I am trying to setup gitea to use https with a certificate I got from letsencrypt running the service as a normal user.
I already got it working with http on port 80 with a normal user git
and redirecting port 80 to port 3000 using iptables.
Also I already got it working with https on port 3000 redirecting to port 3080.
But I can't figure out how to configure it (maybe along with iptables) so that requests to port 80 redirect to the appropiate port (3000? 3080?).
I redirect the port 80 to port 3000 using this iptables command as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
And this is the relevant part of my configuration for HTTP
RUN_USER = git
LOCAL_ROOT_URL = http://localhost:3000/
DOMAIN = example
HTTP_PORT = 80
ROOT_URL = http://example.com
This is my configuration for HTTP on port 3000 redirecting to port 3080
RUN_USER = git
PROTOCOL = https
LOCAL_ROOT_URL = https://localhost:3000/
DOMAIN = example.com
HTTP_PORT = 3000
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
ROOT_URL = https://example.com
CERT_FILE = /etc/letsencrypt/live/example.com/fullchain.pem
KEY_FILE = /etc/letsencrypt/live/example.com/privkey.pem
With this configuration I can visit https://example.com:3000
and it works fine but if I visit https://example.com:3080
I get an Secure Connection Failed
with Error code: SSL_ERROR_RX_RECORD_TOO_LONG
.
I tried to redirect the port 80 to port 3080 using iptables but it didn't work.
Can you help me set it up so I can run the service as normal user in port 80 so that people can visit it at https://example.com
? (maybe using iptables as root beforehand to redirect some ports) Thanks in advance
The port for HTTPS is 443. Most people would solve this by using a reverse proxy, not iptables.
Gitea can handle letsencrypt itself. Here's how:
[server]
PROTOCOL=https
DOMAIN=git.example.com
ENABLE_LETSENCRYPT=true
LETSENCRYPT_ACCEPTTOS=true
LETSENCRYPT_DIRECTORY=https
LETSENCRYPT_EMAIL=email@example.com
Taken from: https://docs.gitea.io/en-us/https-setup/