mirror of
https://codeberg.org/forgejo/docs.git
synced 2024-11-24 18:09:26 -05:00
Add Caddy config to reverse proxy section (#605)
Added Caddy example configs, turned on syntax highlighting in nginx/apache
Closes: forgejo/website#232
Reviewed-on: https://codeberg.org/forgejo/docs/pulls/605
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
(cherry picked from commit b6b99c0b55
)
This commit is contained in:
parent
61beb1afcc
commit
922d9a91a3
3 changed files with 44 additions and 14 deletions
|
@ -532,7 +532,7 @@ jobs:
|
|||
|
||||
If you run this action with `forgejo-runner exec`, you should expect this job fail:
|
||||
|
||||
```shell-session
|
||||
```shellsession
|
||||
$ forgejo-runner exec
|
||||
...
|
||||
| curl: (7) Couldn't connect to server
|
||||
|
|
|
@ -4,6 +4,10 @@ license: 'Apache-2.0'
|
|||
origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8e705d2a86030/docs/content/usage/authentication.en-us.md'
|
||||
---
|
||||
|
||||
Forgejo serve itself without a reverse proxy with HTTP and HTTPS.
|
||||
|
||||
HTTP transport is used by default, to turn on HTTPS transport set in `SERVER` section of the configuration `PROTOCOL=https` and either set `CERT_FILE` and `KEY_FILE` or let Forgejo manage the certificates with `ENABLE_ACME=true`
|
||||
|
||||
You may wish to place your Forgejo instance behind a reverse proxy. A reverse proxy is a server that accepts requests from the outside and routes them to internal services, like Forgejo.
|
||||
|
||||
## nginx
|
||||
|
@ -12,7 +16,7 @@ You may wish to place your Forgejo instance behind a reverse proxy. A reverse pr
|
|||
|
||||
To set up a basic HTTP reverse proxy in nginx, create a file `forgejo.conf` in `/etc/nginx/conf.d` and add the following configuration:
|
||||
|
||||
```conf
|
||||
```nginx
|
||||
server {
|
||||
listen 80; # Listen on IPv4 port 80
|
||||
listen [::]:80; # Listen on IPv6 port 80
|
||||
|
@ -34,18 +38,18 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
Make sure to reload/restart nginx after chaning the configuration.
|
||||
Make sure to reload/restart nginx after changing the configuration.
|
||||
|
||||
### HTTP with a subpath
|
||||
|
||||
If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration:
|
||||
|
||||
```conf
|
||||
```nginx
|
||||
server {
|
||||
listen 80; # Listen on IPv4 port 80
|
||||
listen [::]:80; # Listen on IPv6 port 80
|
||||
|
||||
server_name git.example.com; # Change this to the server domain name.
|
||||
server_name example.com; # Change this to the server domain name.
|
||||
|
||||
location /forgejo/ { # Replace forgejo here with your subpath
|
||||
rewrite ^ $request_uri;
|
||||
|
@ -87,14 +91,14 @@ If you have obtained certificates from elsewhere or have chosen not to let certb
|
|||
|
||||
Change the lines
|
||||
|
||||
```conf
|
||||
```nginx
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
```
|
||||
|
||||
to
|
||||
|
||||
```conf
|
||||
```nginx
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
```
|
||||
|
@ -107,7 +111,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve
|
|||
|
||||
Outside the server block, add this redirection block:
|
||||
|
||||
```conf
|
||||
```nginx
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
@ -126,7 +130,7 @@ This will redirect anyone visiting the HTTP site to the HTTPS site.
|
|||
|
||||
To set up a basic HTTP proxy in Apache, create a file `100-forgejo.conf` in `/etc/apache2/sites-available` and add the following configuration:
|
||||
|
||||
```xml
|
||||
```apache
|
||||
<VirtualHost *:80>
|
||||
ServerName git.example.com
|
||||
|
||||
|
@ -143,9 +147,9 @@ Next, enable the site with `a2ensite 100-forgejo.conf` and enable the proxy modu
|
|||
|
||||
If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration:
|
||||
|
||||
```xml
|
||||
```apache
|
||||
<VirtualHost *:80>
|
||||
ServerName git.example.com
|
||||
ServerName example.com
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests off
|
||||
|
@ -184,7 +188,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve
|
|||
|
||||
Outside the `VirtualHost *:443`, add this configuration:
|
||||
|
||||
```conf
|
||||
```apache
|
||||
<VirtualHost *:80>
|
||||
ServerName git.example.com
|
||||
|
||||
|
@ -196,6 +200,32 @@ Outside the `VirtualHost *:443`, add this configuration:
|
|||
|
||||
This will redirect anyone visiting the HTTP site to the HTTPS site.
|
||||
|
||||
## Caddy
|
||||
|
||||
### HTTPS
|
||||
|
||||
To set up basic HTTPS proxy in Caddy with Caddyfile create a file `forgejo` in `/etc/caddy/conf.d` and add the following configuration:
|
||||
|
||||
```Caddyfile
|
||||
git.example.com {
|
||||
reverse_proxy 127.0.0.1:3000
|
||||
}
|
||||
```
|
||||
|
||||
Caddy will automatically get certificates for the domain.
|
||||
|
||||
### HTTPS with a subpath
|
||||
|
||||
If you want to serve Forgejo on a subpath, e.g. on https://example.com/forgejo, use the following configuration:
|
||||
|
||||
```Caddyfile
|
||||
example.com {
|
||||
reverse_proxy /forgejo* 127.0.0.1:3000
|
||||
}
|
||||
```
|
||||
|
||||
Make sure to set the Forgejo ROOT_URL configuration key to the URL with the subpath, otherwise links generated by Forgejo will be broken.
|
||||
|
||||
## Proxy Authentication
|
||||
|
||||
Forgejo supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with
|
||||
|
@ -218,5 +248,5 @@ Notice: Reverse Proxy Auth doesn't support the API. You still need an access tok
|
|||
## Docker / Container Registry
|
||||
|
||||
The container registry uses a fixed sub-path `/v2` which can't be changed.
|
||||
Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client.
|
||||
Even if you deploy Forgejo with a different sub-path, `/v2` will be used by the `docker` client.
|
||||
Therefore you may need to add an additional route to your reverse proxy configuration.
|
||||
|
|
|
@ -83,7 +83,7 @@ When a new `vX.Y.Z` release is ready to enter the release candidate stages:
|
|||
- Update end-to-end to [know about the new release](https://code.forgejo.org/forgejo/end-to-end/pulls/139). It must be done after the first `(X+1).0-test` release is available in experimental otherwise it will fail to find it and will block the automated release process in the forgejo-integration repository
|
||||
- Documentation
|
||||
- In [the documentation](https://codeberg.org/forgejo/docs)
|
||||
- Create the `vX.Y` branche from next
|
||||
- Create the `vX.Y` branch from next
|
||||
- Create the `backport/vX.Y` label
|
||||
- In [the website](https://codeberg.org/forgejo/website) add a submodule similar to [this commit](https://codeberg.org/forgejo/website/commit/3f1e62be22f96d048309157e8779cbfcf204eb90)
|
||||
|
||||
|
|
Loading…
Reference in a new issue