feat: using self signed certs

Taskfile.yml

@@ -22,7 +22,6 @@ tasks:
      - task: build
      - task: deploy
 
-
   enter:
     cmd: aws ssm start-session --target $INSTANCE_ID
     env:
@@ -30,3 +29,10 @@ tasks:
       AWS_REGION: { sh: jq -r .aws_region < secrets/gitea.json }
       AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < secrets/gitea.json }
       AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < secrets/gitea.json }
+  
+  prune:
+    - docker system prune -af
+    - docker image prune -af
+    - docker system prune -af --volumes
+    - docker volume prune -af
+    - docker system df

compose.dev.yml

@@ -15,6 +15,7 @@ services:
     ports:
       - 80:80
       - 443:443
+      - 3000:3000
       - 2222:2222
     labels:
       - docker-volume-backup.stop-during-backup=true

gitea/Dockerfile

@@ -3,3 +3,7 @@ FROM gitea/gitea:latest-rootless
 ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
 ENV GITEA_CUSTOM /etc/gitea-custom
+
+WORKDIR /etc/gitea-custom
+
+RUN gitea cert --host localhost --ca

gitea/Dockerfile.dev

@@ -6,3 +6,7 @@ ENV GITEA_CUSTOM /etc/gitea-custom
 
 RUN rm /etc/gitea/app.ini
 RUN mv /etc/gitea/dev.app.ini /etc/gitea/app.ini
+
+WORKDIR /etc/gitea-custom
+
+RUN gitea cert --host code.maximhutz.com --ca

gitea/config/app.ini

@@ -23,23 +23,32 @@ OFFLINE_MODE = true
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 22
-SSH_LISTEN_PORT = 2222
-SSH_DOMAIN = maximhutz.com
+SSH_LISTEN_PORT = 22
+SSH_DOMAIN = code.maximhutz.com
 BUILTIN_SSH_SERVER_USER = git
 
-# PROTOCOL=https
-# ENABLE_ACME=true
-# ACME_ACCEPTTOS=true
-# ACME_DIRECTORY=https
-# ACME_EMAIL=proxy@maximhutz.com
+; --- Signed SSL ---
+; PROTOCOL=https
+; ENABLE_ACME=true
+; ACME_ACCEPTTOS=true
+; ACME_DIRECTORY=https
+; ACME_EMAIL=proxy@maximhutz.com
+; DOMAIN = code.maximhutz.com
+; ROOT_URL = https://code.maximhutz.com/
+; HTTP_PORT = 443
 
-# DOMAIN = code.maximhutz.com
-# ROOT_URL = https://code.maximhutz.com/
-# HTTP_PORT = 443
+; --- No SSL ---
+; DOMAIN = code.maximhutz.com
+; ROOT_URL = http://code.maximhutz.com/
+; HTTP_PORT = 80
 
+; --- Self-Signed SSL ---
+PROTOCOL  = https
+ROOT_URL  = https://code.maximhutz.com/
 DOMAIN = code.maximhutz.com
-ROOT_URL = http://code.maximhutz.com/
-HTTP_PORT = 80
+HTTP_PORT = 443
+CERT_FILE = cert.pem
+KEY_FILE  = key.pem
 
 [database]
 DB_TYPE = sqlite3

gitea/config/dev.app.ini

@@ -17,18 +17,29 @@ TEMP_PATH = /tmp/gitea/uploads
 
 [server]
 APP_DATA_PATH = /var/lib/gitea
+LFS_START_SERVER = true
+OFFLINE_MODE = true
+LFS_JWT_SECRET = x-----------------------------------------x
+
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 2222
 SSH_LISTEN_PORT = 2222
-BUILTIN_SSH_SERVER_USER = git
-LFS_START_SERVER = true
-OFFLINE_MODE = true
 SSH_DOMAIN = localhost
+BUILTIN_SSH_SERVER_USER = git
+
+; --- No SSL ---
+; DOMAIN = localhost
+; ROOT_URL = http://localhost:80/
+; HTTP_PORT = 80
+
+; --- Self-Signed Certificate ---
+PROTOCOL  = https
+ROOT_URL  = https://localhost:443/
 DOMAIN = localhost
-ROOT_URL = http://localhost:80/
-HTTP_PORT = 80
-LFS_JWT_SECRET = x-----------------------------------------x
+HTTP_PORT = 443
+CERT_FILE = cert.pem
+KEY_FILE  = key.pem
 
 [database]
 DB_TYPE = sqlite3

playbooks/deploy.yml

@@ -44,7 +44,7 @@
         restart_policy: unless-stopped
         memory: 425m
         memory_swap: 900m
-        ports: [80:80, 2222:2222, 443:443]
+        ports: [80:80, 2222:2222, 443:443, "22:22"]
         env:
           GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
           GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"