Gitea is an open-source, self-hosted Git platform. It’s a painless, all-in-one software development service with a simple user interface, allowing you to manage repositories within your own servers easily. As such, it’s perfect for smaller teams and individual developers.
Navigating new platforms is always challenge, even with an easy-to-use one like Gitea. But fret not! We prepared this short blog detailing how to deploy Gitea source repository with PostgreSQL database using podman and podman pod. All you have to is follow the steps below.
How to Create a Custom SSL Certificate for Git Server
- Create a directory on the git server
mkdir /root/git_certs
- Create a private key with which to sign the certificate signing request (CSR). The private key must be UNENCRYPTED. If you already have a private key for this server, skip this step
openssl genrsa -out /root/git_cert/git_cert_key.pem 4096
- Create the openssl.cnf configuration file for the CSR and include the following content. Skip this step if the file already exists:
[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name
x509_extensions = usr_cert
prompt = no
[ req_distinguished_name ]
C = AU
ST = Victoria
L = North Sydney
O = Organisation
OU = IT Department
CN = aap02.example.net
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
subjectAltName = @alt_names
[ usr_cert ]
basicConstraints=CA:FALSE
nsCertType = client, server, email
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ alt_names ]
DNS.1 = aap02.example.net
DNS.2 = git-repo.example.net
- Generate CSR using the following command:
openssl req -new \
-key /root/git_cert/git_cert_key.pem \
-config /root/git_cert/openssl.cnf \
-out /root/git_cert/git_cert_csr.pem
- Send the CSR to generate the certificate. Make sure to request the bundle or RootCA to create a bundle. This will be used later during the configuration of Gitea
How to Deploy Gitea Source Repository
- Install podman and podman-plugins on the server
dnf install podman podman-plugins -y
- Create two podman volumes: postgresdb and gitea. The first volume will be used to store postgreSQL database files, the other one will be used to store permanently gitea data and repositories
podman volume create postgresdb
podman volume create gitea
- Create a new pod. This pod exposes ports 3000/tcp and 222/tcp
podman pod create --name gitea-pod -p 3000:3000 -p 222:22
- Create a postgreSQL container. Remember to change the username and password to something more elaborate
podman create --rm -dt --name postgres --pod gitea-pod \
-v postgresdb:/var/lib/postgresql/data \
-e POSTGRES_USER=gitea \
-e POSTGRES_PASSWORD=gitea \
-e POSTGRES_DB=gitea postgres:14
- Create a Gitea container. Make sure to specify your postgreSQL username and password
podman create -dt --rm --name gitea --pod gitea-pod \
-v gitea:/data \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID=1000 -e USER_GID=1000 \
-e GITEA__database__DB_TYPE=postgres \
-e GITEA__database__HOST=postgres:5432 \
-e GITEA__database__NAME=gitea \
-e GITEA__database__USER=gitea \
-e GITEA__database__PASSWD=gitea gitea/gitea
- Create systemd service accounts. I found that in some instances, the systemd units do not work if they are generated fully automatically, so I create them manually one by one
cd /etc/systemd/system/
podman generate systemd gitea --files --new > gitea-container.service
podman generate systemd postgres --files --new > postgres-container.service
podman generate systemd --files --new gitea-pod > gitea-pod.service
- Reload the systemd unit files
systemd daemon-reload
- Enable the gitea-pod service
systemd enable –-now gitea-pod.service
- Restart the Service
systemd restart gitea-pod.service
- Navigate to http://host_name:3000. If the page loads, the initial configuration has been done. Stop service
systemd stop gitea-pod.service
- On the host, navigate to /var/lib/containers/storage/volumes/gitea/_data/gitea/conf
- Edit app.ini configuration file to read:
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = aap02
SSH_DOMAIN = aap02
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://aap02.example.net:3000/
CERT_FILE = cert.pem
KEY_FILE = key.pem
- Copy cert.pem and key.pem to /var/lib/containers/storage/volumes/gitea/_data/gitea, ensuring that user:group are set the same as for other directories in this location (that would be gitea USER_ID GROUP_ID, used to create a container). Ensure that the cert.pem is a bundle with the server’s certificate listed as the first one
- Start the containers
- Navigate to the repository using https://server_name. Make sure to open 3000/tcp on the firewalld if used
- Create Admin account
- Enable DISABLE_REGISTRATION = true in app.ini and restart the pod
And there you have it! We hope this guide made deploying Gitea source repositories a stress-free process for you. Check out Insentra Insights for more helpful tips, tricks and strategies to further elevate your modern workplace.
If you’d like assistance or guidance on how you can improve your tech stack, contact us today to start a conversation.