0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2024-11-24 18:09:26 -05:00

Add Caddy config to reverse proxy section (#605)

Added Caddy example configs, turned on syntax highlighting in nginx/apache

Closes: forgejo/website#232
Reviewed-on: https://codeberg.org/forgejo/docs/pulls/605
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
(cherry picked from commit b6b99c0b55)
This commit is contained in:
TheFox0x7 2024-05-14 23:07:03 +00:00 committed by github-actions[bot]
parent 61beb1afcc
commit 922d9a91a3
3 changed files with 44 additions and 14 deletions

View file

@ -532,7 +532,7 @@ jobs:
If you run this action with `forgejo-runner exec`, you should expect this job fail:
```shell-session
```shellsession
$ forgejo-runner exec
...
| curl: (7) Couldn't connect to server

View file

@ -4,6 +4,10 @@ license: 'Apache-2.0'
origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8e705d2a86030/docs/content/usage/authentication.en-us.md'
---
Forgejo serve itself without a reverse proxy with HTTP and HTTPS.
HTTP transport is used by default, to turn on HTTPS transport set in `SERVER` section of the configuration `PROTOCOL=https` and either set `CERT_FILE` and `KEY_FILE` or let Forgejo manage the certificates with `ENABLE_ACME=true`
You may wish to place your Forgejo instance behind a reverse proxy. A reverse proxy is a server that accepts requests from the outside and routes them to internal services, like Forgejo.
## nginx
@ -12,7 +16,7 @@ You may wish to place your Forgejo instance behind a reverse proxy. A reverse pr
To set up a basic HTTP reverse proxy in nginx, create a file `forgejo.conf` in `/etc/nginx/conf.d` and add the following configuration:
```conf
```nginx
server {
listen 80; # Listen on IPv4 port 80
listen [::]:80; # Listen on IPv6 port 80
@ -34,18 +38,18 @@ server {
}
```
Make sure to reload/restart nginx after chaning the configuration.
Make sure to reload/restart nginx after changing the configuration.
### HTTP with a subpath
If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration:
```conf
```nginx
server {
listen 80; # Listen on IPv4 port 80
listen [::]:80; # Listen on IPv6 port 80
server_name git.example.com; # Change this to the server domain name.
server_name example.com; # Change this to the server domain name.
location /forgejo/ { # Replace forgejo here with your subpath
rewrite ^ $request_uri;
@ -87,14 +91,14 @@ If you have obtained certificates from elsewhere or have chosen not to let certb
Change the lines
```conf
```nginx
listen 80;
listen [::]:80;
```
to
```conf
```nginx
listen 443 ssl http2;
listen [::]:443 ssl http2;
```
@ -107,7 +111,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve
Outside the server block, add this redirection block:
```conf
```nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
@ -126,7 +130,7 @@ This will redirect anyone visiting the HTTP site to the HTTPS site.
To set up a basic HTTP proxy in Apache, create a file `100-forgejo.conf` in `/etc/apache2/sites-available` and add the following configuration:
```xml
```apache
<VirtualHost *:80>
ServerName git.example.com
@ -143,9 +147,9 @@ Next, enable the site with `a2ensite 100-forgejo.conf` and enable the proxy modu
If you want to serve Forgejo on a subpath, e.g. on `http://example.com/forgejo`, use the following configuration:
```xml
```apache
<VirtualHost *:80>
ServerName git.example.com
ServerName example.com
ProxyPreserveHost On
ProxyRequests off
@ -184,7 +188,7 @@ Generate an SSL configuration at [mozilla](https://ssl-config.mozilla.org/#serve
Outside the `VirtualHost *:443`, add this configuration:
```conf
```apache
<VirtualHost *:80>
ServerName git.example.com
@ -196,6 +200,32 @@ Outside the `VirtualHost *:443`, add this configuration:
This will redirect anyone visiting the HTTP site to the HTTPS site.
## Caddy
### HTTPS
To set up basic HTTPS proxy in Caddy with Caddyfile create a file `forgejo` in `/etc/caddy/conf.d` and add the following configuration:
```Caddyfile
git.example.com {
reverse_proxy 127.0.0.1:3000
}
```
Caddy will automatically get certificates for the domain.
### HTTPS with a subpath
If you want to serve Forgejo on a subpath, e.g. on https://example.com/forgejo, use the following configuration:
```Caddyfile
example.com {
reverse_proxy /forgejo* 127.0.0.1:3000
}
```
Make sure to set the Forgejo ROOT_URL configuration key to the URL with the subpath, otherwise links generated by Forgejo will be broken.
## Proxy Authentication
Forgejo supports Reverse Proxy Header authentication, it will read headers as a trusted login user name or user email address. This hasn't been enabled by default, you can enable it with
@ -218,5 +248,5 @@ Notice: Reverse Proxy Auth doesn't support the API. You still need an access tok
## Docker / Container Registry
The container registry uses a fixed sub-path `/v2` which can't be changed.
Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client.
Even if you deploy Forgejo with a different sub-path, `/v2` will be used by the `docker` client.
Therefore you may need to add an additional route to your reverse proxy configuration.

View file

@ -83,7 +83,7 @@ When a new `vX.Y.Z` release is ready to enter the release candidate stages:
- Update end-to-end to [know about the new release](https://code.forgejo.org/forgejo/end-to-end/pulls/139). It must be done after the first `(X+1).0-test` release is available in experimental otherwise it will fail to find it and will block the automated release process in the forgejo-integration repository
- Documentation
- In [the documentation](https://codeberg.org/forgejo/docs)
- Create the `vX.Y` branche from next
- Create the `vX.Y` branch from next
- Create the `backport/vX.Y` label
- In [the website](https://codeberg.org/forgejo/website) add a submodule similar to [this commit](https://codeberg.org/forgejo/website/commit/3f1e62be22f96d048309157e8779cbfcf204eb90)