mirrors
/
gitea
espelhamento de https://github.com/go-gitea/gitea.git
Observar 1
Favorito 0
Fork 0
Código Issues 0 Versões 210 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
13586 Commits
17 Branches
Tag: ae52df6a64
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de ae52df6a64
${ noResults }
gitea/docs/content/doc/usage/https-support.md

https-support.md 4.9KB
Original Visão normal Histórico

Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Reformat docs (#13897) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Reformat docs (#13897) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 anos atrás
Fix headline (#6353)
5 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Copyedit docs (#6275)
5 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Doc recommend to use reverse proxy if Apache/nginx is also running on… (#8384) * Doc recommend to use reverse proxy if Apache/nginx is also running on server * Update docs/content/doc/usage/https-support.md Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
4 anos atrás
Copyedit docs (#6275)
5 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Cleanup https support code snippet (#8370)
4 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Cleanup https support code snippet (#8370)
4 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Reformat docs (#13897) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 anos atrás
Clarification on the use of certificate chains (#12986) * Clarification on the use of certificate chains * As per @bagasme Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 anos atrás
Fix various typos in docs (#17844)
2 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
[doc] https-setup: explain relative paths for {CERT,KEY}_FILE fields. (#18244) Closes: https://github.com/go-gitea/gitea/issues/14401
2 anos atrás
Copyedit docs (#6275)
5 anos atrás
Documentation: Clarity for HTTPS setups (#5626) [https-setup] - Made it clearer that HTTP redirection is possible [config-cheat-sheet] - Clarified the behavihour of the redirection-related config keys
5 anos atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
Add markdownlint (#20512) Add `markdownlint` linter and fix issues. Config is based on the one from electron's repo with a few rules relaxed.
1 ano atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
Add markdownlint (#20512) Add `markdownlint` linter and fix issues. Config is based on the one from electron's repo with a few rules relaxed.
1 ano atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Support custom ACME provider (#18340) * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
2 anos atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Fix various typos in docs (#17844)
2 anos atrás
add letsencrypt to Gitea (#4189)
5 anos atrás
Reformat docs (#13897) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Copyedit docs (#6275)
5 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
Reformat docs (#13897) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 anos atrás
Add how-to for enabling HTTPS (#4101) Signed-off-by: Jonas Franz <info@jonasfranz.de>
6 anos atrás
[Docs] Grammar Edit on Enabling HTTPS Using Reverse Proxy (#9649) * Use infinitives for accept and pass * Close parentheeses for proxy exposed
4 anos atrás
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. ---

  2. date: "2018-06-02T11:00:00+02:00"

  3. title: "Usage: HTTPS setup"

  4. slug: "https-setup"

  5. weight: 12

  6. toc: false

  7. draft: false

  8. menu:

  9.   sidebar:

  10.     parent: "usage"

  11.     name: "HTTPS setup"

  12.     weight: 12

  13.     identifier: "https-setup"

  14. ---

  15. 

  16. # HTTPS setup to encrypt connections to Gitea

  17. 

  18. **Table of Contents**

  19. 

  20. {{< toc >}}

  21. 

  22. ## Using the built-in server

  23. 

  24. Before you enable HTTPS, make sure that you have valid SSL/TLS certificates.

  25. You could use self-generated certificates for evaluation and testing. Please run `gitea cert --host [HOST]` to generate a self signed certificate.

  26. 

  27. If you are using Apache or nginx on the server, it's recommended to check the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}}).

  28. 

  29. To use Gitea's built-in HTTPS support, you must change your `app.ini` file:

  30. 

  31. ```ini

  32. [server]

  33. PROTOCOL  = https

  34. ROOT_URL  = https://git.example.com:3000/

  35. HTTP_PORT = 3000

  36. CERT_FILE = cert.pem

  37. KEY_FILE  = key.pem

  38. ```

  39. 

  40. Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.

  41. To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server-server).

  42. 

  43. For the `CERT_FILE` or `KEY_FILE` field, the file path is relative to the `GITEA_CUSTOM` environment variable when it is a relative path. It can be an absolute path as well.

  44. 

  45. ### Setting up HTTP redirection

  46. 

  47. The Gitea server is only able to listen to one port; to redirect HTTP requests to the HTTPS port, you will need to enable the HTTP redirection service:

  48. 

  49. ```ini

  50. [server]

  51. REDIRECT_OTHER_PORT = true

  52. ; Port the redirection service should listen on

  53. PORT_TO_REDIRECT = 3080

  54. ```

  55. 

  56. If you are using Docker, make sure that this port is configured in your `docker-compose.yml` file.

  57. 

  58. ## Using ACME (Default: Let's Encrypt)

  59. 

  60. [ACME](https://tools.ietf.org/html/rfc8555) is a Certificate Authority standard protocol that allows you to automatically request and renew SSL/TLS certificates. [Let's Encrypt](https://letsencrypt.org/) is a free publicly trusted Certificate Authority server using this standard. Only `HTTP-01` and `TLS-ALPN-01` challenges are implemented. In order for ACME challenges to pass and verify your domain ownership, external traffic to the gitea domain on port `80` (`HTTP-01`) or port `443` (`TLS-ALPN-01`) has to be served by the gitea instance. Setting up [HTTP redirection](#setting-up-http-redirection) and port-forwards might be needed for external traffic to route correctly. Normal traffic to port `80` will otherwise be automatically redirected to HTTPS. **You must consent** to the ACME provider's terms of service (default Let's Encrypt's [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)).

  61. 

  62. Minimum setup using the default Let's Encrypt:

  63. 

  64. ```ini

  65. [server]

  66. PROTOCOL=https

  67. DOMAIN=git.example.com

  68. ENABLE_ACME=true

  69. ACME_ACCEPTTOS=true

  70. ACME_DIRECTORY=https

  71. ;; Email can be omitted here and provided manually at first run, after which it is cached

  72. ACME_EMAIL=email@example.com

  73. ```

  74. 

  75. Minimumg setup using a [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.

  76. 

  77. ```ini

  78. [server]

  79. PROTOCOL=https

  80. DOMAIN=git.example.com

  81. ENABLE_ACME=true

  82. ACME_ACCEPTTOS=true

  83. ACME_URL=https://ca.example.com/acme/acme/directory

  84. ;; Can be omitted if using the system's trust is preferred

  85. ;ACME_CA_ROOT=/path/to/root_ca.crt

  86. ACME_DIRECTORY=https

  87. ACME_EMAIL=email@example.com

  88. ```

  89. 

  90. To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server-server).

  91. 

  92. ## Using a reverse proxy

  93. 

  94. Setup up your reverse proxy as shown in the [reverse proxy guide](../reverse-proxies).

  95. 

  96. After that, enable HTTPS by following one of these guides:

  97. 

  98. - [nginx](https://nginx.org/en/docs/http/configuring_https_servers.html)

  99. - [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)

  100. - [caddy](https://caddyserver.com/docs/tls)

  101. 

  102. Note: Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepts incoming TLS connections, decrypts the contents, and passes the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network). If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.