This space is dedicated to Gitea, which is a lightweight open source web application for self hosting and managing git repositories. Here you will find extensive information on running Gitea on the Edge.
This guide walks you step by step until you get Gitea published as a service on the Edge that can be accessed on the Internet.
Make sure that all of the mandatory prerequisites have been met before progressing further.
| Name | Source | Description |
|---|---|---|
| <CONTAINER_NAME> | User input | The name of the Linux container where the app runs. |
| <DB_PASSWORD> | User input | The password for logging in with the gitea PostgreSQL user. |
| <IP_ADDRESS__CONTAINER> | Generated | The IPv4 address of the contaier run by the server on the Edge. |
| <IP_ADDRESS_INET_GW> | Linux VPS Admin Panel | |
| <GITEA_WEBSITE_DOMAIN> | User input | The host for the A record created with your domain registrar, e.g. git.myowndomain.net. |
Gitea can be scaled a lot even for home usage by allowing for git interactions over SSH. However, this requires additional configuration that our team hasn't explored yet. Hence, the currently described setup only supports git operations over HTTPS.
Run the following commands on your server on the Edge.
incus launch images:archlinux/current <CONTAINER_NAME>
incus exec <CONTAINER_NAME> bash
vi /etc/pacman.conf
Un-comment ParallelDownloads = 5.
vi /etc/locale.gen
Un-comment the needed locales.
locale-gen
vi /etc/locale.conf
Set LANG to a generated system locale.
reboot
incus exec <CONTAINER_NAME> bash
pacman -S archlinux-keyring && pacman -Syyuu fish
chsh -s /usr/bin/fish
From here on the root user will use fish as default shell.
In order to complete this stage you need to perform the following commands in the container run by the server on the Edge.
If you are not already within the container, run the following command on your server on the Edge to log in as
root.
incus exec <CONTAINER_NAME> fish
pacman -Syyuu postgresql
su - postgres -c 'initdb --locale=C.UTF-8 --encoding=UTF8 -D /var/lib/postgres/data --data-checksums'
systemctl enable postgresql
systemctl start postgresql
Verify that the stage has been completed successfully by running the following command in the container. Its output should indicate that the service is running.
systemctl status postgresql
In order to complete this stage you need to perform the following commands in the container run by the server on the Edge.
If you are not already within the container, run the following command on your server on the Edge to log in as
root.
incus exec <CONTAINER_NAME> fish
Take a not of the password for the database user. It will be denoted with a variable <DB_PASSWORD>.
sudo -u postgres createuser -P gitea
Take a note of the password <DB_PASSWORD>.
sudo -u postgres createdb -O gitea gitea
Set up local connections via Unix socket.
sudo -u postgres vi /var/lib/postgres/data/pg_hba.conf
Make sure it contains this line, save the file, and exit.
local gitea gitea peer
systemctl restart postgresql
Verify that the configuration works well.
sudo -u gitea psql --host=/run/postgresql/ --dbname=gitea --username=gitea --password
pacman -Syyuu redis
systemctl start redis
systemctl enable redis
mkdir -p /opt/gitea/tls/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /opt/gitea/tls/gitea.key \
-out /opt/gitea/tls/gitea.crt
openssl x509 -in /opt/gitea/tls/gitea.crt -out /opt/gitea/tls/cert.pem
openssl rsa -in /opt/gitea/tls/gitea.key -text > /opt/gitea/tls/key.pem
chown gitea:gitea -R /opt/gitea/tls
In order to complete this stage you need to perform the following commands in the container run by the server on the Edge.
If you are not already within the container, run the following command on your server on the Edge to log in as
root.
incus exec <CONTAINER_NAME> fish
pacman -Syyuu gitea
cp /etc/gitea/app.example.ini /etc/gitea/app.ini
chown gitea:gitea /etc/gitea/app.ini
vi /etc/gitea/app.ini
Make sure the configuration file has been amended to reflect your needs and landscape.
Do not forget to substitute all occurrences of <GITEA_WEBSITE_DOMAIN> and <DB_PASSWORD> with the real values.
DOMAIN = <GITEA_WEBSITE_DOMAIN>
PROTOCOL = https
ROOT_URL = https://<GITEA_WEBSITE_DOMAIN>/
HTTP_ADDR = 0.0.0.0
HTTP_PORT = 3000
ENABLE_GZIP = true
ENABLE_ACME = false
CERT_FILE = /opt/gitea/tls/cert.pem
KEY_FILE = /opt/gitea/tls/key.pem
DB_TYPE = postgres
HOST = /run/postgresql/
NAME = gitea
USER = gitea
PASSWD = <DB_PASSWORD>
TYPE = redis
CONN_STR = "addrs=127.0.0.1:6379 db=0"
systemctl enable gitea.service
systemctl start gitea.service
You should be able to run a successful HTTP request against the Gitea server from within the container.
curl -k https://localhost:3000
You should be able to send a HTTP request and receive a response against the Gitea server from within the server on the Edge or any other network device that can communicate with the server on the Edge.
curl -k https://localhost:3000
In a terminal on on the server on the Edge run the following command to forward incoming HTTP connections on port 3000 of the server to port 3000 on the container.
incus config device add <CONTAINER_NAME> https-gitea-3000 proxy listen=tcp:0.0.0.0:3000 connect=tcp:127.0.0.1:3000
From here on the Gitea server should be accessible from the server and any other device in the same network.
curl -k https://localhost:3000
Make sure that you have created an A domain record for <GITEA_WEBSITE_DOMAIN> with your domain registrar and you have waited for this record to become active.
If you use a domain name and that's not picked up by the domain name servers yet, Caddy will not be able to serve HTTPS requests because of Let's Encrypt (An SSL certificate authority) failing to verify the validity (ownership over) of the domain.
ssh mycelium@<IP_ADDRESS__INET_GW>
sudo su -
Add the following to /etc/caddy/Caddyfile.
<GITEA_WEBSITE_DOMAIN> {
reverse_proxy <IP_ADDRESS_INET_GW>:3000 {
transport http {
tls_insecure_skip_verify
}
}
}
systemctl reload caddy
If everything is configured well, you should be able to access Gitea through its domain name by using a web browser by typing
https://<GITEA_WEBSITE_DOMAIN>in the address bar. The first time you hit the app URL, you will go through the web installer of Gitea in order to complete the setup of the application.