first deploy

works locally, production test in progress

.gitignore

@@ -0,0 +1,2 @@
+.env
+gitea_data

app.example.ini

@@ -0,0 +1,112 @@
+APP_NAME = Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[repository]
+ROOT = /data/repositories
+
+[server]
+PROTOCOL         = http
+DOMAIN           = git.example.com
+ROOT_URL         = https://git.example.com/
+SSH_DOMAIN       = git.example.com
+HTTP_ADDR        = 0.0.0.0
+DISABLE_SSH      = false
+SSH_PORT         = 22
+OFFLINE_MODE     = false
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /data/lfs
+LFS_JWT_SECRET   =
+
+[database]
+DB_TYPE  = mysql
+HOST     = db:3306
+NAME     = gitea
+USER     = gitea
+PASSWD   =
+SSL_MODE = disable
+CHARSET  = utf8mb4
+LOG_SQL  = false
+
+[security]
+INSTALL_LOCK        = true
+SECRET_KEY          =
+LOGIN_REMEMBER_DAYS = 28
+INTERNAL_TOKEN      =
+MID_PASSWORD_LENGTH = 8
+PASSWORD_COMPLEXITY = lower,upper,digit
+PASSWORD_CHECK_PWN  = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+DISABLE_REGISTRATION              = false
+REQUIRE_SIGNIN_VIEW               = false
+ENABLE_NOTIFY_MAIL                = true
+ENABLE_BASIC_AUTHENTICATION       = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+DEFAULT_USER_IS_RESTRICTED        = true
+DEFAULT_ENABLE_TIMETRACKING       = false
+AUTO_WATCH_NEW_REPOS              = false
+DEFAULT_ORG_VISIBILITY            = private
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+NO_REPLY_ADDRESS                  = git.example.com
+
+[mailer]
+ENABLED = true
+HOST    = mail.example.com:465
+FROM    = "Gitea Bot" <no-reply@example.com>
+USER    = no-reply@example.com
+PASSWD  =
+
+[session]
+PROVIDER          = file
+COOKIE_SECURE     = true
+COOKIE_NAME       = gitea
+SESSION_LIFE_TIME = 2592000
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[attachment]
+ENABLE = true
+ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip|application/x-gzip|application/octet-stream|application/x-zip-compressed|multipart/x-zip
+MAX_SIZE = 40
+MAX_FILES = 5
+PATH = data/attachments
+
+[log]
+MODE      = console
+LEVEL     = info
+
+[cron.update_mirrors]
+SCHEDULE = @every 24h
+
+[api]
+ENABLE_SWAGGER = false
+
+[oauth2]
+ENABLE     = true
+JWT_SECRET =
+
+[i18n]
+LANGS = en-US
+NAMES = English
+
+[U2F]
+APP_ID   = https://git.example.com
+ROOT_URL = https://git.example.com
+
+[federation]
+ENABLED = false
+
+[other]
+SHOW_FOOTER_BRANDING           = false
+SHOW_FOOTER_VERSION            = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

docker-compose.yml

@@ -0,0 +1,59 @@
+version: "3"
+
+services:
+  app:
+    container_name: ${SERVICE_NAME}_gitea
+    depends_on:
+      - db
+    environment:
+      - USER_GID=${USER_GID}
+      - USER_UID=${USER_UID}
+    image: ${GITEA_VERSION}
+    labels:
+      - traefik.docker.network=traefik-proxy
+      - traefik.enable=true
+      ### Section HTTP
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
+      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=8080
+      # redirect to HTTPS only
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_HOST}`)
+      ### Section HTTPS
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
+      - traefik.https.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=3000
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_HOST}`)
+      # of course, enable TLS and it's certificate provider
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
+    networks:
+      - internal
+      - traefik-proxy
+    restart: unless-stopped
+    volumes:
+      - ./gitea_data:/data
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+    ports:
+      - 3000:3000
+  db:
+    container_name: ${SERVICE_NAME}_mysql
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_USER=${MYSQL_USER}
+    image: ${MYSQL_VERSION}
+    networks:
+      - internal
+    restart: unless-stopped
+    volumes:
+      - database:/var/lib/mysql
+
+networks:
+  internal:
+  traefik-proxy:
+    external: true
+
+volumes:
+  database:

env.example

@@ -0,0 +1,11 @@
+GITEA_VERSION=gitea/gitea:latest
+MYSQL_DATABASE=gitea
+MYSQL_PASSWORD=
+MYSQL_USER=gitea
+MYSQL_VERSION=mariadb:10.6.3
+SERVICE_NAME=git.bjphoster.com
+TRAEFIK_HOST=git.bjphoster.com
+TRAEFIK_ROUTER=git_bjphoster_com
+TRAEFIK_SERVICE=gitbjphostercom
+USER_GID=1000
+USER_UID=1000