User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:forgejo [2024/09/11 07:13] – [Installation] willyservices:forgejo [2025/12/02 14:01] (current) willy
Line 4: Line 4:
 Easy to install and low maintenance, it just does the job. It is a nice web gui for GIT. It is actually much more and allows for GIT fine tuning of remote repositories and access control. It can be used to version-control any kind of sources, including text documents and scripts. Easy to install and low maintenance, it just does the job. It is a nice web gui for GIT. It is actually much more and allows for GIT fine tuning of remote repositories and access control. It can be used to version-control any kind of sources, including text documents and scripts.
  
-Forgejo is the evolution of [[services:gitea|GITea]], from which it forked some time ago out of concerns for monetization strategies and ambiguous behaviour from GITEA parent company.+Forgejo is the evolution of [[services:obsolete:gitea|GITea]], from which it forked some time ago out of concerns for monetization strategies and ambiguous behaviour from GITEA parent company.
  
 ===== Installation ===== ===== Installation =====
Line 44: Line 44:
  
 [server] [server]
-ROOT_URL = https://home.mydomain.com/forgejo/+ROOT_URL = https://git.mydomain.com/
 HTTP_ADDR = 127.0.0.1 HTTP_ADDR = 127.0.0.1
 HTTP_PORT = 3001 HTTP_PORT = 3001
Line 78: Line 78:
 ./forgejo ./forgejo
 </code> </code>
 +
 +One last step is to ensure your **app.ini** is safe if you reinstlal Forgejo. Since i do backup the git repos folder but not the daemons folder, i just move it there and link it back:
 +<code bash>
 +cd ~/custom/conf/ 
 +mv app.ini /data/git-repos
 +ln -s /data/git-repos/app.ini .
 +</code>
 +
 +Note that your **git** user //~/.ssh// must exist and the permission chain into it must be set properly!
 +The /data/daemons/git must be **750** and the /data/daemons/git/.ssh should be **700** (but 750 should do the trick as well).
  
 ==== Reverse Proxy setup ==== ==== Reverse Proxy setup ====
Line 83: Line 93:
 And setup NGINX reverse proxy by creating **forgejo.conf**: And setup NGINX reverse proxy by creating **forgejo.conf**:
 <file forgejo.conf> <file forgejo.conf>
-  location /forgejo/ {+server { 
 +        server_name git.mydomain.com; 
 +        listen 443 ssl; 
 +        listen 8443 ssl; 
 +        http2 on; 
         client_max_body_size 512M;         client_max_body_size 512M;
  
-        # make nginx use unescaped URI, keep "%2F" as is +        access_log /var/log/nginx/git.mydomain.com_access_log main
-        rewrite ^ $request_uri; +        error_log /var/log/nginx/git.mydomain.com_error_log info;
-        rewrite ^/forgejo(/.*) $1 break+
-        proxy_pass http://127.0.0.1:3001$uri;+
  
-        proxy_set_header Connection $http_connection+        location / { # The trailing / is important! 
-        proxy_set_header Upgrade $http_upgrade+                proxy_pass        http://127.0.0.1:3001/# The / is important! 
-        proxy_set_header Host $host+                proxy_set_header  X-Script-Name /
-        proxy_set_header X-Real-IP $remote_addr; +                proxy_set_header  Host $http_host
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +                proxy_http_version 1.1; 
-        proxy_set_header X-Forwarded-Proto $scheme; +                proxy_buffering off; 
-        proxy_set_header X-WEBAUTH-USER $remote_user; +                proxy_set_header Connection "upgrade"; 
-        proxy_set_header Authorization ""; +                proxy_set_header X-Real-IP $remote_addr; 
-    }+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +                # The following lines for propagating Proxy Auth (comment if you don't use it): 
 +                proxy_set_header X-WEBAUTH-USER $remote_user; 
 +                proxy_set_header Authorization ""; 
 +        } 
 + 
 +        include com.mydomain/certbot.conf; 
 +}
 </file> </file>
 (refer to [[selfhost:nginx|The Reverse Proxy concept]] for more details on this) (refer to [[selfhost:nginx|The Reverse Proxy concept]] for more details on this)
Line 105: Line 125:
 Now your remote URLs are in the following format: Now your remote URLs are in the following format:
 <code> <code>
- For SSH urls: ssh://git@home.mydomain.com:ssh_port/user/repo.git+ For SSH urls: ssh://git@git.mydomain.com:ssh_port/user/repo.git
 </code> </code>
 +
 +Note, while you can use a subpath instead of a subdomain, going that route will leave you with inconsistent SSH/HTTPS GIT URLs as the web URL will contain the subpath while the SSH command cannot understand it.
 +
  
 == Using Reverse Proxy authentication === == Using Reverse Proxy authentication ===
  
-GITea support reverse proxy authentication. The above NGINX config already set it up, but you need to open GITea settings and go to **Authentication Sources** and replace the existing one (or add a new one) ad **PAM_Auth**. The settings you need are:+Forgejo support reverse proxy authentication. The above NGINX config already set it up, but you need to open GITea settings and go to **Authentication Sources** and replace the existing one (or add a new one) ad **PAM_Auth**. The settings you need are:
   * pam_service_name: system-local-login   * pam_service_name: system-local-login
  
-that's it.+that's it. This will work with your SSO.
  
 ==== Autostart ==== ==== Autostart ====
Line 125: Line 148:
 description="ForgeJo, a self-hosted Git service" description="ForgeJo, a self-hosted Git service"
  
-command="/deposito/daemons/forgejo/forgejo"+command="/data/daemons/forgejo/forgejo"
 command_args="" command_args=""
 command_background="true" command_background="true"