How to Set Up a Self-Hosted Git Server on Ubuntu with Gitea

Self-hosting your own Git server offers complete control over your repositories, privacy, and the freedom to tailor your workflow. In this guide, we’ll walk through deploying a Git server using Gitea, a lightweight, community-managed solution, on an Ubuntu machine. With Gitea, you gain private repository hosting, user management, and even CI/CD automation capabilities—all while maintaining full control over your data.

Below, you’ll find a comprehensive, step-by-step implementation that covers everything from system preparation and dependency installation to setting up SSL security with Let’s Encrypt.

1. Prepare Your Ubuntu System

Before installing Gitea, ensure your Ubuntu system is fully updated. Open a terminal and run:

sudo apt update && sudo apt upgrade -y

Keeping your system updated is crucial for security and compatibility.

2. Install Required Packages

Gitea requires several dependencies to function optimally. Install Git, MariaDB, Nginx, and Certbot (with the Nginx plugin) using:

sudo apt install git mariadb-server nginx certbot python3-certbot-nginx -y

These packages provide the foundation for repository management, database support, web serving, and secure SSL connections.

3. Secure Your MariaDB Installation

Securing your database is a vital step. Run the MariaDB secure installation script to:

• Set a strong root password

• Remove anonymous users

• Disable remote root login

Execute:

sudo mysql_secure_installation

This step minimizes the risk of unauthorized access to your database.

4. Create a Gitea Database and User

With MariaDB secured, create a dedicated database and user for Gitea. First, access the MySQL shell:

sudo mysql -u root -p

Then, execute the following SQL commands:

CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
CREATE USER 'gitea'@'localhost' IDENTIFIED BY 'GitServer@123';
GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'localhost';
FLUSH PRIVILEGES;
EXIT;

This setup ensures that Gitea operates with a dedicated, secure database environment.

5. Download and Install Gitea

Create Necessary Directories and User

Begin by creating a dedicated system user and necessary directories for Gitea’s data:

sudo mkdir -p /var/lib/gitea
sudo useradd --system --home /var/lib/gitea --shell /bin/bash gitea

Download the Gitea Binary

Download the Gitea binary (version 1.23.4 in this example) and set the correct permissions:

sudo wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.23.4/gitea-1.23.4-linux-amd64
sudo chmod +x /usr/local/bin/gitea

6. Set Up Gitea’s Configuration and Data Directories

Create directories for configuration, custom data, logs, and repositories. Then, adjust permissions to enhance security:

sudo mkdir -p /etc/gitea /var/lib/gitea/{custom,data,log}
sudo chown -R gitea:gitea /var/lib/gitea /etc/gitea
sudo chmod -R 750 /var/lib/gitea /etc/gitea
sudo touch /etc/gitea/app.ini
sudo chmod 640 /etc/gitea/app.ini

These commands establish a clear separation between configuration files and repository data, essential for system organization and security.

7. Configure Gitea with app.ini

Edit the Gitea configuration file to specify repository paths, server settings, and logging. Open the file using your favorite text editor:

sudo vi /etc/gitea/app.ini

Repository Paths

Specify where your repositories will be stored:

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories

Server Configuration

Configure the domain, port, and URL settings:

[server]
APP_DATA_PATH = /var/lib/gitea/data
DOMAIN = git.chintanboghara.dev
SSH_DOMAIN = git.chintanboghara.dev
HTTP_PORT = 3000
ROOT_URL = https://git.chintanboghara.dev/
LFS_CONTENT_PATH = /var/lib/gitea/data/fs

Log Configuration

Define the path for storing logs:

[log]
ROOT_PATH = /var/lib/gitea/log

After updating, fix file permissions:

sudo chown -R gitea:gitea /etc/gitea
sudo chmod 640 /etc/gitea/app.ini

8. Create a Systemd Service for Gitea

To manage Gitea as a service, create a systemd unit file:

sudo vi /etc/systemd/system/gitea.service

Add the following content:

[Unit]
Description=Gitea Self-Hosted Git Server
After=network.target mariadb.service

[Service]
User=gitea
Group=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
WorkingDirectory=/var/lib/gitea
Environment=USER=gitea HOME=/var/lib/gitea

[Install]
WantedBy=multi-user.target

Reload systemd, enable the service, and start Gitea:

sudo systemctl daemon-reload
sudo systemctl enable --now gitea
sudo systemctl status gitea

This ensures that Gitea starts on boot and is managed reliably by systemd.

