Gitea with Let's Encrypt in a Docker Compose

README.md

@@ -0,0 +1,13 @@
+# Gitea with Let's Encrypt in a Docker Compose
+
+Install the Docker Engine by following the official guide: https://docs.docker.com/engine/install/
+
+Install the Docker Compose by following the official guide: https://docs.docker.com/compose/install/
+
+Run `gitea-restore-application-data.sh` to restore application data if needed.
+
+Run `gitea-restore-database.sh` to restore database if needed.
+
+Deploy Gitea server with a Docker Compose using the command:
+
+`docker-compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d`

gitea-restore-application-data.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
+GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+
+echo "--> All available application data backups:"
+
+for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-application-data/backups/")
+do
+  echo "$entry"
+done
+
+echo "--> Copy and paste the backup name from the list above to restore application data and press [ENTER]
+--> Example: gitea-application-data-backup-YYYY-MM-DD_hh-mm.tar.gz"
+echo -n "--> "
+
+read SELECTED_APPLICATION_BACKUP
+
+echo "--> $SELECTED_APPLICATION_BACKUP was selected"
+
+echo "--> Stopping service..."
+docker stop $GITEA_CONTAINER
+
+echo "--> Restoring application data..."
+docker exec -it $GITEA_BACKUPS_CONTAINER sh -c "rm -rf /etc/gitea/* && tar -zxpf /srv/gitea-application-data/backups/$SELECTED_APPLICATION_BACKUP -C /"
+echo "--> Application data recovery completed..."
+
+echo "--> Starting service..."
+docker start $GITEA_CONTAINER

gitea-restore-database.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
+GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+
+echo "--> All available database backups:"
+
+for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-postgres/backups/")
+do
+  echo "$entry"
+done
+
+echo "--> Copy and paste the backup name from the list above to restore database and press [ENTER]
+--> Example: gitea-postgres-backup-YYYY-MM-DD_hh-mm.gz"
+echo -n "--> "
+
+read SELECTED_DATABASE_BACKUP
+
+echo "--> $SELECTED_DATABASE_BACKUP was selected"
+
+echo "--> Stopping service..."
+docker stop $GITEA_CONTAINER
+
+echo "--> Restoring database..."
+docker exec -it $GITEA_BACKUPS_CONTAINER sh -c 'PGPASSWORD="$(echo $POSTGRES_PASSWORD)" dropdb -h postgres -p 5432 giteadb -U giteadbuser \
+&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" createdb -h postgres -p 5432 giteadb -U giteadbuser \
+&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" gunzip -c /srv/gitea-postgres/backups/'$SELECTED_DATABASE_BACKUP' | PGPASSWORD=$(echo $POSTGRES_PASSWORD) psql -h postgres -p 5432 giteadb -U giteadbuser'
+echo "--> Database recovery completed..."
+
+echo "--> Starting service..."
+docker start $GITEA_CONTAINER

