From 639690a7f7a2103a491f472204b194283c04b5aa Mon Sep 17 00:00:00 2001
From: Aaron Po <apo2@uwo.ca>
Date: Tue, 17 Feb 2026 02:28:45 +0000
Subject: [PATCH] add example nginx config

---
 README.md                                | 24 ++++++++++++++++
 nginx.example/conf.d/gitea.conf          | 36 ++++++++++++++++++++++++
 nginx.example/conf.d/gitea.httponly.conf | 14 +++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 README.md
 create mode 100644 nginx.example/conf.d/gitea.conf
 create mode 100644 nginx.example/conf.d/gitea.httponly.conf

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ef729ec
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# Gitea config
+
+# nginx
+First follow the http only nginx conf
+
+then run
+
+# Install certbot
+sudo dnf install certbot python3-certbot-nginx
+
+# Create webroot directory
+sudo mkdir -p /var/www/certbot
+
+# Get certificate
+sudo certbot certonly --webroot \
+    -w /var/www/certbot \
+    -d git.example.com \
+    --email example@gmail.com \
+    --agree-tos \
+    --no-eff-email
+
+then change the config over to the https nginx config
+
+
diff --git a/nginx.example/conf.d/gitea.conf b/nginx.example/conf.d/gitea.conf
new file mode 100644
index 0000000..7cd9058
--- /dev/null
+++ b/nginx.example/conf.d/gitea.conf
@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    server_name git.example.com;
+    
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name git.example.com;
+
+    ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem;
+    
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+
+    client_max_body_size 512M;
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+}
diff --git a/nginx.example/conf.d/gitea.httponly.conf b/nginx.example/conf.d/gitea.httponly.conf
new file mode 100644
index 0000000..9b669d9
--- /dev/null
+++ b/nginx.example/conf.d/gitea.httponly.conf
@@ -0,0 +1,14 @@
+server {
+    listen 80;
+    server_name git.example.com;
+
+    client_max_body_size 512M;
+
+    location / {
+        proxy_pass http://server:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}