Previously, I set up a Gogs server but didn’t configure HTTPS; it was directly using HTTP. Last time, I tried and found that intercepting passwords was too easy… So I thought about getting a domain name and setting up HTTPS…
Firstly, to use HTTPS, you need an SSL certificate. To get a certificate, it seems that free SSL certificates basically require a domain name. So I got the cheapest one from INVALID POST SLUG PROVIDED www.namesilo.com/. Domain registration and binding IP can be found in this blog post: this article.
After getting the domain, the next step is to set up a reverse proxy server. I chose Caddy because I read that it’s simple and easy to use, with automatic application and renewal of SSL certificates. Maybe my luck wasn’t good… Although setting it up was very simple, I couldn’t get the SSL certificate to work. In the end, I found a project on GitHub called acme.sh to apply for SSL certificates. This script is very easy to use, and the author’s usage instructions are detailed; following them should be fine. Of course, there’s also a more user-friendly tutorial: this guide.
Using acme.sh will generate four files, among which fullchain.cer, your.domain.key are the certificate and key.
Since I deployed Gogs and Caddy using Docker, to make things convenient, I wrote both in a single compose file:
1 | version: "2" |
In the above file, two containers are configured. Gogs only exposes port 22 for SSH service; HTTP ports are not exposed. Caddy can set access directly in its configuration (although I don’t know how to do it).
For the Caddy container, note that setting the ACME_AGREE=true environment variable is necessary; otherwise, acme will prompt you that you cannot use it… Also, specify the Caddy configuration file Caddyfile and the certificates and keys generated above. The port exposure in the Caddy container’s configuration seems to be incorrect; I’ll look into how to fix it later.
The specific content of the Caddyfile is as follows:
1 | your.domain { |
