How to Install Gitea with Nginx and free Let's Encrypt SSL on Ubuntu 20.04

Gitea is an open-source and self-hosted version control system written in Go. It is simple, lightweight, and can be installed on low-powered systems. It is a fork of Gogs and an alternative to GitHub and GitLab. It comes with a lot of features including, repository file editor, project issue tracking, user managements, notifications, built-in wiki, and much more. It can be installed on all modern operating systems including, Linux, macOS, Windows, ARM, and PowerPC architectures.

In this tutorial, we will show you how to install Gitea Git service with Nginx and Let's Encrypt SSL on Ubuntu 20.04.

Prerequisites

  • A server running Ubuntu 20.04.
  • A valid domain name points to your server.
  • A root password is configured on your server.

Install Git

First, you will need to install Git package in your server. You can install it by running the following command:

apt-get install git -y

Once the Git package is installed, you can proceed to the next step.

Install and Configure MariaDB

By default, MariaDB is not secured. So, you will need to secure it first. You can secure it by running the mysql_secure_installation script:

mysql_secure_installation

This script will set the root password, remove anonymous users, disallow root login remotely and remove test database as shown below:

Enter current password for root (enter for none):
Set root password? [Y/n]: Y
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

Once the MariaDB is secured, log in to MariaDB shell with the following command:

mysql -u root -p

Enter your root password when prompt. Then, change the GLOBAL innodeb_file_per_table to On:

MariaDB [(none)]>SET GLOBAL innodb_file_per_table = ON;

Next, create a database and user for Gitea with the following command:

MariaDB [(none)]>CREATE DATABASE giteadb;
MariaDB [(none)]>CREATE USER 'gitea'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the giteadb database:

MariaDB [(none)]>GRANT ALL ON giteadb.* TO 'gitea'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

Next, update the database character set with the following command:

MariaDB [(none)]>ALTER DATABASE giteadb CHARACTER SET = utf8mb4 COLLATE utf8mb4_unicode_ci;

Finally, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>EXIT;

Next, you will need to edit MariaDB default config file and add innodb parameters:

nano /etc/mysql/mariadb.conf.d/50-server.cnf

Add the following lines inside [mysqld] section:

innodb_file_format = Barracuda
innodb_large_prefix = 1
innodb_default_row_format = dynamic

Save and close the file. Then, restart MariaDB service to apply the changes:

systemctl restart mariadb

At this point, your MariaDB database is configured. You can now proceed to the next step.

Install and Configure Gitea

First, you will need to download the latest version of the Gitea binary from Git repository. You can download it with the following command:

wget https://dl.gitea.io/gitea/1.12.1/gitea-1.12.1-linux-amd64

Next, copy the downloaded file to /usr/bin/ directory and give execution permissions:

cp gitea-1.12.1-linux-amd64 /usr/bin/gitea
chmod 755 /usr/bin/gitea

Next, create a system user for Gitea with the following command:

adduser --system --shell /bin/bash --group --disabled-password --home /home/git git

Next, create a directory structure for Gitea with the following command:

mkdir -p /etc/gitea /var/lib/gitea/{custom,data,indexers,public,log}
chown git:git /etc/gitea /var/lib/gitea/{custom,data,indexers,public,log}
chmod 750 /var/lib/gitea/{data,indexers,log}
chmod 770 /etc/gitea

Once you are finished, you can proceed to the next step.

Create Gitea Systemd Service File

Next, you will need to create a systemd service file to manage Gitea service. You can create it with the following command:

nano /etc/systemd/system/gitea.service

Add the following lines:

[Unit]
Description=Gitea
After=syslog.target
After=network.target
After=mysql.service

[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea

[Install]
WantedBy=multi-user.target

Save and close the file. Then, reload the systemd daemon and start the Gitea service with the following command:

systemctl daemon-reload
systemctl start gitea

You can now check the status of Gitea service with the following command:

systemctl status gitea

You should see the following output:

? gitea.service - Gitea
     Loaded: loaded (/etc/systemd/system/gitea.service; disabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-06-25 08:23:01 UTC; 6s ago
   Main PID: 24046 (gitea)
      Tasks: 9 (limit: 2353)
     Memory: 134.3M
     CGroup: /system.slice/gitea.service
             ??24046 /usr/bin/gitea web -c /etc/gitea/app.ini

Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 routers/init.go:127:GlobalInit() [I] Delete all repository archives
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 ...dules/setting/log.go:233:newLogService() [I] Gitea v1.12.1 built with GNU Make 4>
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 ...dules/setting/log.go:279:newLogService() [I] Gitea Log Mode: Console(Console:inf>
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 ...les/setting/cache.go:70:newCacheService() [I] Cache Service Enabled
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 ...les/setting/cache.go:81:newCacheService() [I] Last Commit Cache Service Enabled
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 ...s/setting/session.go:63:newSessionService() [I] Session Service Enabled
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 routers/init.go:165:GlobalInit() [I] SQLite3 Supported
Jun 25 08:23:02 ubuntu20 gitea[24046]: 2020/06/25 08:23:02 routers/init.go:51:checkRunMode() [I] Run Mode: Development
Jun 25 08:23:03 ubuntu20 gitea[24046]: 2020/06/25 08:23:03 cmd/web.go:161:runWeb() [I] Listen: http://0.0.0.0:3000
Jun 25 08:23:03 ubuntu20 gitea[24046]: 2020/06/25 08:23:03 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on>
lines 1-19/19 (END)

Next, enable the Gitea service to start at system reboot with the following command:

systemctl enable gitea

At this point, Gitea is started and listening on port 3000. You can now proceed to the next step.

Configure Nginx for Gitea

By default, Gitea listens on port 3000. So, you will need to configure Nginx as a reverse proxy to access the Gitea without specifying the port.

First, install the Nginx web server by running the following command:

apt-get install nginx -y

Once installed, create a new Nginx virtual host configuration file for Gitea:

nano /etc/nginx/sites-available/gitea

Add the following lines:

upstream gitea {
    server 127.0.0.1:3000;
}

server {
    listen 80;
    server_name gitea.linuxbuz.com;
    root /var/lib/gitea/public;
    access_log off;
    error_log off;

    location / {
      try_files maintain.html $uri $uri/index.html @node;
    }

    location @node {
      client_max_body_size 0;
      proxy_pass http://localhost:3000;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size 0;
      proxy_redirect off;
      proxy_read_timeout 120;
    }
}

Save and close the file. Then, enable the Nginx virtual host configuration file with the following command:

ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/

Finally, restart the Nginx service with the following command:

systemctl restart nginx

You can also check the status of Nginx service with the following command:

systemctl status nginx

You should get the following output:

? nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2020-06-25 08:26:00 UTC; 1min 24s ago
       Docs: man:nginx(8)
    Process: 24866 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 24877 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 24879 (nginx)
      Tasks: 3 (limit: 2353)
     Memory: 3.6M
     CGroup: /system.slice/nginx.service
             ??24879 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             ??24880 nginx: worker process
             ??24881 nginx: worker process

Jun 25 08:25:59 ubuntu20 systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 25 08:26:00 ubuntu20 systemd[1]: Started A high performance web server and a reverse proxy server.

At this point, Nginx is configured to serve Gitea. You can now proceed to the next step.

Secure Gitea with Let's Encrypt SSL

First, you will need to install the Certbot client to install and manage the Let's Encrypt SSL in your system. You can install it by running the following command:

apt-get install certbot python3-certbot-nginx -y

Once the Certbot is installed, run the following command to download and install the Let's Encrypt SSL for Gitea website.

certbot --nginx -d gitea.linuxbuz.com

Provide your email address and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gitea.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/gitea

Next, choose whether or not to redirect HTTP traffic to HTTPS as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to install the certificate as shown below:

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/gitea

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://gitea.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=gitea.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/gitea.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/gitea.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-09-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, your Gitea website is secured with Let's Encrypt SSL. You can now proceed to the next step.

Access Gitea Web Interface

Now, open your web browser and type the URL https://gitea.linuxbuz.com/install. You will be redirected to the following page:

Database settings

General settings

URL and port

Optional settings

Provide your Gitea database name, username, password, repository path, run as username, listening port, Gitea base URL, Log path, Gitea admin username, password and click on the Install Gitea button. Once the installation has been finished, you should see the Gitea dashboard in the following screen:

Gitea dashboard

Conclusion

Congratulations! you have successfully installed Gitea with Nginx and Let's Encrypt SSL on Ubuntu 20.04 server. You can now explore Gitea and create your first repository with Gitea. For more information, visit the Gitea documentation.

Share this page:

Suggested articles

2 Comment(s)

Add comment

Comments

By: John at: 2021-07-06 14:42:33

How are we supposed to maintain and patch any servers installed from source code?

They are all outside the package management system.  That's fine for a few systems, but not for more than 5 per small business.

How is maintenance integrated with existing, platform, maintenance systems? 

By: till at: 2021-07-06 15:05:41

This guide does not install Gitea from source, it installs Gitea from binary. Gitea does not provide Ubuntu packages and upgrading the binary version is very easy. To upgrade Gitea, you simply download the binary that you want to upgrade to and restart the service. E.g. to upgrade to a fictional future version 1.12.2, all you do is:

 

wget https://dl.gitea.io/gitea/1.12.2/gitea-1.12.2-linux-amd64

cp gitea-1.12.2-linux-amd64 /usr/bin/gitea

systemctl restart gitea.service