add basic gitea with nginx reverse proxy

compose.yml

@@ -8,6 +8,13 @@ services:
       - "443:443"
     volumes:
       - ./website/letsencrypt:/etc/letsencrypt
+  gitea:
+    restart: always
+    image: gitea/gitea:latest
+    ports:
+      - "2222:22"
+    # TODO add volumes for gitea default settings
+    # TODO add volumes to save data
   monerod:
     restart: always
     build: monerod/.

website/Dockerfile

@@ -6,14 +6,11 @@ RUN apt-get install -y nginx certbot python3-certbot-nginx
 
 RUN rm /etc/nginx/sites-enabled/default
 
-# enable matthewtran.com
+# enable site
 COPY matthewtran.com /etc/nginx/sites-available
 RUN  ln -s /etc/nginx/sites-available/matthewtran.com /etc/nginx/sites-enabled/matthewtran.com
 COPY html /var/www/matthewtran.com/html
 
-# TODO gitea
-# disable registration!
-
 # start script
 WORKDIR /root
 COPY entry.sh ./

website/entry.sh

@@ -1,18 +1,19 @@
 #!/bin/sh
 
+# server needs to be up to grab certificates
 nginx
 while [ ! -f /var/run/nginx.pid ]
 do
     sleep 1
 done
 
-# server needs to be up to grab certificates
 certbot --nginx \
     --test-cert \
     --webroot-path /var/www/matthewtran.com \
     --non-interactive --agree-tos -m matthewlamtran@berkeley.edu \
     -d matthewtran.com \
-    -d www.matthewtran.com
+    -d www.matthewtran.com \
+    -d git.matthewtran.com
 
 nginx -s reload
 

website/matthewtran.com

@@ -11,3 +11,19 @@ server {
         try_files $uri $uri/ =404;
     }
 }
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name git.matthewtran.com;
+
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://gitea:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}