commit 619e7433fedffaa95295046f09b22607a9cef62f Author: Nikola Derežić Date: Thu Jan 8 13:05:18 2026 +0100 defined basic stack diff --git a/README.md b/README.md new file mode 100644 index 0000000..2bd608a --- /dev/null +++ b/README.md @@ -0,0 +1,42 @@ +This is stack definition for Gite server running as Docker container. + +# Specs + +* HTTPS publishing + * published via Traefik at "gitea.budakova.org" + * uses TLS provided by Let's Encrypt +* uses `/home/knee-cola/docker/d-gitea/` as root in which directories mounted for Gitea image reside + +## Why TLS + +TLS is used to that docker registry, which is a part of Gitea can be served over HTTPS using LAN IP address. + +# Installation + +1. create directories on docker host machine + +```bash +cd /home/knee-cola/docker/ +mkdir -p ./d-gitea +mkdir -p ./d-gitea/data +mkdir -p ./d-gitea/config +sudo chown 1000:1000 ./d-gitea/config/ ./d-gitea/data/ +``` + +2. Deploy stack/service + +Use Portainer to deploy `docker-compose.yaml` + +This container doesn't use any env variables. + +3. Publish the Gitea web console + +At Cloudflare under ZeroTrust configure tunnel connecting the machine to CloudFlare: add a new published website `gitea.budakova.org` pointing to `https://10.10.1.200` + +4. Publish Gitea registry + +At CloudFlare create a new A DNS record `registry.budakova.org` pointing to local IP address `10.10.1.200`. + +5. Access the UI console + +Complete the setup in web console at https://gitea.budakova.org \ No newline at end of file diff --git a/deploy.sh b/deploy.sh new file mode 100644 index 0000000..e451d43 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,5 @@ +# creating volumes which will be mounted as volume in container +mkdir -p config +mkdir -p data + +sudo chown 1000:1000 config/ data/ \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..8f65c7f --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,62 @@ +version: "3.9" + +networks: + traefik-network: + name: traefik-network + external: true + +services: + server: + image: docker.gitea.com/gitea:1.25.3-rootless + networks: + - traefik-network + restart: always + stop_grace_period: 1m # Allow Gitea time to shut down gracefully + healthcheck: + test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/healthz"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 200s + + volumes: + - ./data:/var/lib/gitea + - ./config:/etc/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + # HTTP handled by Traefik; expose is optional but clarifies intent + expose: + - "3000" + ports: + - "2222:2222" # SSH port + + environment: + # Ensure Gitea generates correct URLs (adjust if you terminate TLS at Traefik) + - GITEA__server__DOMAIN=gitea.rezije.app + - GITEA__server__ROOT_URL=https://gitea.rezije.app/ + - GITEA__server__PROTOCOL=http # Traefik handles TLS + - GITEA__server__SSH_PORT=2222 + # Enable Docker Registry support + - GITEA__packages__ENABLED=true + # Set public URL detection to auto so that server + # supports multiple hostnames (for registry and web console) + - GITEA__server__PUBLIC_URL_DETECTION=auto + + labels: + - traefik.enable=true + - traefik.docker.network=traefik-network + - traefik.http.services.gitea.loadbalancer.server.port=3000 + + # Web Console + - traefik.http.routers.gitea.entrypoints=https + - traefik.http.routers.gitea.rule=Host(`gitea.rezije.app`) + - traefik.http.routers.gitea.tls=true + - traefik.http.routers.gitea.tls.certresolver=letsencrypt + + # Registry (only /v2) + - traefik.http.routers.gitea-registry.entrypoints=https + - traefik.http.routers.gitea-registry.rule=Host(`registry.budakova.org`) && PathPrefix(`/v2`) + - traefik.http.routers.gitea-registry.tls=true + - traefik.http.routers.gitea-registry.tls.certresolver=letsencrypt + - traefik.http.routers.gitea-registry.service=gitea