Differences

This shows you the differences between two versions of the page.

--- services:forgejo [2024/09/11 07:12] – created willy
+++ services:forgejo [2025/12/02 14:01] (current) – willy
@@ Line 4: / Line 4: @@
 Easy to install and low maintenance, it just does the job. It is a nice web gui for GIT. It is actually much more and allows for GIT fine tuning of remote repositories and access control. It can be used to version-control any kind of sources, including text documents and scripts.
-Forgejo is the evolution of [[services:gitea|GITea]], from which it forked some time ago out of concerns for monetization strategies and ambiguous behaviour from GITEA parent company.
+Forgejo is the evolution of [[services:obsolete:gitea|GITea]], from which it forked some time ago out of concerns for monetization strategies and ambiguous behaviour from GITEA parent company.
 ===== Installation =====
@@ Line 44: / Line 44: @@
 [server]
-ROOT_URL = https://home.mydomain.com/forgejo/
+ROOT_URL = https://git.mydomain.com/
 HTTP_ADDR = 127.0.0.1
 HTTP_PORT = 3001
@@ Line 55: / Line 55: @@
 DB_TYPE = sqlite3
 HOST = 127.0.0.1:3306
-NAME = gitea
+NAME = forgejo
 USER = root
-PASSWD =
-SCHEMA =
-SSL_MODE = disable
 PATH = /data/git-repos/forgejo.db
 LOG_SQL = false
@@ Line 65: / Line 62: @@
 [log]
 MODE = file
-; ; Either "Trace", "Debug", "Info", "Warn", "Error" or "None", default is "Info"
 LEVEL = info
 ROOT_PATH = /var/log/forgejo
@@ Line 74: / Line 70: @@
 [lfs]
 PATH = /data/git-repos/lfs
-</flie>
+</file>
 i have omitted most of the lines, those are only the ones you need to specifically edit. Forgejo itself will add the others after first run. Adapt paths and port to your needs!
@@ Line 82: / Line 78: @@
 ./forgejo
 </code>
+One last step is to ensure your **app.ini** is safe if you reinstlal Forgejo. Since i do backup the git repos folder but not the daemons folder, i just move it there and link it back:
+<code bash>
+cd ~/custom/conf/
+mv app.ini /data/git-repos
+ln -s /data/git-repos/app.ini .
+</code>
+Note that your **git** user //~/.ssh// must exist and the permission chain into it must be set properly!
+The /data/daemons/git must be **750** and the /data/daemons/git/.ssh should be **700** (but 750 should do the trick as well).
 ==== Reverse Proxy setup ====
@@ Line 87: / Line 93: @@
 And setup NGINX reverse proxy by creating **forgejo.conf**:
 <file forgejo.conf>
-  location /forgejo/ {
+server {
+        server_name git.mydomain.com;
+        listen 443 ssl;
+        listen 8443 ssl;
+        http2 on;
         client_max_body_size 512M;
-        # make nginx use unescaped URI, keep "%2F" as is
+        access_log /var/log/nginx/git.mydomain.com_access_log main;
-        rewrite ^ $request_uri;
+        error_log /var/log/nginx/git.mydomain.com_error_log info;
-        rewrite ^/forgejo(/.*) $1 break;
-        proxy_pass http://127.0.0.1:3001$uri;
-        proxy_set_header Connection $http_connection;
+        location / { # The trailing / is important!
-        proxy_set_header Upgrade $http_upgrade;
+                proxy_pass        http://127.0.0.1:3001/; # The / is important!
-        proxy_set_header Host $host;
+                proxy_set_header  X-Script-Name /;
-        proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header  Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_http_version 1.1;
-        proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_buffering off;
-        proxy_set_header X-WEBAUTH-USER $remote_user;
+                proxy_set_header Connection "upgrade";
-        proxy_set_header Authorization "";
+                proxy_set_header X-Real-IP $remote_addr;
-    }
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                # The following lines for propagating Proxy Auth (comment if you don't use it):
+                proxy_set_header X-WEBAUTH-USER $remote_user;
+                proxy_set_header Authorization "";
+        }
+        include com.mydomain/certbot.conf;
+}
 </file>
 (refer to [[selfhost:nginx|The Reverse Proxy concept]] for more details on this)
@@ Line 109: / Line 125: @@
 Now your remote URLs are in the following format:
 <code>
- For SSH urls: ssh://git@home.mydomain.com:ssh_port/user/repo.git
+ For SSH urls: ssh://git@git.mydomain.com:ssh_port/user/repo.git
 </code>
+Note, while you can use a subpath instead of a subdomain, going that route will leave you with inconsistent SSH/HTTPS GIT URLs as the web URL will contain the subpath while the SSH command cannot understand it.
 == Using Reverse Proxy authentication ===
-GITea support reverse proxy authentication. The above NGINX config already set it up, but you need to open GITea settings and go to **Authentication Sources** and replace the existing one (or add a new one) ad **PAM_Auth**. The settings you need are:
+Forgejo support reverse proxy authentication. The above NGINX config already set it up, but you need to open GITea settings and go to **Authentication Sources** and replace the existing one (or add a new one) ad **PAM_Auth**. The settings you need are:
   * pam_service_name: system-local-login
-that's it.
+that's it. This will work with your SSO.
 ==== Autostart ====
@@ Line 129: / Line 148: @@
 description="ForgeJo, a self-hosted Git service"
-command="/deposito/daemons/forgejo/forgejo"
+command="/data/daemons/forgejo/forgejo"
 command_args=""
 command_background="true"

Willy's Wiki

User Tools

Differences