阿里云 ECS 搭建 Gitea 以及配置 Nginx 代理开启 https 和二级域名访问

一、创建用户

sudo useradd git

二、安装 git

sudo dnf install -y git

三、创建数据库

mysql -u root -p

CREATE USER 'gitea'@'%' IDENTIFIED BY '123456';
CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_bin';
GRANT ALL PRIVILEGES ON gitea.* TO 'gitea';
FLUSH PRIVILEGES;
EXIT

四、安装及配置 Gitea

4.1 创建工作目录

sudo mkdir -p /opt/gitea/{custom,data,log,conf,bin}

cd /opt/gitea/bin/
sudo wget -O gitea https://dl.gitea.com/gitea/1.22.1/gitea-1.22.1-linux-amd64
sudo chmod +x gitea

sudo chown -R git:git /opt/gitea
sudo chmod -R 750 /opt/gitea

4.2 创建服务

sudo vim /etc/systemd/system/gitea.service

[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target
###
# Don't forget to add the database service dependencies
###
#
Wants=mysqld.service
After=mysqld.service
#
#Wants=mariadb.service
#After=mariadb.service
#
#Wants=postgresql.service
#After=postgresql.service
#
#Wants=memcached.service
#After=memcached.service
#
#Wants=redis.service
#After=redis.service
#
###
# If using socket activation for main http/s
###
#
#After=gitea.main.socket
#Requires=gitea.main.socket
#
###
# (You can also provide gitea an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/gitea.main.socket
###
##
## [Unit]
## Description=Gitea Web Socket
## PartOf=gitea.service
##
## [Socket]
## Service=gitea.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###

[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
# LimitNOFILE=524288:524288
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/opt/gitea/
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/opt/gitea/bin/gitea web --config /opt/gitea/conf/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/opt/gitea
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
# set the following value to false to allow capabilities to be applied on gitea process. The following
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
# in the host user namespace.
###
#PrivateUsers=false
###

[Install]
WantedBy=multi-user.target

sudo systemctl start gitea
sudo systemctl enable gitea

访问地址 http://ip:3000

五、配置 Nginx 代理

如果直接通过端口访问 Gitea，则不需要这一步。如果自己有域名和SSL证书，可以做这一步开启https + 二级域名的方式访问 Gitea。

配置文件中的 example.com 替换成自己的域名，记得上传证书到 /etc/nginx/cert 目录下

sudo vim /etc/nginx/conf.d/gitea.conf

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  git.example.com;

    ssl_certificate "/etc/nginx/cert/example.com.crt";
    ssl_certificate_key "/etc/nginx/cert/example.com.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:3000/;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

sudo systemctl restart nginx

访问地址 https://二级域名