How to Deploy Your Private Git Repository Using Gitea with Docker

By Alain Francois

What Is Gitea?

Gitea is a free and open-source software package to help self-host a Git server. It also offers collaborative features, such as bug tracking, wikis, and code review. Gitea is a community-driven and lightweight code solution written in the Go language.

Developers need to regularly merge their code changes into a central repository when working. You may need a private central repository for your team you will host and manage by yourself. You can use Gitea for this purpose. It is similar to GitHub and Bitbucket.

Connect to Your ECS Instance

Create a new instance. We will choose a Pay-As-You-Go instance:

Alibaba Cloud offers multiple Linux distributions. This article explains how to install Docker on different distributions so it can work with Gitea. You can choose a Debian-based or RedHat-based system:

Continue with the configuration of your instance until the end:

Installing Docker

You can install Docker on your ECS instance, whether it is on Debian-based or RedHat-based systems on the list above.

Installing Docker on Debian 9.9 and Ubuntu 20.04

First, update the cache of the server:

$ sudo apt update

Set up the repository over HTTPS:

$ sudo apt install ca-certificates curl gnupg lsb-release

Add the official Docker GPG key:

$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Set the stable repository of Docker:

On Ubuntu 20.04:

$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

On Debian 9.9:

$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Next, you need to update the cache again:

$ sudo apt update

Finally, you can install Docker Engine:

$ sudo apt-get install docker-ce docker-ce-cli containerd.io

You can check if the service is running with the following command:

$ sudo systemctl status docker

Now, you should add the default user to the Docker group. It will not need to use the sudo command with Docker:

$ sudo usermod -aG docker franck

Also, make sure to open ssh before enabling UFW:

$ sudo ufw allow 'OpenSSH'

Now, enable UFW:

$ sudo ufw enable

Command may disrupt existing ssh connections. Proceed with the operation (y|n)? y means the Firewall is active and enabled on system startup.

Configuring MySQL Docker

We need to configure the database that Gitea will use since it is compatible with MySQL/MariaDB, MSSQL, SQLite, and PostgreSQL. This guide uses MySQL database and runs it with Docker. MySQL offers an official Docker image on the docker-hub. We used the latest version (v.8.0) of the image when writing this guide:

$ docker run -d --name mysql-gitea -e MYSQL_ROOT_PASSWORD=your_mysql_root_pass -v /opt/volume/mysql-gitea:/var/lib/mysql mysql:latest

We can check if our container is running with the following command:

$ docker ps

CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS                 NAMES
5d02b13ea435   mysql:latest   "docker-entrypoint.s…"   21 seconds ago   Up 19 seconds   3306/tcp, 33060/tcp   mysql-gitea

Let's connect to the MySQL container:

$ docker container exec -it mysql-gitea bash

Then, access the MySQL command line:

# mysql -u root -pyour_mysql_root_pass

Create the database and user for Gitea:

mysql> CREATE USER 'gitea'@'%' IDENTIFIED BY 'db_gitea_password';

mysql> CREATE DATABASE giteadb;

mysql> GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'%';

mysql> FLUSH PRIVILEGES;

mysql> exit;

Now, exit the container:

# exit

Since we will need to connect Gitea to the database, we need to check the IP address of the container:

$ docker inspect mysql-gitea

The IP is 172.17.0.2.

Configuring Gitea with Docker

Gitea needs to be connected to the MySQL database. We need to indicate the IP address of the container and the credentials of the database user that it will need to establish the communication. The information is listed below:

The type of database is mysql.
The IP address of the MySQL container is 172.17.0.2.
The name of the database is giteadb.
The database user name is gitea.
The database user password is db_gitea_password.
The port used by Gitea is 3000.

When running Gitea, we will use some volume to keep the data persistent on the server. We will use the latest stable release of Gitea by mentioning the tag latest on the Docker command:

$ docker run -d --name gitea -v /opt/volume/gitea:/data -p 3000:3000 -e VIRTUAL_HOST=gitea.domain.cloud -e VIRTUAL_PORT=3000 -e USER_UID=1001 -e USER_GID=1001 -e DB_TYPE=mysql -e DB_HOST=172.17.0.2:3306 -e DB_NAME=giteadb -e DB_USER=gitea-user -e DB_PASSWD=gitea@123 gitea/gitea:latest

We can check if it is running:

$ docker ps

Our Docker containers (mysql-gitea and gitea) are running.

Configuring NGINX and the SSL Certificate

We will use NGINX as our reverse proxy to serve all the requests of our Gitea service. First, we need to install it:

$ sudo apt install nginx

Now, we need to create the configuration of Gitea. We will also set the configuration to force all HTTP requests to HTTPS. In our case, we will use a let's encrypt certificate for the demonstration. (Also, we will assume you already have your certificate.) We will indicate the path of the certificate and key files in the Gitea configuration file:

$ sudo vim /etc/nginx/sites-available/gitea.conf

server {
        server_name gitea.domain.cloud;
        listen 80;
        access_log /var/log/nginx/gitea.log;
        return 301 https://$host$request_uri;
}
server {
        server_name gitea.domain.cloud;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/gitea.log;
        ssl_certificate /etc/letsencrypt/live/gitea.domain.cloud/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/gitea.domain.cloud/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        add_header Strict-Transport-Security "max-age=31536000";
        location / {
                proxy_pass http://localhost:3000;
                proxy_set_header X-Forwarded-Host $host:$server_port;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

Next, create a symbolic of the configuration file:

$ sudo ln -s /etc/nginx/sites-available/gitea.conf /etc/nginx/sites-enabled/gitea.conf

We will remove the default configuration to avoid any conflict with the default configuration of NGINX:

sudo rm /etc/nginx/sites-enabled/default

Let's start the NGINX service:

$ sudo systemctl start nginx

Then, enable it on startup:

$ sudo systemctl enable nginx

Check your configuration:

$ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now, restart the service to take the configuration into consideration:

$ sudo systemctl restart nginx

Open the ports 80 and 443 on the firewall:

$ sudo ufw allow 80,443/tcp

Finally, restart your firewall:

$ sudo ufw disable && sudo ufw enable

Accessing Gitea through Your Browser

Now, open your browser and continue the installation of Gitea using the URL https://giteadomain.com that you have configured. The first section is the database configuration: