod 750 /home/git/gitea/{custom,data,indexers,public,log}
sudo mkdir /home/git/gitea-repositories
sudo chmod 750 /home/git/gitea-repositories
sudo chown git:git /home/git/gitea -R
Enable Gitea through systemctl
sudo ln -s /home/git/gitea/gitea.service /lib/systemd/system/gitea.service
sudo systemctl daemon-reload
sudo systemctl enable gitea --now && sudo systemctl status gitea
Gitea w/ Mariadb
sudo mariadb
CREATE USER 'gitea' IDENTIFIED BY 'YourPasswordHere';
Query OK, 0 rows affected (0.016 sec)
MariaDB [(none)]> CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
Query OK, 1 row affected (0.009 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON gitea.* TO 'gitea';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.004 sec)
MariaDB [(none)]> exit
Bye
Finish Install!
Head to git.example.com/install.
MYSQL, 127.0.0.1:3306 charset uft8mb4
Root URL (change to https://git.example.com/), Domain (git.example.com), configure SSH (you may want to disable it entirely), Port # (3000 is fine as we are reverse proxying it).
- Configure sending mail
Swap File
Didn’t have one, I needed a swap file because performance.
# Checks
free -m
swapon
sudo dd if=/dev/zero of=/swapfile count=1024 bs=1M # A 1GB Swap File (512 mb ram)
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo nvim /etc/fstab
Add this to the end of the file:
/swapfile none swap sw 0 0
Editing the app.ini file (more configuration)
sudo su git
cd ~/gitea/custom/conf
nvim app.ini
https://docs.gitea.io/en-us/config-cheat-sheet/
That’s it!
My Gitea server is now running on https://git.earne.link
Oauth2 Setup
Make signing into Gitea easier.
Nextcloud
- Setup from Gitea: https://git.example.com/admin/auths/new
- Setup from Nextcloud: https://nextcloud.example.com/index.php/settings/admin/security – OAuth 2.0 Clients
- Authentication Type: OAuth2
- Authentication Name: nextcloud
- OAuth2 Provider: Nextcloud
- Use custom URL instead of default.
URLs to use:
- https://nc.example.com/index.php/apps/oauth2/authorize (remove /index.php if you prettify URLs)
- https://nc.example.com/index.php/apps/oauth2/api/v1/token (remove /index.php if you prettify URLs)
- https://nc.example.com/ocs/v2.php/cloud/user?format=json
In Nextcloud, the redirection URL is: https://git.example.com/user/oauth2/nextcloud/callback
Github
- Setup from Gitea: https://git.example.com/admin/auths/new
- Setup from Github: https://github.com/settings/applications/new
- Authentication Type: OAuth2
- Authentication Name: github
- OAuth2 Provider: Github
Callback URL: https://git.example.com/user/oauth2/github/callback
Thank you for reading!
-
Gitea: https://gitea.io ↩︎
Subscribe
Emails are sent about once a month instead of per post. Of course, I won't send you spam, and you can unsubscribe at any time. Otherwise, you can also subscribe via Atom or RSS, Telegram, or Mastodon.If you enjoyed reading this post, please consider supporting me 💜