gitea-traefik-letsencrypt-docker-compose.yml

@@ -0,0 +1,179 @@
+# Gitea with Let's Encrypt in a Docker Compose
+
+# Vladimir Mikhalev
+# callvaldemar@gmail.com
+# www.heyvaldemar.com
+
+# Install the Docker Engine by following the official guide: https://docs.docker.com/engine/install/
+# Install the Docker Compose by following the official guide: https://docs.docker.com/compose/install/
+
+# Run gitea-restore-application-data.sh to restore application data if needed.
+# Run gitea-restore-database.sh to restore database if needed.
+
+# Deploy Gitea server with a Docker Compose using the command:
+# docker-compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d
+
+volumes:
+  gitea-data:
+  gitea-config:
+  gitea-postgres:
+  gitea-data-backups:
+  gitea-postgres-backups:
+  traefik-certificates:
+
+services:
+  postgres:
+    # Image tag (replace with yours)
+    image: postgres:13.2
+    volumes:
+      - gitea-postgres:/var/lib/postgresql/data
+    environment:
+      # Database name (replace with yours)
+      POSTGRES_DB: giteadb
+      # Database user (replace with yours)
+      POSTGRES_USER: giteadbuser
+      # Database password (replace with yours)
+      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
+    restart: unless-stopped
+
+  gitea:
+    image: gitea/gitea:1.14
+    volumes:
+      - gitea-data:/data
+      - gitea-config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: postgres:5432
+      # Database name (replace with yours)
+      DB_NAME: giteadb
+      # Database user (replace with yours)
+      DB_USER: giteadbuser
+      # Database password (replace with yours)
+      DB_PASSWD: etFneCEtAWRKkfeQmkvwLWE
+      RUN_MODE: prod
+      SSH_PORT: 0
+      DISABLE_SSH: 'true'
+      HTTP_PORT: 3000
+      # Gitea URL (replace with yours)
+      ROOT_URL: https://gitea.heyvaldemar.net
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 90s
+    labels:
+      - "traefik.enable=true"
+      # Gitea URL (replace with yours)
+      - "traefik.http.routers.gitea.rule=Host(`gitea.heyvaldemar.net`)"
+      - "traefik.http.routers.gitea.service=gitea"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.services.gitea.loadbalancer.passhostheader=true"
+      - "traefik.http.routers.gitea.middlewares=compresstraefik"
+      - "traefik.http.middlewares.compresstraefik.compress=true"
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - traefik
+
+  traefik:
+    # Image tag (replace with yours)
+    image: traefik:2.4
+    command:
+      - "--log.level=WARN"
+      - "--accesslog=true"
+      - "--api.dashboard=true"
+      - "--api.insecure=true"
+      - "--ping=true"
+      - "--ping.entrypoint=ping"
+      - "--entryPoints.ping.address=:8082"
+      - "--entryPoints.web.address=:80"
+      - "--entryPoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+      - "--providers.docker.exposedByDefault=false"
+      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
+      # Email for Let's Encrypt (replace with yours)
+      - "--certificatesresolvers.letsencrypt.acme.email=callvaldemar@gmail.com"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
+      - "--metrics.prometheus=true"
+      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
+      - "--global.checkNewVersion=true"
+      - "--global.sendAnonymousUsage=false"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - traefik-certificates:/etc/traefik/acme
+    ports:
+      - "80:80"
+      - "443:443"
+    healthcheck:
+      test: ["CMD", "wget", "http://localhost:8082/ping","--spider"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+    labels:
+      - "traefik.enable=true"
+      # Traefik URL (replace with yours)
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.gitea.heyvaldemar.net`)"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
+      - "traefik.http.routers.dashboard.middlewares=authtraefik"
+      # Basic Authentication for Traefik Dashboard
+      # Username: traefikadmin (replace with yours)
+      # Passwords must be encoded using MD5, SHA1, or BCrypt
+      - "traefik.http.middlewares.authtraefik.basicauth.users=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO"
+      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+    restart: unless-stopped
+
+  backups:
+    # Image tag (replace with yours)
+    image: postgres:13.2
+    # Database backups prune interval (replace with yours). Default is 7 days.
+    # find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
+
+    # Application data backups prune interval (replace with yours). Default is 7 days.
+    # find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f
+
+    # Gitea backups interval (replace with yours). Default is 1 day.
+    # sleep 24h
+
+    # Run gitea-restore-application-data.sh to restore application data if needed.
+    # Run gitea-restore-database.sh to restore database if needed.
+    command: sh -c 'sleep 30m
+             && while true; do
+             PGPASSWORD="$$(echo $$POSTGRES_PASSWORD)"
+             pg_dump
+             -h postgres
+             -p 5432
+             -d giteadb
+             -U giteadbuser | gzip > /srv/gitea-postgres/backups/gitea-postgres-backup-$$(date "+%Y-%m-%d_%H-%M").gz
+             && tar -zcpf /srv/gitea-application-data/backups/gitea-application-data-backup-$$(date "+%Y-%m-%d_%H-%M").tar.gz /etc/gitea
+             && find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
+             && find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f;
+             sleep 24h; done'
+    volumes:
+      - gitea-data:/etc/gitea
+      # Application data backups location
+      - gitea-data-backups:/srv/gitea-application-data/backups
+      # Database backups location
+      - gitea-postgres-backups:/srv/gitea-postgres/backups
+    environment:
+      # Database password (replace with yours)
+      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - gitea