gitea-docker/README.md

# Gitea Docker Setup

This is a Docker Compose configuration for running Gitea with PostgreSQL, configured with HTTPS support.

## Prerequisites

- Docker Desktop for Windows
- Docker Compose
- A domain or DDNS service (configured to point to your server)
- Port forwarding configured on your router (if accessing from outside your network)

## Features

- Gitea with HTTPS support
- PostgreSQL database
- SSH access for Git operations
- Persistent data storage
- Self-signed SSL certificates (can be replaced with Let's Encrypt)
- Automated database backup system

## Configuration

The setup includes:
- Gitea web interface:
  - External access: https://bee8333.ddns.net/
  - Local network access: https://bee8333.ddns.net/ or https://localhost:3000
  - Local development: https://127.0.0.1:3000
- SSH access on port 222 (for git clone/push/pull)
- PostgreSQL database (internal access only)
- SSL certificates in `./gitea/ssl/`
- Persistent data storage for both Gitea and PostgreSQL

## Access Methods

### Web Interface

1. **External Access (Internet)**:
   - URL: https://bee8333.ddns.net/
   - Requires port 3000 forwarded on your router
   - Uses HTTPS with SSL certificate

2. **Local Network Access**:
   - Same URL: https://bee8333.ddns.net/
   - Or use: https://localhost:3000
   - Both use HTTPS with SSL certificate
   - No port forwarding needed

3. **Local Development**:
   - URL: https://127.0.0.1:3000
   - Direct access on the hosting machine
   - Uses HTTPS with SSL certificate

### Git Operations (SSH)

- External SSH URL: `ssh://git@bee8333.ddns.net:222/username/repository.git`
- Local SSH URL: `ssh://git@localhost:222/username/repository.git`
- Requires port 222 forwarded on your router for external access

## Getting Started

1. Make sure Docker Desktop is running
2. Clone this repository
3. Open a terminal in this directory
4. Generate SSL certificates (see [SSL Certificates](#ssl-certificates) section)
5. Run `docker-compose up -d`
6. Access Gitea using one of the URLs above
7. During first-time setup:
   - Database settings are pre-configured (no changes needed)
   - Domain is set to your domain name
   - SSH port is set to 222
   - HTTPS is enabled by default

## SSL Certificates

You'll need to generate SSL certificates before starting the service. The certificates should be placed in `./gitea/ssl/`:
- `cert.pem` - The SSL certificate
- `key.pem` - The private key

To generate self-signed certificates (for development/testing):

```bash
# Create the ssl directory
mkdir -p gitea/ssl

# Generate certificates using OpenSSL
docker run --rm -v ${PWD}/gitea/ssl:/ssl alpine/openssl req -x509 -nodes \
  -days 365 -newkey rsa:2048 \
  -keyout /ssl/key.pem -out /ssl/cert.pem \
  -subj "/CN=your.domain.here"
```

Replace `your.domain.here` with your actual domain name.

**Security Notes:**
- Never commit SSL certificates to version control
- Keep your private key (key.pem) secure
- For production use, consider using Let's Encrypt certificates
- Self-signed certificates will show browser security warnings

## Backup System

This setup includes a comprehensive backup strategy to ensure your Gitea data is always protected. The backup system provides two complementary methods:

### Database Backups

PowerShell scripts are included to manage database backups:

1. **Creating Backups**:
   ```powershell
   powershell -ExecutionPolicy Bypass -File .\backup-gitea-db.ps1
   ```
   This creates a SQL dump of your PostgreSQL database, compressed as a ZIP file in the `backups` directory.

2. **Volume Backups**:
   ```powershell
   powershell -ExecutionPolicy Bypass -File .\backup-volume.ps1
   ```
   This backs up the entire PostgreSQL data volume as a TAR archive, compressed as a ZIP file.

3. **Automated Backups**:
   ```powershell
   powershell -ExecutionPolicy Bypass -File .\schedule-backup.ps1
   ```
   This creates a Windows Scheduled Task that runs database backups daily at 3 AM.

4. **Restoring from Backups**:
   ```powershell
   # Restore from database dump
   powershell -ExecutionPolicy Bypass -File .\restore-gitea-db.ps1 -BackupFile "backups\your-backup-file.sql.zip"
   
   # Restore from volume backup
   powershell -ExecutionPolicy Bypass -File .\restore-volume.ps1 -BackupFile "backups\your-volume-backup.tar.zip"
   ```

### Backup Best Practices

- Keep multiple backups using both methods (database dumps and volume backups)
- Store backups in multiple locations (local and off-site)
- Test restoring from backups periodically
- Create a backup before upgrading Gitea or making significant changes
- **Never** run `docker-compose down -v` unless you have a recent backup

For more detailed information about the backup system, see [BACKUP-README.md](BACKUP-README.md).

## Stopping the Services

To stop the services, run:
```bash
docker-compose down
```

**Important**: Do not use the `-v` flag (`docker-compose down -v`) unless you intend to delete all data, as this will remove the Docker volumes containing your database.

## Data Persistence

All data is stored in Docker volumes and local directories:
- `./gitea/` - Gitea configuration and data
  - `./gitea/ssl/` - SSL certificates
  - `./gitea/conf/` - Gitea configuration
- Docker volumes (managed by Docker):
  - `gitea-data` - Gitea repositories and application data
  - `postgres-data` - PostgreSQL database files
- `./backups/` - Database and volume backups

## Troubleshooting

1. **Cannot access externally**: 
   - Verify port 3000 (HTTP) and 222 (SSH) are forwarded on your router
   - Check your DDNS service is updating correctly
   - Ensure your domain points to your correct IP

2. **SSL Certificate Warnings**:
   - This is normal with self-signed certificates
   - For production, consider using Let's Encrypt certificates

3. **Local Network Access**:
   - If bee8333.ddns.net doesn't resolve locally, use localhost:3000 instead
   - Add an entry to your hosts file if needed 

4. **Database Backup Issues**:
   - Ensure Docker is running when attempting backups
   - Check that the container names match those in the backup scripts
   - For PowerShell execution issues, use the `-ExecutionPolicy Bypass` flag