feat: using self signed certs

2025-02-10 15:12:51 -05:00
parent 7ae2cd6588
commit 0c5a7ef7f3
8 changed files with 55 additions and 20 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -22,7 +22,6 @@ tasks:
     - task: build
     - task: deploy
  enter:
    cmd: aws ssm start-session --target $INSTANCE_ID
    env:
@@ -30,3 +29,10 @@ tasks:
      AWS_REGION: { sh: jq -r .aws_region < secrets/gitea.json }
      AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < secrets/gitea.json }
      AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < secrets/gitea.json }
  prune:
    - docker system prune -af
    - docker image prune -af
    - docker system prune -af --volumes
    - docker volume prune -af
    - docker system df
--- a/compose.dev.yml
+++ b/compose.dev.yml
@@ -15,6 +15,7 @@ services:
    ports:
      - 80:80
      - 443:443
      - 3000:3000
      - 2222:2222
    labels:
      - docker-volume-backup.stop-during-backup=true
--- a/gitea/Dockerfile
+++ b/gitea/Dockerfile
@@ -3,3 +3,7 @@ FROM gitea/gitea:latest-rootless
 ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
 ENV GITEA_CUSTOM /etc/gitea-custom
 WORKDIR /etc/gitea-custom
 RUN gitea cert --host localhost --ca
--- a/gitea/Dockerfile.dev
+++ b/gitea/Dockerfile.dev
@@ -6,3 +6,7 @@ ENV GITEA_CUSTOM /etc/gitea-custom
 RUN rm /etc/gitea/app.ini
 RUN mv /etc/gitea/dev.app.ini /etc/gitea/app.ini
 WORKDIR /etc/gitea-custom
 RUN gitea cert --host code.maximhutz.com --ca
--- a/gitea/config/app.ini
+++ b/gitea/config/app.ini
@@ -23,23 +23,32 @@ OFFLINE_MODE = true
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 22
-SSH_LISTEN_PORT = 2222
+SSH_LISTEN_PORT = 22
-SSH_DOMAIN = maximhutz.com
+SSH_DOMAIN = code.maximhutz.com
 BUILTIN_SSH_SERVER_USER = git
-# PROTOCOL=https
+; --- Signed SSL ---
-# ENABLE_ACME=true
+; PROTOCOL=https
-# ACME_ACCEPTTOS=true
+; ENABLE_ACME=true
-# ACME_DIRECTORY=https
+; ACME_ACCEPTTOS=true
-# ACME_EMAIL=proxy@maximhutz.com
+; ACME_DIRECTORY=https
 ; ACME_EMAIL=proxy@maximhutz.com
 ; DOMAIN = code.maximhutz.com
 ; ROOT_URL = https://code.maximhutz.com/
 ; HTTP_PORT = 443
-# DOMAIN = code.maximhutz.com
+; --- No SSL ---
-# ROOT_URL = https://code.maximhutz.com/
+; DOMAIN = code.maximhutz.com
-# HTTP_PORT = 443
+; ROOT_URL = http://code.maximhutz.com/
 ; HTTP_PORT = 80
 ; --- Self-Signed SSL ---
 PROTOCOL  = https
 ROOT_URL  = https://code.maximhutz.com/
 DOMAIN = code.maximhutz.com
-ROOT_URL = http://code.maximhutz.com/
+HTTP_PORT = 443
-HTTP_PORT = 80
+CERT_FILE = cert.pem
 KEY_FILE  = key.pem
 [database]
 DB_TYPE = sqlite3
--- a/gitea/config/dev.app.ini
+++ b/gitea/config/dev.app.ini
@@ -17,18 +17,29 @@ TEMP_PATH = /tmp/gitea/uploads
 [server]
 APP_DATA_PATH = /var/lib/gitea
 LFS_START_SERVER = true
 OFFLINE_MODE = true
 LFS_JWT_SECRET = x-----------------------------------------x
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 2222
 SSH_LISTEN_PORT = 2222
 BUILTIN_SSH_SERVER_USER = git
 LFS_START_SERVER = true
 OFFLINE_MODE = true
 SSH_DOMAIN = localhost
 BUILTIN_SSH_SERVER_USER = git
 ; --- No SSL ---
 ; DOMAIN = localhost
 ; ROOT_URL = http://localhost:80/
 ; HTTP_PORT = 80
 ; --- Self-Signed Certificate ---
 PROTOCOL  = https
 ROOT_URL  = https://localhost:443/
 DOMAIN = localhost
-ROOT_URL = http://localhost:80/
+HTTP_PORT = 443
-HTTP_PORT = 80
+CERT_FILE = cert.pem
-LFS_JWT_SECRET = x-----------------------------------------x
+KEY_FILE  = key.pem
 [database]
 DB_TYPE = sqlite3
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -44,7 +44,7 @@
        restart_policy: unless-stopped
        memory: 425m
        memory_swap: 900m
-        ports: [80:80, 2222:2222, 443:443]
+        ports: [80:80, 2222:2222, 443:443, "22:22"]
        env:
          GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
          GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"