How to setup your own private git server

Using a version control system (VCS) has a lot of beneficial uses even if you’re not a developer. For example, at NodeSpace, we use git, a popular VCS, to manage configuration files of critical systems, network infrastructure, and our infrastructure as code (IaC). As you might guess, these files are sensitive in their contents and we do not permit them to be uploaded to public systems like Github. While we do have a Github organization where we post open source projects and code, we keep some stuff internal and closed. Here’s how to setup your own Gitea server, either using a virtual machine on a Proxmox private cloud server or using a VPS.

Installing Gitea on AlmaLinux 9

In this tutorial, I am using AlmaLinux 9, but you can also use AlmaLinux 8, Rocky Linux, CentOS Stream, or any other flavor of Linux you’d like. However, keep in mind that the commands I’m going to be providing will only work on RHEL-based distros. This guide also assumes you’re using a user with sudo permissions.

First, you’re going to need a server to install Gitea on. The nice thing about Gitea is that it is very lightweight so if you already have a server with data on it, you can install Gitea without any issues.

We need to create a non-root user for Gitea to run as. This is for system security. If something was to happen, you don’t want anyone to get access to root.

sudo useradd -rms /bin/bash gitea

If SELinux is enabled, you’ll need to disable it. You can do this for your session by running:

sudo setenforce 0

And then to make this change permanent, we need to disable SELinux from the config. Edit the SELinux config file with this command:

sudo vi /etc/selinux/config

If you’re not familiar with vi, it’s really easy. Press I on your keyboard and then move your cursor using the arrow keys to where you want to edit. Make your changes. Press the escape key and then type :wq! and press Enter. This will save your changes and exit vi.

Update your system and install the required software:

sudo dnf -y update
sudo dnf install -y git sqlite wget

At this point, it’s a good idea to reboot, especially if you have any kernel updates applied.

Once you’re re-connected, download the latest version of Gitea using the following command:

wget -O gitea https://dl.gitea.io/gitea/1.17/gitea-1.17-linux-amd64

Replace 1.17 with the current version. You can find this from the Gitea website. This command will save the downloaded binary as “gitea”.

Now we just need to make the binary executable by running:

chmod +x gitea

Move the file to a location on our system where it’s safe to host binaries:

sudo mv gitea /usr/local/bin

Now we need to make some required directories for Gitea

sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo mkdir /etc/gitea

Since Gitea needs to be able to access these directories, we need to assign permissions to them:

sudo chmod -R 750 /var/lib/gitea
sudo chmod 770 /etc/gitea
sudo chown -R gitea: /var/lib/gitea
sudo chown root:gitea /etc/gitea

You will probably want to run Gitea as a service so it is easier to start, stop, and upgrade. Gitea provides an example systemd service file here. However, I’ve simplified it to our setup. Here’s the one I am using:

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea

[Install]
WantedBy=multi-user.target

And to create this file on your system, run the following and paste it in:

sudo vi /etc/systemd/system/gitea.service

Running Gitea

Now we can start and enable the gitea service with these commands:

sudo systemctl start gitea
sudo systemctl enable gitea

Now we need to add gitea through the firewall, assuming you have that enabled and running:

sudo firewall-cmd --permanent --add-port=3000/tcp

If you get a “success” message, reload the firewall:

sudo firewall-cmd --reload

Now Gitea should be accessible through your browser to finish setup. Just point your browser to http://<yourserverip>:3000 and adjust the settings I’ve marked. At the very least, you will need to set the database as SQLite as that is the database we’re using. Adjust the other settings to match your setup.

Once gitea is installed, login and you can start creating repos!

Conclusion

And there you have it! Your own private git server where you can store anything you don’t want the world to see. When you install gitea on a virtual machine running on a Proxmox Private Cloud server, you can really ensure security by placing the server behind a virtual firewall. This makes it so that you can restrict access to the server or even make it only accessible via a secure VPN connection, such as WireGuard. If you do want to expose Gitea to the internet, you can use a reverse proxy.

Happy coding!

Leave a Comment

Your email address will not be published. Required fields are marked *

twenty − 17 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.