luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-20 16:10:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Reformat docs (#13897)

Browse source 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
Patrick Schratz 2020-12-09 07:47:06 +01:00 committed by GitHub
parent 97ab820acc
commit af79677a44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
86 changed files with 1115 additions and 957 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/content/doc/usage/https-support.md
View file

@ -3,7 +3,7 @@ date: "2018-06-02T11:00:00+02:00"
title: "Usage: HTTPS setup"
slug: "https-setup"
weight: 12
toc: true
toc: false
draft: false
menu:
sidebar:
@ -15,6 +15,10 @@ menu:
# HTTPS setup to encrypt connections to Gitea
**Table of Contents**
{{< toc >}}
## Using the built-in server
Before you enable HTTPS, make sure that you have valid SSL/TLS certificates.
@ -32,6 +36,7 @@ HTTP_PORT = 3000
CERT_FILE = cert.pem
KEY_FILE = key.pem
```
Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
@ -66,14 +71,14 @@ LETSENCRYPT_EMAIL=email@example.com
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
## Using reverse proxy
## Using a reverse proxy
Setup up your reverse proxy as shown in the [reverse proxy guide](../reverse-proxies).
After that, enable HTTPS by following one of these guides:
* [nginx](https://nginx.org/en/docs/http/configuring_https_servers.html)
* [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)
* [caddy](https://caddyserver.com/docs/tls)
- [nginx](https://nginx.org/en/docs/http/configuring_https_servers.html)
- [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)
- [caddy](https://caddyserver.com/docs/tls)
Note: Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepts incoming TLS connections, decrypts the contents, and passes the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network). If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.