---
navigation: true
title: Gitea
main:
  fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Gitea

::alert{type="info"}
🎯 __Goals:__
- Install Gitea
- Expose Gitea using Swag
::

[Gitea](https://about.gitea.com/) is a self-hosted DevOps platform that allows you to manage repositories much like GitHub, but on your own infrastructure.

![gitea](https://about.gitea.com/img/home-screenshot.png)

## Installation
---
Folder structure

```console
root
└── docker
    └── gitea
        └── data
```

Open Dockge, click on `compose`, name the stack `gitea`, and paste the following content:

```yaml
---
networks:
  gitea:
    external: false
services:
  server:
    image: gitea/gitea:1.22.0
    container_name: gitea
    environment:
      - USER_UID=${UID}
      - USER_GID=${GID}
      - TZ=Europe/Paris
    restart: unless-stopped
    networks:
      - gitea
    volumes:
      - ./data:/data
    ports:
      - 3333:3000
      - 222:22
```

Fill out the `.env` file with the required information, for example:

```properties
UID=1000
GID=1000
```

Deploy the container and go to `http://yourserverip:3333`. Your Gitea instance is now up and running!

::alert{type="danger"}
:::list{type="danger"}
- __If it fails:__ check your firewall rules.
:::
::

## Exposing Gitea with Swag
---
The benefit of this setup is being able to access it remotely from any of your devices. To do so, we’ll expose Gitea through Swag.

::alert{type="info"}
:::list{type="info"}
- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/networking/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you have already forwarded port `443` from your router to your server’s port `443` in the [NAT rules](/general/networking/nat).
:::
::

In Dockge, go to the SWAG stack and edit the compose file by adding Gitea's network:

```yaml
services:
  swag:
     container_name: # ...
      # ... 
     networks:           # Connect the container to the custom network
      # ...           
      - gitea            # Name of the declared network
    
networks:                # Define the custom network
  # ...
  gitea:                 # Name of the declared network
    name: gitea_default  # Actual external network name
    external: true       # Indicates it's an external network
```

::alert{type="info"}
:::list{type="info"}
- We assume the Gitea network name is `gitea_default`. You can verify connectivity by visiting the SWAG dashboard at http://yourserverip:81.
:::
::

Redeploy the stack by clicking "Deploy" and wait until SWAG is fully operational.

Inside the Swag folders, create the file `gitea.subdomain.conf`.

::alert{type="success"}
✨ __Tip:__ You can use [File Browser](/serveex/files/file-browser) to navigate and edit your files instead of using terminal commands.
::

```shell
sudo vi /docker/swag/config/nginx/proxy-confs/gitea.subdomain.conf
```
Press `i` to enter edit mode and paste the configuration below:

```nginx
## Version 2023/12/19

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name gitea.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app gitea;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/gitea)?/info/lfs {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app gitea;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}
```

Press `Esc`, then save and exit by typing `:x` and hitting `Enter`.

Now open the `app.ini` file from the container's file system:

```shell
sudo vi /docker/gitea/data/gitea/conf/app.ini
```

Press `i` to edit, then modify the server section with your domain information:

```properties
[server]
DOMAIN = gitea.yourdomain.com
SSH_DOMAIN = gitea.yourdomain.com
ROOT_URL = https://gitea.yourdomain.com/
```

Press `Esc`, save and exit with `:x`, then restart the container.

And that’s it! Gitea is now exposed to the web.

::alert{type="success"}
✨ __Tip:__ You can natively protect this app with Authentik by [following these instructions](https://docs.goauthentik.io/integrations/services/gitea/).
::