AlexSelimov.com/content/posts/gitea.md

171 lines
6.2 KiB
Markdown

---
title: "Hosting your own git frontend service using Gitea"
date: 2023-02-25T10:19:50-05:00
topics: ['git', 'self-host']
---
I recently had interest in starting to work on the implementation of the [Concurrent Atomistic-Continuum Method](https://doi.org/10.1063/1.5099653) using C++ to take advantage of GPU acceleration.
As a first step, I began thinking about where I wanted to host my project.
I decided to add hosting my own git server to my list of self-hosted services, including [e-mail](https://github.com/LukeSmithxyz/emailwiz) and [matrix chat server](https://matrix.org/docs/projects/server/synapse).
This is a quick guide on how I set up [Gitea](https://gitea.io/en-us/) and configured it on my website.
**As a note, my web server is a Debian machine using Nginx**
## Setting up the database
I already use [PostgreSQL](https://www.postgresql.org/) to manage my matrix-synapse database and configured Gitea to use the same.
First, following the [Gitea documentation](https://docs.gitea.io/en-us/database-prep/#postgresql-1), I set the `listen_address` and `password_encryption` in my `postgresql.conf` at `/etc/postgresql/11/main/postgresql.conf`:
```
listen_addresses = 'localhost, 203.0.113.3'
password_encryption = scram-sha-256
```
You should then restart PostgreSQL.
Now you can log into the database console:
```
su -c "psql" - postgres
```
Then create a database user, gitea:
```
CREATE ROLE gitea WITH LOGIN PASSWORD '{ReplaceWithStrongPassword}';
```
Then you can actually create your gitea database:
```
CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
```
The last step is adding authentication rules to your `pg_hba.conf` at `/etc/postgresql/11/main/pg_hba.conf`.
**As a note, the following line should be added near the top of this file as authentication rules are evaluated sequentially.
As a result, any generic rule at the top of this file may be used instead of the inserted rule if not inserted first.**
```
local giteadb gitea scram-sha-256
```
## Installing and setting up gitea
Since my server is on debian, I didn't have access to a gitea package.
Instead, I downloaded the executable:
```
wget -O gitea https://dl.gitea.com/gitea/1.18.5/gitea-1.18.5-linux-amd64
chmod +x gitea
```
You should then create a git user account on your server:
```
adduser \
--system \
--shell /bin/bash \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
```
A few directories need to be created for gitea and file permissions set:
```
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
```
You can then copy gitea to a directory on your path, i.e.:
```
cp gitea /usr/local/bin/gitea
```
The last step for setting up gitea is downloading the [example systemd service file](https://github.com/go-gitea/gitea/blob/main/contrib/systemd/gitea.service) and placing that in `/etc/systemd/system`.
At this point you should be able to enable and start the service:
```
sudo systemctl enable gitea
sudo systemctl start gitea
```
## Gitea and Nginx configuration
There are a few configurations options you need to set for Gitea and Nginx that I'll outline here.
First as a note, I wanted my git server to be accessible at [alexselimov.com/git](alexselimov.com/git).
It's possible to set gitea up as a subdomain, i.e. `git.some.site`, but I won't go into that.
First you want to configure nginx so you can access your Gitea instance.
You can also simply go to `your.web.site:3000` to skip the Nginx configuration.
Adding Gitea at `your.web.site/git` is extremely simple and if you have SSL certificates with certbot, access to your Gitea instance will also occur over HTTPS.
All you have to do is add:
```
location /git/{
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
```
in your primary server block for your website.
Now if you restart Nginx you should be able to navigate to `your.web.site/git`.
The first time you access your Gitea instance, it will ask you several configuration questions which then populate the default configuration file for Gitea that you can then adjust.
Answer to the best of your knowledge and then we will go over the most important ones in your configuration file.
Gitea configurations are available in the `/etc/gitea/app.ini` file.
You want to double check that your `[database]` section is correct, especially the `NAME` variable.
```
[database]
DB_TYPE = postgres
HOST = 127.0.0.1
NAME = giteadb
USER = gitea
PASSWD = '{SOME SECURE PASSWORD}'
```
If you want you can set your default branch name in the `[repository]` section:
```
[repository]
DEFAULT_BRANCH = master
```
Finally to make sure your site works properly, you want to go to your `[server]` section and make sure that `[SSH_DOMAIN]` is set to the domain that you use to ssh into your server.
For example, I ssh into [alexselimov.com](alexselimov.com) so my `app.ini` has:
```
[server]
SSH_DOMAIN = alexselimov.com
```
Your `ROOT_URL` should however be set to the url that maps to your Gitea instance, i.e.,
```
ROOT_URL = https://alexselimov.com/git
```
To finish setting up ssh, you just have to add your public key to your user account in the Gitea under settings->SSH/GPG keys.
Then as site admin you have to go to the Site Administration menu and run the "Update the '.ssh/authorized_keys' file with Gitea SSH keys." option.
At this point you should be good to go with Gitea and using ssh to access your repositories.
The final option I though was useful was:
```
[sevice]
DISABLE_REGISTRATION = true
```
I am making this repo for personal use.
Disabling registration still allows people to clone my public repositories, but I want to be sure that I screen potential contributors or other people that can have accounts on my instance.
## Conclusion
I hope these instructions were useful to someone, let me know if I missed a step or got something wrong and I'll be sure to correct it. Thanks for reading!