9. Set Up a Reverse Proxy with Nginx

Using Nginx as a reverse proxy allows you to manage incoming traffic and route it to the Gitea server. Create an Nginx configuration file:

sudo vi /etc/nginx/sites-available/gitea

Insert the following configuration:

server {
    listen 80;
    server_name git.chintanboghara.dev;
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }
}

Enable the configuration and restart Nginx:

sudo ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/
sudo systemctl restart nginx

This setup forwards web requests to Gitea’s default port while handling connections at the standard HTTP port.

10. Secure Gitea with SSL (Let's Encrypt)

It’s critical to secure your Git server with HTTPS. Use Certbot to issue an SSL certificate for your domain:

sudo certbot --nginx -d git.chintanboghara.dev

To ensure your certificate renews automatically, add a cron job:

sudo crontab -e

Then add the line:

0 3 * * * certbot renew --quiet

This configuration enforces secure communication between your clients and the server.

11. Enable SSH Access for Git Repositories

SSH access is essential for secure Git operations. Add your current user to the Gitea group and restart the service:

sudo usermod -aG gitea $(whoami)
sudo systemctl restart gitea

Now, clone repositories via SSH:

git clone git@git.chintanboghara.dev:your-username/your-repo.git

This command demonstrates how to securely clone repositories from your self-hosted Git server.

12. Finalize the Setup via Gitea’s Web Interface

Finally, open your browser and navigate to:

https://git.chintanboghara.dev

Complete the initial setup through the web interface by:

• Entering the Gitea database credentials you created earlier.

• Creating an administrative user.

• Configuring additional settings as desired.

Additional Insights

• Why Self-Host?
  Self-hosting your Git server provides enhanced privacy and full control over your data. It also allows for tailored integrations with CI/CD tools, enabling custom automation workflows.

• Security Best Practices:
  Regularly update your system and Gitea installation, review access permissions, and monitor logs to ensure your server remains secure. Consider implementing further security measures like firewall rules and regular database backups.

• Customization and Scalability:
  Gitea’s lightweight nature makes it a flexible option for small teams or large enterprises. As your team grows, you can integrate additional tools and services, such as Docker for containerized deployments or third-party CI/CD systems for automated testing and deployments.

• Troubleshooting Tips:
  If you encounter issues, check the service status with sudo systemctl status gitea and review log files located in /var/lib/gitea/log. Additionally, verify your Nginx configuration and ensure your domain’s DNS records are correctly pointed to your server.

Conclusion

By following these detailed steps, you now have a fully operational self-hosted Git server powered by Gitea on Ubuntu. This setup not only supports private repository hosting and robust user management but also paves the way for advanced CI/CD integrations. Enjoy the benefits of complete control, enhanced security, and streamlined development workflows with your very own Git server!

Happy coding!

Reference

1. Gitea Official Documentation
   https://docs.gitea.io/en-us/
   Provides detailed insights on installing and configuring Gitea.

2. Ubuntu Official Website
   https://ubuntu.com/
   Contains resources and guides for keeping your Ubuntu system updated and secure.

3. MariaDB Knowledge Base
   https://mariadb.com/kb/en/
   Offers comprehensive information on securing and managing MariaDB installations.

4. Nginx Reverse Proxy Guide
   https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
   Explains how to configure Nginx as a reverse proxy for routing web traffic.

5. Let's Encrypt Documentation
   https://letsencrypt.org/docs/
   Provides guidelines for setting up SSL certificates to secure your web applications.