Added reverse proxy support.
This commit is contained in:
62
README.org
62
README.org
@@ -8,9 +8,11 @@ This role installs and configures a [[https://docs.gitea.com/][Gitea]] server.
|
||||
|
||||
It uses SQLite as its default database service - with optional PostgreSQL support.
|
||||
|
||||
Use the =ds-ufw= role to configure the firewall.
|
||||
The role can set up a reverse proxy with SSL.
|
||||
|
||||
Use the =ds-posgresql= to configure the database.
|
||||
- Use the =ds-ufw= role to configure the firewall.
|
||||
- Use the =ds-posgresql= role to configure the database.
|
||||
- Use the =ds-nginx= role to install the proxy server.
|
||||
|
||||
* Role Workflow
|
||||
|
||||
@@ -21,7 +23,8 @@ Use the =ds-posgresql= to configure the database.
|
||||
5. Wait for the secret creation and storage in SOPS - if secrets are not present
|
||||
6. Deploy the Gitea configuration
|
||||
7. Deploy the Gitea systemd service file (With Postgresql support if the backend is used)
|
||||
8. Enable and start the service
|
||||
8. Set up the reverse proxy with optional SSL
|
||||
9. Enable and start the service
|
||||
|
||||
* Defaults
|
||||
|
||||
@@ -30,6 +33,8 @@ gitea_user: git
|
||||
gitea_group: git
|
||||
gitea_http_port: 3000
|
||||
gitea_ssh_port: 22
|
||||
gitea_database_server: ''
|
||||
gitea_reverse_proxy: ''
|
||||
#+end_src
|
||||
|
||||
* Requirements
|
||||
@@ -40,26 +45,33 @@ gitea_ssh_port: 22
|
||||
- sudo
|
||||
- ca-certificates
|
||||
- (optional) PosgreSQL database
|
||||
- (optional) Nginx server
|
||||
|
||||
* Variables
|
||||
|
||||
| Variable | Type | Comment |
|
||||
|-----------------------+--------+----------------------------------------------|
|
||||
| gitea_user | string | Gitea user |
|
||||
| gitea_group | string | Gitea group |
|
||||
| gitea_binary_url | string | Download URL of Gitea |
|
||||
| gitea_checksum_url | string | Checksum URL of the binary |
|
||||
| gitea_app_name | string | Gitea server title |
|
||||
| gitea_ssh_domain | string | SSH domain |
|
||||
| gitea_domain | string | Domain to reach Gitea |
|
||||
| gitea_http_port | int | HTTP port |
|
||||
| gitea_ssh_port | int | SSH port |
|
||||
| gitea_root_url | string | Protocol + FQDN + port |
|
||||
| gitea_lfs_jwt_secret | string | LFS storage secret |
|
||||
| gitea_internal_token | string | Internal token |
|
||||
| gitea_jwt_secret | string | JWT secret |
|
||||
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
|
||||
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
|
||||
| Variable | Type | Comment |
|
||||
|----------------------------+---------+----------------------------------------------|
|
||||
| gitea_user | string | Gitea user |
|
||||
| gitea_group | string | Gitea group |
|
||||
| gitea_binary_url | string | Download URL of Gitea |
|
||||
| gitea_checksum_url | string | Checksum URL of the binary |
|
||||
| gitea_app_name | string | Gitea server title |
|
||||
| gitea_ssh_domain | string | SSH domain |
|
||||
| gitea_domain | string | Domain to reach Gitea |
|
||||
| gitea_http_port | int | HTTP port |
|
||||
| gitea_ssh_port | int | SSH port |
|
||||
| gitea_root_url | string | Protocol + FQDN + port |
|
||||
| gitea_lfs_jwt_secret | string | LFS storage secret |
|
||||
| gitea_internal_token | string | Internal token |
|
||||
| gitea_jwt_secret | string | JWT secret |
|
||||
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
|
||||
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
|
||||
| gitea_reverse_proxy | string | Reverse proxy to use or not set for no proxy |
|
||||
| gitea_enable_https | boolean | Configure HTTPS in the proxy |
|
||||
| gitea_ssl_cert | string | SSL certificate |
|
||||
| gitea_ssl_key | string | SSL key |
|
||||
| gitea_enable_http_redirect | boolean | Redirect HTTP to HTTPS |
|
||||
| gitea_self_signed | boolean | Generate a self-signed cert and key |
|
||||
|
||||
* Handlers
|
||||
|
||||
@@ -99,9 +111,17 @@ Then re-run the playbook to finish the installation.
|
||||
gitea_http_port: 3000
|
||||
gitea_root_url: http://gitea.tomsitcafe.com:3000
|
||||
|
||||
# Optional
|
||||
# Optional Postgresql database backend
|
||||
gitea_database_server: postgresql
|
||||
|
||||
# Optional Nginx reverse proxy configuration
|
||||
gitea_reverse_proxy: nginx
|
||||
gitea_enable_https: true
|
||||
gitea_self_signed: true
|
||||
gitea_ssl_cert: /var/lib/gitea/certs/cert.pem
|
||||
gitea_ssl_key: /var/lib/gitea/certs/key.pem
|
||||
gitea_enable_http_redirect: true
|
||||
|
||||
# In prod put these secrets in SOPS:
|
||||
gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
|
||||
gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
|
||||
|
||||
Reference in New Issue
Block a user