Eoghan

Self-hosting Gitea on Amazon Lightsail

Date: 2020-07-14
Last Updated: 2021-04-10
#Git #Docker

I recently took the decision to try my hand at self hosting a Git. Mainly I just wanted to do it; to go through the process of setting up and running the gitserver, webserver and database.

Git Services

  1. GitHub is by far the most widely used Git service in the world today. But in terms of self host options I came down to these.
  2. GitLab - Required too many resources for my purposes
  3. Bitbucket - I didn’t want to work with a Java app, don’t like the UI
  4. Gitly - Not viable at present
  5. Gogs - Parent project of Gitea
  6. Gitweb - A little bit too basic, but I would have tried it.
  7. Gitea - Go, UI like old GitHub

I did look at using Gitea which is cloud hosted Gitea, but I didn’t feel comfortable having my code hosted in China. Having said that I don’t know where GitHub & GitLab host my code, but it’s probably not China. I also looked at Codeberg which is a modified version of Gitea and hosted in the EU, this wouldn’t be a bad alternative but I decided to pass on it for this occasion.

Gitea just seemed to be a nice solution for me, written in Go I knew it would be a single binary (meaning no libraries to worry about), I am also a Go enthusiast too. It was recommended by a colleague while he complained about bitbucket taking forever to load a pull request.

One thing I did notice was that the Gitea installation instructions for docker were somewhat lacking, and I hope I can help with that in this blog post.

Why Amazon and what’s a lightsail

I chose Amazon because I use AWS at work and I am working towards further AWS certifications. I chose Lightsail over EC2 primarily because of pricing, I pay $5 a month for effectively a t2.micro and it runs Gitea and docker just fine, that comes with a 40 GB SSD and that’s plenty for me on my own. I used Terraform to create the Lightsail instance, create a static IP, assign the static IP, and finally update my DNS records with Gandi to point a subdomain to this instance. But honestly I only did that to actually use Terraform, this infrastructure is so simple that it could be done as quickly manually.

Setting it up

By far the trickiest part is allowing SSH passthrough to the container, if you can live without SSH Git access then this will be a breeze. But it was something I could not give up, for this “guide” I will assume you want SSH Git access.

You’ll need docker-ce and docker-compose installed on the Lightsail instance.

Before you run docker-compose up -d you’ll need to have a git user on your host machine (the Lightsail instance), you can create it as follows.

adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Git Version Control' \
   --group \
   --disabled-password \
   --home /home/git \
   git

Then you need to create the following directory structure.

mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea

Clone the mytea repo, create your own env.sh from the example provided. Then create a docker network for the backend database.

docker network create --internal back

Now we can fire up the docker-compose file. Assuming that your DNS records have populated you can navigate to your FQDN and complete the web based installation of Gitea.

The following strictly pertains to the SSH access

Following this create the executable file /app/gitea/gitea and give it the following contents

#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

Now create an SSH key for the git user

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"

Link the authorised keys file from the container to the same for the git user on the host

ln -s /var/lib/gitea/git/.ssh/authorized_keys /home/git/.ssh/authorized_keys

Now we need to put the “Gitea Host Key” into the authorised keys file for the git user, this allows the SSH access to the container.

sudo -u git bash -c 'echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /var/lib/gitea/git/.ssh/authorized_keys'

Now do a docker-compose restart for good measure, and after you upload an SSH key to your user in Gitea, test with ssh -T git@code.speleo.dev.

Update

So after nearly two months of self hosting I’ve decided to end the experiment. Unltimately I found that I was still using my GitHub account as much as I had been, with so many open source projects using GitHub it’s hard to get away. So in that way it sort of defeated the purpose of hosting my own.

I have learnt a couple of things from it and I know that I would definitely recommend Gitea to anyone wanting to host their own Git service. I have learnt from this enough Terraform to spin up an Amazon Lightsail, generate a static IP, connect it to the Lightsail, and finally make a DNS record with Gandi pointing the static IP.

gitea.com

codeberg.org

mytea repo