github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Running in Docker, want to generate self-signed SSL certificate INSIDE the container #6070

New Issue
Closed
opened 2025-11-02 06:44:15 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 06:44:15 -06:00
Owner
Copy Link

Originally created by @loganmarchione on GitHub (Sep 29, 2020).

  • Gitea version (or commit ref): 1.12.4
  • Git version: 2.24.3
  • Operating system: Docker on AMD64 host
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

This might be an edge use-case.

I run Gitea in Docker, and use Nginx as a reverse proxy for HTTPS. However, the communication between Gitea and Nginx is over HTTP. I would like this communication to be HTTPS.

----------               ----------              ----------
|        |               |        |              |        |
| Users  | ----HTTPS---- | Nginx  | ----HTTP---- | Gitea  |
|        |               |        |              |        |
----------               ----------              ----------

Thinking out loud, my options are:

  1. Mount an existing certificate from the host to the container (I tried using a Let's Encrypt certificate, but the privkey.pem is mode 600, which the git user inside Gitea can't read)
  2. Generate a self-signed SSL certificate INSIDE the container

For option 2, I know I can run gitea cert --host git.example.com --ca to generate a SSL certificate, but how does that work in Docker? That command would be for a traditional Gitea install on a regular OS.

Docker Compose allows you to overwrite the default command, but I don't want to overwrite the default command to start Gitea itself (/app/gitea/gitea web). Also, you're using s6, which would prevent this from working anyway.

Is there a way to generate a self-signed SSL certificate inside the container? I don't care if it re-generates at every startup, since no user will be visiting this location, they'll be hitting the Nginx reverse proxy.

Screenshots

N/A

Originally created by @loganmarchione on GitHub (Sep 29, 2020). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.12.4 - Git version: 2.24.3 - Operating system: Docker on AMD64 host - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description This might be an edge use-case. I run Gitea in Docker, and use Nginx as a reverse proxy for HTTPS. However, the communication between Gitea and Nginx is over HTTP. I would like this communication to be HTTPS. ``` ---------- ---------- ---------- | | | | | | | Users | ----HTTPS---- | Nginx | ----HTTP---- | Gitea | | | | | | | ---------- ---------- ---------- ``` Thinking out loud, my options are: 1. Mount an existing certificate from the host to the container (I tried using a Let's Encrypt certificate, but the `privkey.pem` is mode `600`, which the `git` user inside Gitea can't read) 2. Generate a self-signed SSL certificate INSIDE the container For option 2, I know I can run `gitea cert --host git.example.com --ca` to generate a SSL certificate, but how does that work in Docker? That command would be for a traditional Gitea install on a regular OS. Docker Compose allows you to overwrite the [default command](https://docs.docker.com/compose/compose-file/#command), but I don't want to overwrite the default command to start Gitea itself (`/app/gitea/gitea web`). Also, you're using s6, which would prevent this from working anyway. Is there a way to generate a self-signed SSL certificate inside the container? I don't care if it re-generates at every startup, since no user will be visiting this location, they'll be hitting the Nginx reverse proxy. ## Screenshots N/A
GiteaMirror added the type/question label 2025-11-02 06:44:15 -06:00
GiteaMirror commented 2025-11-02 06:44:16 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Sep 29, 2020):

@loganmarchione I would manualy create it outside and add it to the data storage where all data live :)
set config to it, and that should it be

@6543 commented on GitHub (Sep 29, 2020): @loganmarchione I would manualy create it outside and add it to the data storage where all data live :) set config to it, and that should it be
GiteaMirror commented 2025-11-02 06:44:16 -06:00
Author
Owner
Copy Link

@johanvdw commented on GitHub (Sep 30, 2020):

  1. Mount an existing certificate from the host to the container (I tried using a Let's Encrypt certificate, but the privkey.pem is mode 600, which the git user inside Gitea can't read)

chown 1000:1000 (or whatever useruid you use for git in your container). 1000 is the default if you follow https://docs.gitea.io/en-us/install-with-docker/

@johanvdw commented on GitHub (Sep 30, 2020): > 1. Mount an existing certificate from the host to the container (I tried using a Let's Encrypt certificate, but the `privkey.pem` is mode `600`, which the `git` user inside Gitea can't read) chown 1000:1000 (or whatever useruid you use for git in your container). 1000 is the default if you follow https://docs.gitea.io/en-us/install-with-docker/
GiteaMirror commented 2025-11-02 06:44:16 -06:00
Author
Owner
Copy Link

@loganmarchione commented on GitHub (Oct 1, 2020):

@johanvdw - Thanks, this is what I ended up doing.

@loganmarchione commented on GitHub (Oct 1, 2020): @johanvdw - Thanks, this is what I ended up doing.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#6070
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?