From 922d9a91a3a99dd7d867334bce672cb403f2326f Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Tue, 14 May 2024 23:07:03 +0000 Subject: [PATCH] Add Caddy config to reverse proxy section (#605) Added Caddy example configs, turned on syntax highlighting in nginx/apache Closes: forgejo/website#232 Reviewed-on: https://codeberg.org/forgejo/docs/pulls/605 Reviewed-by: Earl Warren Co-authored-by: TheFox0x7 Co-committed-by: TheFox0x7 (cherry picked from commit b6b99c0b55d74a1e3f3557debfb2f32936fe350f) --- docs/admin/actions.md | 2 +- docs/admin/reverse-proxy.md | 54 ++++++++++++++++++++++++++++--------- docs/developer/RELEASE.md | 2 +- 3 files changed, 44 insertions(+), 14 deletions(-) diff --git a/docs/admin/actions.md b/docs/admin/actions.md index 4eaebe68..64be93ac 100644 --- a/docs/admin/actions.md +++ b/docs/admin/actions.md @@ -532,7 +532,7 @@ jobs: If you run this action with `forgejo-runner exec`, you should expect this job fail: -```shell-session +```shellsession $ forgejo-runner exec ... | curl: (7) Couldn't connect to server diff --git a/docs/admin/reverse-proxy.md b/docs/admin/reverse-proxy.md index 5119be56..90238db1 100644 --- a/docs/admin/reverse-proxy.md +++ b/docs/admin/reverse-proxy.md @@ -4,6 +4,10 @@ license: 'Apache-2.0' origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8e705d2a86030/docs/content/usage/authentication.en-us.md' --- +Forgejo serve itself without a reverse proxy with HTTP and HTTPS. + +HTTP transport is used by default, to turn on HTTPS transport set in `SERVER` section of the configuration `PROTOCOL=https` and either set `CERT_FILE` and `KEY_FILE` or let Forgejo manage the certificates with `ENABLE_ACME=true` + You may wish to place your Forgejo instance behind a reverse proxy. A reverse proxy is a server that accepts requests from the outside and routes them to internal services, like Forgejo. ## nginx @@ -12,7 +16,7 @@ You may wish to place your Forgejo instance behind a reverse proxy. A reverse pr To set up a basic HTTP reverse proxy in nginx, create a file `forgejo.conf` in `/etc/nginx/conf.d` and add the following configuration: -```conf +```nginx server { listen 80; # Listen on IPv4 port 80 listen [::]:80; # Listen on IPv6 port 80 @@ -34,18 +38,18 @@ server { } ``` -Make sure to reload/restart nginx after chaning the configuration. +Make sure to reload/restart nginx after changing the configuration. ### HTTP with a subpath If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration: -```conf +```nginx server { listen 80; # Listen on IPv4 port 80 listen [::]:80; # Listen on IPv6 port 80 - server_name git.example.com; # Change this to the server domain name. + server_name example.com; # Change this to the server domain name. location /forgejo/ { # Replace forgejo here with your subpath rewrite ^ $request_uri; @@ -87,14 +91,14 @@ If you have obtained certificates from elsewhere or have chosen not to let certb Change the lines -```conf +```nginx listen 80; listen [::]:80; ``` to -```conf +```nginx listen 443 ssl http2; listen [::]:443 ssl http2; ``` @@ -107,7 +111,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve Outside the server block, add this redirection block: -```conf +```nginx server { listen 80 default_server; listen [::]:80 default_server; @@ -126,7 +130,7 @@ This will redirect anyone visiting the HTTP site to the HTTPS site. To set up a basic HTTP proxy in Apache, create a file `100-forgejo.conf` in `/etc/apache2/sites-available` and add the following configuration: -```xml +```apache ServerName git.example.com @@ -143,9 +147,9 @@ Next, enable the site with `a2ensite 100-forgejo.conf` and enable the proxy modu If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration: -```xml +```apache - ServerName git.example.com + ServerName example.com ProxyPreserveHost On ProxyRequests off @@ -184,7 +188,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve Outside the `VirtualHost *:443`, add this configuration: -```conf +```apache ServerName git.example.com @@ -196,6 +200,32 @@ Outside the `VirtualHost *:443`, add this configuration: This will redirect anyone visiting the HTTP site to the HTTPS site. +## Caddy + +### HTTPS + +To set up basic HTTPS proxy in Caddy with Caddyfile create a file `forgejo` in `/etc/caddy/conf.d` and add the following configuration: + +```Caddyfile +git.example.com { + reverse_proxy 127.0.0.1:3000 +} +``` + +Caddy will automatically get certificates for the domain. + +### HTTPS with a subpath + +If you want to serve Forgejo on a subpath, e.g. on https://example.com/forgejo, use the following configuration: + +```Caddyfile +example.com { + reverse_proxy /forgejo* 127.0.0.1:3000 +} +``` + +Make sure to set the Forgejo ROOT_URL configuration key to the URL with the subpath, otherwise links generated by Forgejo will be broken. + ## Proxy Authentication Forgejo supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with @@ -218,5 +248,5 @@ Notice: Reverse Proxy Auth doesn't support the API. You still need an access tok ## Docker / Container Registry The container registry uses a fixed sub-path `/v2` which can't be changed. -Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client. +Even if you deploy Forgejo with a different sub-path, `/v2` will be used by the `docker` client. Therefore you may need to add an additional route to your reverse proxy configuration. diff --git a/docs/developer/RELEASE.md b/docs/developer/RELEASE.md index 972ca50f..fc41229f 100644 --- a/docs/developer/RELEASE.md +++ b/docs/developer/RELEASE.md @@ -83,7 +83,7 @@ When a new `vX.Y.Z` release is ready to enter the release candidate stages: - Update end-to-end to [know about the new release](https://code.forgejo.org/forgejo/end-to-end/pulls/139). It must be done after the first `(X+1).0-test` release is available in experimental otherwise it will fail to find it and will block the automated release process in the forgejo-integration repository - Documentation - In [the documentation](https://codeberg.org/forgejo/docs) - - Create the `vX.Y` branche from next + - Create the `vX.Y` branch from next - Create the `backport/vX.Y` label - In [the website](https://codeberg.org/forgejo/website) add a submodule similar to [this commit](https://codeberg.org/forgejo/website/commit/3f1e62be22f96d048309157e8779cbfcf204eb90)