Deploy Gitea on RamNode VPS - Self-Hosted Git Solution

Why Choose Gitea for Self-Hosted Git?

Gitea stands out among self-hosted Git solutions for several compelling reasons. Unlike heavier alternatives such as GitLab, Gitea maintains minimal resource requirements while delivering enterprise-grade features. The application runs efficiently on modest hardware configurations, making it perfect for RamNode VPS deployments.

Key Features

• Pull requests & code review
• Issue tracking & projects
• CI/CD integration
• Organization management
• LDAP/OAuth authentication

Performance

• Single binary deployment
• Low memory footprint
• Fast startup times
• Efficient Git operations
• Written in Go

Prerequisites and Planning

Before beginning the deployment, ensure your RamNode VPS meets the minimum requirements:

Minimum Requirements

• RAM: 1GB minimum (2GB recommended)
• Storage: 10GB minimum
• OS: Ubuntu 22.04 LTS or newer
• Access: Root or sudo privileges
• Domain: Domain name or subdomain configured
• Skills: Basic Linux command line familiarity

Initial Server Setup

Connect to your RamNode VPS via SSH and update the system with the latest packages and security patches:

sudo apt update && sudo apt upgrade -y
sudo apt install -y curl wget git unzip nginx certbot python3-certbot-nginx

Create a dedicated system user for Gitea to enhance security isolation:

sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git

Installing Gitea

Download the latest Gitea binary. Check for the latest version at the official releases page:

# Check for the latest version at https://github.com/go-gitea/gitea/releases
GITEA_VERSION="1.21.1"
wget -O gitea https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64
chmod +x gitea
sudo mv gitea /usr/local/bin/gitea

Create the necessary directory structure:

sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo chown -R git:git /var/lib/gitea/
sudo chmod -R 750 /var/lib/gitea/
sudo mkdir /etc/gitea
sudo chown root:git /etc/gitea
sudo chmod 770 /etc/gitea

Database Configuration

While Gitea supports SQLite for simple deployments, PostgreSQL provides better performance for production use:

sudo apt install -y postgresql postgresql-contrib
sudo systemctl start postgresql
sudo systemctl enable postgresql

# Create database and user
sudo -u postgres psql << EOF
CREATE DATABASE gitea;
CREATE USER gitea WITH ENCRYPTED PASSWORD 'your_secure_password_here';
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
\q
EOF

Important: Replace your_secure_password_here with a strong, unique password. Store this password securely as you'll need it during Gitea's initial configuration.

Creating Systemd Service

Create a systemd service file to manage Gitea as a system service:

sudo tee /etc/systemd/system/gitea.service > /dev/null << 'EOF'
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=postgresql.service

[Service]
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
RuntimeDirectory=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
RestartSec=2
StandardOutput=journal
StandardError=journal
SyslogIdentifier=gitea

[Install]
WantedBy=multi-user.target
EOF

Enable and start the Gitea service:

sudo systemctl daemon-reload
sudo systemctl enable gitea
sudo systemctl start gitea

# Verify status
sudo systemctl status gitea

Nginx Reverse Proxy Configuration

Configure Nginx as a reverse proxy to handle HTTPS and improve performance:

sudo tee /etc/nginx/sites-available/gitea > /dev/null << 'EOF'
server {
    listen 80;
    server_name your-domain.com;
    
    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;
    
    # SSL Configuration (certificates will be added by certbot)
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    
    # Security headers
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    
    client_max_body_size 512M;
    
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_max_temp_file_size 0;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;
    }
}
EOF

Enable the site configuration:

sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

SSL Certificate Configuration

Secure your Gitea installation with a free Let's Encrypt SSL certificate:

sudo certbot --nginx -d your-domain.com

Certbot will automatically configure SSL and set up automatic renewal. Test the renewal process:

sudo certbot renew --dry-run

Initial Configuration

Navigate to your domain in a web browser to complete the initial setup. You'll be presented with the Gitea installer:

Key Configuration Settings:

Database Settings:

• Database Type: PostgreSQL
• Host: 127.0.0.1:5432
• Username: gitea
• Password: [your database password]
• Database Name: gitea

General Settings:

• Site Title: Your Git Server
• Repository Root Path: /home/git/gitea-repositories
• Git LFS Root Path: /var/lib/gitea/data/lfs
• Run As Username: git
• Domain: your-domain.com
• SSH Port: 22
• HTTP Listen Port: 3000
• Base URL: https://your-domain.com/

After completing the installation, create your administrator account. The configuration will be saved to/etc/gitea/app.ini.

