Itzik Gur - 27.02.202420240227

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

How to Deploy Containerised Gitea Source Repository with PostgreSQL

Gitea is an open-source, self-hosted Git platform. It’s a painless, all-in-one software development service with a simple user interface, allowing you to manage repositories within your own servers easily. As such, it’s perfect for smaller teams and individual developers.

Navigating new platforms is always challenge, even with an easy-to-use one like Gitea. But fret not! We prepared this short blog detailing how to deploy Gitea source repository with PostgreSQL database using podman and podman pod. All you have to is follow the steps below.

How to Create a Custom SSL Certificate for Git Server

Create a directory on the git server

mkdir /root/git_certs

Create a private key with which to sign the certificate signing request (CSR). The private key must be UNENCRYPTED. If you already have a private key for this server, skip this step

openssl genrsa -out /root/git_cert/git_cert_key.pem 4096

Create the openssl.cnf configuration file for the CSR and include the following content. Skip this step if the file already exists:

[ req ] 
req_extensions = v3_req 
distinguished_name = req_distinguished_name 
x509_extensions = usr_cert 
prompt = no 

[ req_distinguished_name ] 
C = AU 
ST = Victoria 
L = North Sydney 
O = Organisation 
OU = IT Department 
CN = aap02.example.net
 
[ v3_req ] 
basicConstraints = CA:FALSE 
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection 
subjectAltName = @alt_names 

[ usr_cert ] 
basicConstraints=CA:FALSE 
nsCertType = client, server, email 
keyUsage = nonRepudiation, digitalSignature, keyEncipherment 
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection 
nsComment = "OpenSSL Generated Certificate" 
subjectKeyIdentifier=hash 
authorityKeyIdentifier=keyid,issuer 

[ alt_names ] 
DNS.1 = aap02.example.net 
DNS.2 = git-repo.example.net

Generate CSR using the following command:

openssl req -new \ 
-key /root/git_cert/git_cert_key.pem \ 
-config /root/git_cert/openssl.cnf \ 
-out /root/git_cert/git_cert_csr.pem

Send the CSR to generate the certificate. Make sure to request the bundle or RootCA to create a bundle. This will be used later during the configuration of Gitea

How to Deploy Gitea Source Repository

Install podman and podman-plugins on the server

dnf install podman podman-plugins -y

Create two podman volumes: postgresdb and gitea. The first volume will be used to store postgreSQL database files, the other one will be used to store permanently gitea data and repositories

podman volume create postgresdb 
podman volume create gitea

Create a new pod. This pod exposes ports 3000/tcp and 222/tcp

podman pod create --name gitea-pod -p 3000:3000 -p 222:22

Create a postgreSQL container. Remember to change the username and password to something more elaborate

podman create --rm -dt --name postgres --pod gitea-pod \ 
-v postgresdb:/var/lib/postgresql/data \ 
-e POSTGRES_USER=gitea \ 
-e POSTGRES_PASSWORD=gitea \ 
-e POSTGRES_DB=gitea postgres:14

Create a Gitea container. Make sure to specify your postgreSQL username and password

podman create -dt --rm --name gitea --pod gitea-pod \ 
-v gitea:/data \ 
-v /etc/localtime:/etc/localtime:ro \ 
-e USER_UID=1000 -e USER_GID=1000 \ 
-e GITEA__database__DB_TYPE=postgres \ 
-e GITEA__database__HOST=postgres:5432 \ 
-e GITEA__database__NAME=gitea \ 
-e GITEA__database__USER=gitea \ 
-e GITEA__database__PASSWD=gitea gitea/gitea

Create systemd service accounts. I found that in some instances, the systemd units do not work if they are generated fully automatically, so I create them manually one by one

cd /etc/systemd/system/ 
podman generate systemd gitea --files --new > gitea-container.service 
podman generate systemd postgres --files --new > postgres-container.service 
podman generate systemd --files --new gitea-pod > gitea-pod.service

Reload the systemd unit files

systemd daemon-reload

Enable the gitea-pod service

systemd enable –-now gitea-pod.service

Restart the Service

systemd restart gitea-pod.service

Navigate to http://host_name:3000. If the page loads, the initial configuration has been done. Stop service

systemd stop gitea-pod.service

On the host, navigate to /var/lib/containers/storage/volumes/gitea/_data/gitea/conf
Edit app.ini configuration file to read:

[server] 
APP_DATA_PATH = /data/gitea 
DOMAIN = aap02 
SSH_DOMAIN = aap02 
PROTOCOL = https 
HTTP_PORT = 3000 
ROOT_URL = https://aap02.example.net:3000/ 
CERT_FILE = cert.pem 
KEY_FILE  = key.pem

Copy cert.pem and key.pem to /var/lib/containers/storage/volumes/gitea/_data/gitea, ensuring that user:group are set the same as for other directories in this location (that would be gitea USER_ID GROUP_ID, used to create a container). Ensure that the cert.pem is a bundle with the server’s certificate listed as the first one
Start the containers
Navigate to the repository using https://server_name. Make sure to open 3000/tcp on the firewalld if used
Create Admin account
Enable DISABLE_REGISTRATION = true in app.ini and restart the pod

And there you have it! We hope this guide made deploying Gitea source repositories a stress-free process for you. Check out Insentra Insights for more helpful tips, tricks and strategies to further elevate your modern workplace.

If you’d like assistance or guidance on how you can improve your tech stack, contact us today to start a conversation.