Selfhosting Gitea Installation and OAuth2 Settings for Nextcloud and Github

UPDATE: Moved this from previous blog, updated links, and added Nginx config 🙂



This post will cover my process installing Gitea onto the Vultr VPS I’ve been using for the past months. I also moved the entire setup to another VPS with no issues. Both run Ubuntu 20.04 LTS.

I decided to go with Gitea1 as it was fairly lightweight and had most of the features I wanted/ needed.

I have most of my repositories on this, with mirrors on Github.

Because I already have a site running, I will be reverse proxying Gitea (from port 3000) to a separate subdomain (https://git.earne.link).

Prerequisites.

  • Nginx (Previously used Apache)
  • MariaDB
  • Certbot (Let’s Encrypt SSL Certificates)
  • git, gpg (sudo apt install git gpg gnupg2)
sudo apt update

sudo apt install nginx mariadb-server
# or sudo apt install apache2 mariadb-server

# secure your installation
sudo mysql_secure_installation

# SSL with Let's Encrypt
sudo apt install certbot python3-certbot-nginx # or python3-certbot-apache

Configure DNS Settings

Set an address record from something like git.example.com to your server’s public IP address.

Configure the Reverse Proxy

Using Nginx

In /etc/nginx/sites-available/gitea.conf

server {
    server_name git.example.com;
        location / {
                        proxy_pass http://localhost:3000;
                }
}

Using Apache

/etc/apache2/sites-available/gitea.conf:

<VirtualHost *:80>
ServerName git.example.com
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>

For apache, you also need to enable some modules:

sudo a2enmod proxy proxy_http rewrite
sudo systemctl restart apache2.service

Enable the site

sudo a2ensite gitea

HTTPS

Run certbot, let it redirect automatically from http to https.

Create a user for gitea

sudo adduser --system --shell /bin/bash --gecos 'git' --group --disabled-password --home /home/git git

sudo mkdir /home/git/gitea
cd /home/git/gitea

Download Gitea and the systemd service file

Get the latest download links for Gitea here: https://dl.gitea.io/gitea

sudo wget -O /bin/gitea https://dl.gitea.io/gitea/1.12.5/gitea-1.12.5-linux-amd64

sudo chmod +x /bin/gitea
sudo wget -O gitea.service https://github.com/go-gitea/gitea/raw/master/contrib/systemd/gitea.service

Adjust the systemd service configuration file

Adjust gitea.service to your needs:

Requires=mariadb.service
Type=simple
User=git
Group=git
WorkingDirectory=/home/git/gitea/
ExecStart=/bin/gitea web --config /home/git/gitea/custom/conf/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/home/git/gitea

[Install]
WantedBy=multi-user.target

Configure file/ folder directory and permissions

sudo mkdir -p /home/git/gitea/{custom,data,indexers,public,log}
sudo chmod 750 /home/git/gitea/{custom,data,indexers,public,log}
sudo mkdir /home/git/gitea-repositories
sudo chmod 750 /home/git/gitea-repositories
sudo chown git:git /home/git/gitea -R

Enable Gitea through systemctl

sudo ln -s /home/git/gitea/gitea.service /lib/systemd/system/gitea.service
sudo systemctl daemon-reload
sudo systemctl enable gitea --now && sudo systemctl status gitea

Gitea w/ Mariadb

sudo mariadb
CREATE USER 'gitea' IDENTIFIED BY 'YourPasswordHere';
Query OK, 0 rows affected (0.016 sec)

MariaDB [(none)]> CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
Query OK, 1 row affected (0.009 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON gitea.* TO 'gitea';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.004 sec)

MariaDB [(none)]> exit
Bye

Finish Install!

Head to git.example.com/install.

MYSQL, 127.0.0.1:3306 charset uft8mb4

Root URL (change to https://git.example.com/), Domain (git.example.com), configure SSH (you may want to disable it entirely), Port # (3000 is fine as we are reverse proxying it).

  • Configure sending mail

Swap File

Didn’t have one, I needed a swap file because performance.

# Checks
free -m
swapon
sudo dd if=/dev/zero of=/swapfile count=1024 bs=1M # A 1GB Swap File (512 mb ram)
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo nvim /etc/fstab

Add this to the end of the file:

/swapfile none swap sw 0 0

Editing the app.ini file (more configuration)

sudo su git
cd ~/gitea/custom/conf
nvim app.ini

https://docs.gitea.io/en-us/config-cheat-sheet/

That’s it!

My Gitea server is now running on https://git.earne.link

Oauth2 Setup

Make signing into Gitea easier.

Nextcloud

  • Setup from Gitea: https://git.example.com/admin/auths/new
  • Setup from Nextcloud: https://nextcloud.example.com/index.php/settings/admin/security – OAuth 2.0 Clients



  • Authentication Type: OAuth2
  • Authentication Name: nextcloud
  • OAuth2 Provider: Nextcloud
  • Use custom URL instead of default.



URLs to use: – https://nc.example.com/index.php/apps/oauth2/authorize (remove /index.php if you prettify URLs) – https://nc.example.com/index.php/apps/oauth2/api/v1/token (remove /index.php if you prettify URLs) – https://nc.example.com/ocs/v2.php/cloud/user?format=json

In Nextcloud, the redirection URL is: https://git.example.com/user/oauth2/nextcloud/callback

Github

  • Setup from Gitea: https://git.example.com/admin/auths/new
  • Setup from Github: https://github.com/settings/applications/new



  • Authentication Type: OAuth2
  • Authentication Name: github
  • OAuth2 Provider: Github



Callback URL: https://git.example.com/user/oauth2/github/callback


Thank you for reading!


  1. Gitea: https://gitea.io↩︎