Secure the configuration file after installation:

sudo chmod 750 /etc/gitea
sudo chmod 640 /etc/gitea/app.ini

Advanced Configuration

Customize Gitea's behavior by editing /etc/gitea/app.ini:

[server]
DOMAIN = your-domain.com
ROOT_URL = https://your-domain.com/
DISABLE_SSH = false
SSH_DOMAIN = your-domain.com
SSH_PORT = 22
LFS_START_SERVER = true
OFFLINE_MODE = false

[security]
INSTALL_LOCK = true
PASSWORD_COMPLEXITY = lower,upper,digit,spec
MIN_PASSWORD_LENGTH = 8

[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = true
ENABLE_CAPTCHA = true
DEFAULT_KEEP_EMAIL_PRIVATE = true

After making configuration changes, restart Gitea:

sudo systemctl restart gitea

Backup Strategy

Implement a robust backup strategy to protect your repositories and configuration:

sudo tee /usr/local/bin/gitea-backup.sh > /dev/null << 'EOF'
#!/bin/bash

# Gitea backup script
BACKUP_DIR="/home/git/backups"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME="gitea_backup_${DATE}"

# Create backup directory
mkdir -p ${BACKUP_DIR}

# Stop Gitea service
systemctl stop gitea

# Backup database
sudo -u postgres pg_dump gitea > ${BACKUP_DIR}/${BACKUP_NAME}_database.sql

# Backup Gitea directories
tar -czf ${BACKUP_DIR}/${BACKUP_NAME}_data.tar.gz /var/lib/gitea/
tar -czf ${BACKUP_DIR}/${BACKUP_NAME}_config.tar.gz /etc/gitea/
tar -czf ${BACKUP_DIR}/${BACKUP_NAME}_repos.tar.gz /home/git/gitea-repositories/

# Start Gitea service
systemctl start gitea

# Clean old backups (keep 7 days)
find ${BACKUP_DIR} -name "gitea_backup_*" -mtime +7 -delete

echo "Backup completed: ${BACKUP_NAME}"
EOF

chmod +x /usr/local/bin/gitea-backup.sh

Schedule automatic backups using cron:

# Edit crontab
sudo crontab -e

# Add this line for daily backups at 2 AM
0 2 * * * /usr/local/bin/gitea-backup.sh

Security Hardening

Configure UFW firewall to limit exposed services:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 'Nginx Full'
sudo ufw --force enable

Install and configure fail2ban to protect against brute force attacks:

sudo apt install -y fail2ban

sudo tee /etc/fail2ban/jail.local > /dev/null << 'EOF'
[DEFAULT]
bantime = 1800
findtime = 600
maxretry = 3

[sshd]
enabled = true

[nginx-http-auth]
enabled = true

[gitea]
enabled = true
filter = gitea
logpath = /var/lib/gitea/log/gitea.log
maxretry = 5
bantime = 3600
findtime = 600
action = iptables-allports[name=gitea]
EOF

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Troubleshooting Common Issues

Gitea won't start

Check the service logs:

sudo journalctl -u gitea -f

Database connection errors

Verify PostgreSQL is running and credentials are correct:

sudo systemctl status postgresql
sudo -u postgres psql -c "\l" | grep gitea

502 Bad Gateway

Ensure Gitea is running and listening on port 3000:

sudo netstat -tulpn | grep 3000

Permission issues

Fix directory ownership:

sudo chown -R git:git /var/lib/gitea/
sudo chown -R git:git /home/git/gitea-repositories/

Best Practices

Security

• Enable 2FA for administrator accounts
• Use strong passwords
• Keep Gitea updated
• Regular security audits
• Monitor access logs

Maintenance

• Regular backups (automated)
• Monitor disk space
• Review logs periodically
• Test backup restoration
• Document your setup

Performance

• Use PostgreSQL for production
• Enable caching
• Configure Git LFS for large files
• Regular database maintenance
• Monitor resource usage

Organization

• Set up organizations for teams
• Use webhooks for integrations
• Configure branch protection
• Define clear contribution guidelines
• Implement code review workflows

Ready to Deploy?

Get started with a RamNode Cloud VPS optimized for Gitea deployment. Experience lightning-fast Git operations with our premium infrastructure.

View Cloud VPS Plans More Deployment Guides