# Gitea Docker Setup This is a Docker Compose configuration for running Gitea with PostgreSQL, configured with HTTPS support. ## Prerequisites - Docker Desktop for Windows - Docker Compose - A domain or DDNS service (configured to point to your server) - Port forwarding configured on your router (if accessing from outside your network) ## Features - Gitea with HTTPS support - PostgreSQL database - SSH access for Git operations - Persistent data storage - Self-signed SSL certificates (can be replaced with Let's Encrypt) - Automated database backup system ## Configuration The setup includes: - Gitea web interface: - External access: https://bee8333.ddns.net/ - Local network access: https://bee8333.ddns.net/ or https://localhost:3000 - Local development: https://127.0.0.1:3000 - SSH access on port 222 (for git clone/push/pull) - PostgreSQL database (internal access only) - SSL certificates in `./gitea/ssl/` - Persistent data storage for both Gitea and PostgreSQL ## Access Methods ### Web Interface 1. **External Access (Internet)**: - URL: https://bee8333.ddns.net/ - Requires port 3000 forwarded on your router - Uses HTTPS with SSL certificate 2. **Local Network Access**: - Same URL: https://bee8333.ddns.net/ - Or use: https://localhost:3000 - Both use HTTPS with SSL certificate - No port forwarding needed 3. **Local Development**: - URL: https://127.0.0.1:3000 - Direct access on the hosting machine - Uses HTTPS with SSL certificate ### Git Operations (SSH) - External SSH URL: `ssh://git@bee8333.ddns.net:222/username/repository.git` - Local SSH URL: `ssh://git@localhost:222/username/repository.git` - Requires port 222 forwarded on your router for external access ## Getting Started 1. Make sure Docker Desktop is running 2. Clone this repository 3. Open a terminal in this directory 4. Generate SSL certificates (see [SSL Certificates](#ssl-certificates) section) 5. Run `docker-compose up -d` 6. Access Gitea using one of the URLs above 7. During first-time setup: - Database settings are pre-configured (no changes needed) - Domain is set to your domain name - SSH port is set to 222 - HTTPS is enabled by default ## SSL Certificates You'll need to generate SSL certificates before starting the service. The certificates should be placed in `./gitea/ssl/`: - `cert.pem` - The SSL certificate - `key.pem` - The private key To generate self-signed certificates (for development/testing): ```bash # Create the ssl directory mkdir -p gitea/ssl # Generate certificates using OpenSSL docker run --rm -v ${PWD}/gitea/ssl:/ssl alpine/openssl req -x509 -nodes \ -days 365 -newkey rsa:2048 \ -keyout /ssl/key.pem -out /ssl/cert.pem \ -subj "/CN=your.domain.here" ``` Replace `your.domain.here` with your actual domain name. **Security Notes:** - Never commit SSL certificates to version control - Keep your private key (key.pem) secure - For production use, consider using Let's Encrypt certificates - Self-signed certificates will show browser security warnings ## Backup System This setup includes a comprehensive backup strategy to ensure your Gitea data is always protected. The backup system provides two complementary methods: ### Database Backups PowerShell scripts are included to manage database backups: 1. **Creating Backups**: ```powershell powershell -ExecutionPolicy Bypass -File .\backup-gitea-db.ps1 ``` This creates a SQL dump of your PostgreSQL database, compressed as a ZIP file in the `backups` directory. 2. **Volume Backups**: ```powershell powershell -ExecutionPolicy Bypass -File .\backup-volume.ps1 ``` This backs up the entire PostgreSQL data volume as a TAR archive, compressed as a ZIP file. 3. **Automated Backups**: ```powershell powershell -ExecutionPolicy Bypass -File .\schedule-backup.ps1 ``` This creates a Windows Scheduled Task that runs database backups daily at 3 AM. 4. **Restoring from Backups**: ```powershell # Restore from database dump powershell -ExecutionPolicy Bypass -File .\restore-gitea-db.ps1 -BackupFile "backups\your-backup-file.sql.zip" # Restore from volume backup powershell -ExecutionPolicy Bypass -File .\restore-volume.ps1 -BackupFile "backups\your-volume-backup.tar.zip" ``` ### Backup Best Practices - Keep multiple backups using both methods (database dumps and volume backups) - Store backups in multiple locations (local and off-site) - Test restoring from backups periodically - Create a backup before upgrading Gitea or making significant changes - **Never** run `docker-compose down -v` unless you have a recent backup For more detailed information about the backup system, see [BACKUP-README.md](BACKUP-README.md). ## Stopping the Services To stop the services, run: ```bash docker-compose down ``` **Important**: Do not use the `-v` flag (`docker-compose down -v`) unless you intend to delete all data, as this will remove the Docker volumes containing your database. ## Data Persistence All data is stored in Docker volumes and local directories: - `./gitea/` - Gitea configuration and data - `./gitea/ssl/` - SSL certificates - `./gitea/conf/` - Gitea configuration - Docker volumes (managed by Docker): - `gitea-data` - Gitea repositories and application data - `postgres-data` - PostgreSQL database files - `./backups/` - Database and volume backups ## Troubleshooting 1. **Cannot access externally**: - Verify port 3000 (HTTP) and 222 (SSH) are forwarded on your router - Check your DDNS service is updating correctly - Ensure your domain points to your correct IP 2. **SSL Certificate Warnings**: - This is normal with self-signed certificates - For production, consider using Let's Encrypt certificates 3. **Local Network Access**: - If bee8333.ddns.net doesn't resolve locally, use localhost:3000 instead - Add an entry to your hosts file if needed 4. **Database Backup Issues**: - Ensure Docker is running when attempting backups - Check that the container names match those in the backup scripts - For PowerShell execution issues, use the `-ExecutionPolicy Bypass` flag