Update nginx.conf for SSL and add gitea app.ini file

2025-06-16 20:18:05 -07:00 · 2025-06-16 20:18:05 -07:00 · 9f58d37c32
commit 9f58d37c32
parent 4bec526ba8
2 changed files with 114 additions and 2 deletions
--- a/app.ini
+++ b/app.ini
@ -0,0 +1,77 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = gitea
+WORK_PATH = /var/lib/gitea/
+RUN_MODE = prod
+
+[database]
+DB_TYPE = postgres
+HOST = 127.0.0.1:5432
+NAME = giteadb
+USER = gitea
+PASSWD = [REDACTED]
+SCHEMA =
+SSL_MODE = disable
+PATH = /var/lib/gitea/data/gitea.db
+LOG_SQL = false
+
+[repository]
+ROOT = /var/lib/gitea/data/gitea-repositories
+
+[server]
+SSH_DOMAIN = git.miti.sh
+DOMAIN = git.miti.sh
+HTTP_PORT = 3000
+ROOT_URL = https://git.miti.sh
+APP_DATA_PATH = /var/lib/gitea/data
+DISABLE_SSH = false
+SSH_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = [REDACTED]
+OFFLINE_MODE = true
+
+[lfs]
+PATH = /var/lib/gitea/data/lfs
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+DISABLE_REGISTRATION = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localhost
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /var/lib/gitea/log
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = [REDACTED]
+PASSWORD_HASH_ALGO = pbkdf2
+
+[oauth2]
+JWT_SECRET = [REDACTED]
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -7,15 +7,22 @@ events {

 http {
    server {
-        listen 8080;
+        listen 80;
+        listen 443 ssl;

        include mime.types;
        charset utf-8;
        default_type text/html;

+	ssl_certificate /var/www/certs/miti.sh/fullchain.pem;
+	ssl_certificate_key /var/www/certs/miti.sh/privkey.pem;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
        try_files $uri $uri/ $uri.html =404;

-        # return `/posts/index.html` from `/posts`
        location = /posts {
            rewrite ^ /posts/ break;
        }
@ -30,4 +37,32 @@ http {
            alias css;
        }
    }
+
+    server {
+	listen 443 ssl;
+	server_name git.miti.sh;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
+	location / {
+            client_max_body_size 1024M;
+            proxy_pass http://localhost:3000;
+            proxy_set_header Connection $http_connection;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+	server_name apps.miti.sh;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+    }
 }