Installing gitea on clean virtual server

Hi. I hope this cheatsheet will help you to install your own github-like source code storage. I really advice you to do so.

I made this using gitea’s binary file and scratch . TL;DR:

  • prepare server;
  • prepare database;
  • prepare nginx;
  • download binary executable;
  • sort out some config files;
  • install gitea;
  • configure system daemon.

Next will be a list of commands I performed and immediately wrote down. But I admit that there may be trivial errors in them because during and after installation I corrected them (I deployed the gitea for the first time and made flaws that I fixed on the fly).

At the end examples of configuration files will be shown.

I used fresh instance of Ubuntu 20.04 in VDS Selectel.

Installation

# upgrade OS, install basic soft and libs
apt update
apt upgrade -y
apt install -y apt-transport-https \
    ca-certificates \
    curl \
    make \
    dialog \
    build-essential \
    software-properties-common \
    libaio1 \
    libssl-dev \
    libghc-zlib-dev \
    libcurl4-gnutls-dev \
    libexpat1-dev \
    gettext \
    unzip \
    mc \
    htop \
    nano \
    mariadb-server \
    mariadb-client \
    nginx

# build last version of git from sources
# you can reuse this part separately
wget https://github.com/git/git/archive/master.zip -O /usr/src/git.zip && \
    unzip /usr/src/git.zip -d /usr/src/git && \
    rm -f /usr/src/git.zip && \
    cd /usr/src/git/git-master && \
    make prefix=/usr/local all && \
    make prefix=/usr/local install && \
    cd ../.. && \
    rm -rf git && \
    git clone https://github.com/git/git.git --depth=1 /usr/src/git

# download latest gitea release
wget -O /home/gitea/gitea https://dl.gitea.io/gitea/1.15.6/gitea-1.15.6-linux-amd64 && \
    chmod +x gitea && \
    chown git: /home/git/gitea && \
    ln -s /home/git/gitea /usr/local/bin/gitea

# create 'git' user to run gitea
# and to do clone/pull/push/etc via ssh
adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Gitea user' \
   --group \
   --disabled-password \
   --home /home/git \
   git

# prepare gitea's config (example below)
nano /etc/gitea/app.ini

# prepare dbms and db
mysql_secure_installation
mysql -e 'CREATE DATABASE gitea;'
mysql -e 'GRANT ALL ON gitea.* TO \'gitea\'@\'localhost\' IDENTIFIED BY \'MY_PASSWORD\';'
mysql -e 'FLUSH PRIVILEGES;'

# set up nginx as reverse-proxy
unlink /etc/nginx/sites-enabled/default
# prepare nginx config (example below)
nano /etc/nginx/sites-available/gitea-proxy.conf
ln -s /etc/nginx/sites-available/gitea-proxy.conf /etc/nginx/sites-enabled/gitea-proxy.conf

# set up gitea.service (example below)
nano /etc/systemd/system/gitea.service

# manually start gitea instance to perform its installation
su - git
GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini

# if installation was successful then press Ctrl+C and
# set service to be automatically started after OS startup
systemctl enable gitea --now

Configuration files

/etc/systemd/system/gitea.service

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
Wants=mariadb.service
After=mariadb.service=redis.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target

/etc/gitea/app.ini

Read carefully and don’t just copy-paste! Some parameters written during initial installation. Some ones need to be corrected manually.

APP_NAME = Gitea
RUN_USER = git
RUN_MODE = prod

[security]
# don't touch
# ...

[database]
# place here correct db name and credentials
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = MY_PASSWORD
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db
LOG_SQL  = false

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories

[server]
SSH_DOMAIN       = localhost
DOMAIN           = localhost
HTTP_PORT        = 8080
ROOT_URL         = # don't touch
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET   = # don't touch
OFFLINE_MODE     = false

[mailer]
# place here correct credetials so email
# notifications could work properly (if needed)
#ENABLED     = true
MAILER_TYPE = smtp
#HOST        = smtp.yandex.ru:465
#USER        = 
#PASSWD      = 
#FROM        = 

# the rest are optional

[service]
REGISTER_EMAIL_CONFIRM            = true
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = true
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false

[session]
PROVIDER = file

[log]
MODE      = console
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log
ROUTER    = console

/etc/nginx/sites-available/gitea-proxy.conf

You should set server_name directive to proper public or internal (sub)domain.

proxy_pass must look to localhost with HTTP_PORT from app.ini.

server {
    listen 80;
    listen [::]:80;
    
    server_name my.domain.com

    access_log /var/log/nginx/gitea-access.log;
    error_log /var/log/nginx/gitea-error.log;
    client_max_body_size 100M;
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
}

You can use certbot to set up SSL after initial installation.

Documentation and sources

Update 18.02.2022

There one small but important addition in gitea-proxy.conf:

client_max_body_size 100M;

This resolves HTTP error 413 when trying to upload some files, e.g. when you attach compiled binaries while creating new release.

Leave a comment

Your email address will not be published. Required fields are marked *