d-gitea/docker-compose.yaml

version: "3.9"

networks:
  traefik-network:
    name: traefik-network
    external: true

services:
  server:
    image: docker.gitea.com/gitea:1.25.3-rootless
    networks:
      - traefik-network
    restart: always
    stop_grace_period: 1m # Allow Gitea time to shut down gracefully
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/healthz"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 200s

    volumes:
      - ./data:/var/lib/gitea
      - ./config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

    # HTTP handled by Traefik; expose is optional but clarifies intent
    expose:
      - "3000"
    ports:
      - "2222:2222" # SSH port

    environment:
      # Ensure Gitea generates correct URLs (adjust if you terminate TLS at Traefik)
      - GITEA__server__DOMAIN=gitea.rezije.app
      - GITEA__server__ROOT_URL=https://gitea.rezije.app/
      - GITEA__server__PROTOCOL=http # Traefik handles TLS
      - GITEA__server__SSH_PORT=2222
      # Enable Docker Registry support
      - GITEA__packages__ENABLED=true
      # Set public URL detection to auto so that server
      # supports multiple hostnames (for registry and web console)
      - GITEA__server__PUBLIC_URL_DETECTION=auto

    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-network
      - traefik.http.services.gitea.loadbalancer.server.port=3000

      # Web Console
      - traefik.http.routers.gitea.entrypoints=https
      - traefik.http.routers.gitea.rule=Host(`gitea.rezije.app`)
      - traefik.http.routers.gitea.tls=true
      - traefik.http.routers.gitea.tls.certresolver=letsencrypt
    
      # Registry (only /v2)
      - traefik.http.routers.gitea-registry.entrypoints=https
      - traefik.http.routers.gitea-registry.rule=Host(`registry.budakova.org`) && PathPrefix(`/v2`)
      - traefik.http.routers.gitea-registry.tls=true
      - traefik.http.routers.gitea-registry.tls.certresolver=letsencrypt
      - traefik.http.routers.gitea-registry.service=gitea