GITea

NOTE: i moved to Forgejo, so this page is not updated anymore.

GITEA is a nice web gui for GIT. It is actually much more and allows for GIT fine tuning of remote repositories and access control. It can be used to version-control any kind of sources, including text documents and scripts.

Installing is easy:

 > echo ">=acct-user/git-0-r3 gitea" >> /etc/portage/package.use/gitea
 > emerge -v gitea

Then you want to move repositories and data and config to your RAID drive, this can be done by changing user gitea home folder:

 > usermod -d /data/daemons/gitea -m gitea

Adapt default config, edit /etc/conf.d/gitea:

GITEA_CONF="/data/daemons/gitea/app.ini"
GITEA_WORK_DIR="/data/daemons/gitea"

and also edit your /data/daemons/gitea/app.ini:

BASE_URL = https://home.mydomain.com/gitea/
HTTP_ADDR = 127.0.0.1
HTTP_PORT = 3001

Reverse Proxy setup

And setup NGINX reverse proxy by creating gitea.conf:

  location /gitea/ {
        client_max_body_size 512M;
 
        # make nginx use unescaped URI, keep "%2F" as is
        rewrite ^ $request_uri;
        rewrite ^/gitea(/.*) $1 break;
        proxy_pass http://127.0.0.1:3001$uri;
 
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-WEBAUTH-USER $remote_user;
        proxy_set_header Authorization "";
    }

(refer to The Reverse Proxy concept for more details on this)

Now your remote URLs are in the following format:

 For SSH urls: ssh://git@home.mydomain.com:ssh_port/user/repo.git
Using Reverse Proxy authentication

GITea support reverse proxy authentication. The above NGINX config already set it up, but you need to open GITea settings and go to Authentication Sources and replace the existing one (or add a new one) ad PAM_Auth. The settings you need are:

  • pam_service_name: system-local-login

that's it.