forgejo git
From KlavoWiki
Jump to navigationJump to search
docker
mygit:
image: codeberg.org/forgejo/forgejo:14
container_name: forgejo
restart: always
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- forgejo
volumes:
- ./git/data:/data
- /etc/localtime:/etc/localtime:ro
ports:
- "3003:3000"
- "2222:22"
nginx
server {
listen 192.168.1.1:80;
listen [fe80::4c9a:23d2:1f45:6a12]:80;
server_name git.klaverstyn.com.au;
return 301 https://git.klaverstyn.com.au$request_uri;
access_log /var/log/nginx/access_git.log;
error_log /var/log/nginx/error_git.log;
}
server {
listen 192.168.1.1:443 ssl;
listen [fe80::4c9a:23d2:1f45:6a12]:443 ssl;
http2 on;
server_name git.klaverstyn.com.au;
access_log /var/log/nginx/access_git.log;
error_log /var/log/nginx/error_git.log;
ssl_certificate /etc/letsencrypt/live/git.klaverstyn.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.klaverstyn.com.au/privkey.pem;
include snippets/stub-status.conf;
# Forgejo/Gitea specific security headers (simplified CSP to prevent breaking the UI)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Git requires more than just GET/POST (e.g., PUT, PATCH, DELETE for API and Web UI)
# I have removed your method restriction to ensure full Git functionality.
location / {
proxy_pass http://localhost:3003;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Support for large file uploads (important for Git pushes)
client_max_body_size 512M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
