Deployment Overview of Gitea on Server¶

Prerequisites and Basic Requirements¶

To successfully deploy Gitea on the server, the following requirements must be met:

Operating System: Ubuntu (compatible with apt package manager).
Privileges: Root access or sudo privileges are required for installation and configuration.
Domain: The deployment utilizes the hostkey.in zone.
Network: Docker and Docker Compose must be installed and functional on the host.
Ports: The system exposes ports for HTTP, HTTPS, and SSH as defined in the configuration.

FQDN of the Final Panel¶

The Gitea instance is accessible via the Fully Qualified Domain Name (FQDN) following this format:

gitea<Server ID>.hostkey.in:443

The external access port is configured to 443 for secure HTTPS connections, while the internal application port is 3000.

File and Directory Structure¶

The deployment organizes configuration files, data, and certificates into specific directories on the host file system:

Application Data: /srv/gitea (Contains Gitea repositories, user data, and logs).
Application Binaries and Config: /opt/gitea (Stores the Docker Compose definition for Gitea).
Nginx and SSL Configuration: /root/nginx (Stores the proxy and Certbot Docker Compose file).
Nginx User Configuration: /data/nginx/user_conf.d (Contains specific site configurations for the proxy).
System Timezone Settings:
/etc/timezone
/etc/localtime (Symlinked to /usr/share/zoneinfo/Europe/Moscow)

Application Installation Process¶

Gitea is deployed using Docker containers managed by Docker Compose. The installation involves setting up the directory structure and launching the service with the following specifications:

Software Version: Gitea version 1.22.2.
Container Image: gitea/gitea:1.22.2.
Container Name: gitea.
User Configuration:
USER_UID is set to 1000.
USER_GID is set to 1000.
Timezone: The container and host are configured to use Europe/Moscow.

The deployment script performs the following actions:

Installs Docker and required packages, including docker-compose.
Creates the /opt/gitea directory for the application definition.
Creates the /srv/gitea directory for persistent data storage.
Generates a docker-compose.yml file in /opt/gitea.
Configures the system timezone.
Launches the Gitea container in detached mode.

Access Rights and Security¶

Security and access control are managed through Docker networking and host-level configurations:

Container Network: Gitea runs on an isolated Docker network named gitea.
Restart Policy: The Gitea container is configured with restart: always to ensure high availability.
Host Directory Permissions:
/opt/gitea: Owned by root with 0755 permissions.
/srv/gitea: Owned by root (as defined by gitea_user in the source) with 0755 permissions.
/root/nginx: Owned by root with 0755 permissions.

Databases¶

Gitea utilizes an internal SQLite database by default within the application container, stored in the persistent volume mounted at /srv/gitea on the host. No external database connection parameters are defined in the provided configuration.

Docker Containers and Their Deployment¶

Two primary Docker services are deployed: the Gitea application and the Nginx proxy with Certbot.

Gitea Container¶

The Gitea container is defined in /opt/gitea/docker-compose.yml.

Image: gitea/gitea:1.22.2
Volumes:
/srv/gitea mounted to /data inside the container.
Host timezone files mounted read-only to /etc/timezone and /etc/localtime.
Ports:
3000:3000 (Web interface).
222:22 (SSH interface for Git operations).

Nginx Proxy Container¶

The proxy service is defined in /root/nginx/compose.yml (generated from a template).

Image: jonasal/nginx-certbot:latest
Restart Policy: unless-stopped.
Environment:
CERTBOT_EMAIL: [email protected].
Volumes:
nginx_secrets (external volume) mounted to /etc/letsencrypt.
/data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.
Network Mode: host (uses the host network stack directly).

Proxy Servers¶

The deployment uses Nginx with Certbot for SSL termination and reverse proxying.

Configuration File: /data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf.
Proxy Logic: The configuration directs traffic from the root path / to the internal Gitea service at http://127.0.0.1:3000.
SSL: Managed automatically by the nginx-certbot container using Let's Encrypt certificates stored in the nginx_secrets volume.
External Path: /.
Internal Path: /.

Permission Settings¶

Location of Configuration Files and Data¶

Key configuration files and data locations are as follows:

Gitea Docker Compose: /opt/gitea/docker-compose.yml.
Gitea Data: /srv/gitea.
Nginx Proxy Compose: /root/nginx/compose.yml.
Nginx Site Config: /data/nginx/user_conf.d/gitea<Server ID>.hostkey.in.conf.
Environment Variables for Nginx: /data/nginx/nginx-certbot.env.

Available Ports for Connection¶

The following ports are exposed for client connections:

HTTPS (Web Interface): 443 (External).
HTTP (Internal): 3000 (Used internally by Nginx to reach Gitea).
SSH (Git Operations): 222 (External).

Starting, Stopping, and Updating¶

Service management is handled via Docker and Docker Compose commands.

Starting Gitea:
```
cd /opt/gitea
docker-compose up -d
```
Stopping Gitea:
```
cd /opt/gitea
docker-compose down
```
Starting Nginx Proxy:
```
cd /root/nginx
docker compose up -d
```
Stopping Nginx Proxy:
```
cd /root/nginx
docker compose down
```
Updating Gitea: To update the Gitea version, modify the gitea_version variable in the configuration, update the image tag in /opt/gitea/docker-compose.yml to the desired version (e.g., gitea/gitea:<new_version>), and restart the service:
```
cd /opt/gitea
docker-compose pull
docker-compose up -d
```