diff --git a/docker/gitea-init/Dockerfile b/docker/gitea-init/Dockerfile
index 2534ed9ea7..a6e36e73be 100644
--- a/docker/gitea-init/Dockerfile
+++ b/docker/gitea-init/Dockerfile
@@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-FROM opendevorg/jinja-init
+FROM opendevorg/jinja-init as gitea-init
COPY entrypoint.sh /
diff --git a/docker/gitea-init/entrypoint.sh b/docker/gitea-init/entrypoint.sh
index b49da7c46e..fb927af296 100755
--- a/docker/gitea-init/entrypoint.sh
+++ b/docker/gitea-init/entrypoint.sh
@@ -21,6 +21,12 @@ chown 1000:1000 /data/git
mkdir -p /data/gitea
chown 1000:1000 /data/gitea
+mkdir -p /data/gitea/ssl
+chown 1000:1000 /data/gitea/ssl
+chmod 0500 /data/gitea/ssl
+cp /secrets/gitea_tls_cert /data/gitea/ssl/cert.pem
+cp /secrets/gitea_tls_key /data/gitea/ssl/key.pem
+
# This one is used by openssh and can remain root-owned
mkdir -p /data/ssh
diff --git a/kubernetes/gitea/app.ini.j2 b/kubernetes/gitea/app.ini.j2
index 79ec762f86..990324f64c 100644
--- a/kubernetes/gitea/app.ini.j2
+++ b/kubernetes/gitea/app.ini.j2
@@ -5,8 +5,9 @@ RUN_USER = git
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
+PROTOCOL = https
HTTP_PORT = 3000
-ROOT_URL = http://38.108.68.64/
+ROOT_URL = https://38.108.68.64/
DISABLE_SSH = false
SSH_PORT = 22
LFS_CONTENT_PATH = /data/git/lfs
@@ -14,6 +15,10 @@ DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
OFFLINE_MODE = false
+CERT_FILE = /data/gitea/ssl/cert.pem
+KEY_FILE = /data/gitea/ssl/key.pem
+REDIRECT_OTHER_PORT = true
+PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
@@ -24,6 +29,9 @@ PASSWD = {{ db_password }}
SSL_MODE = disable
LOG_SQL = false
+[repository]
+ROOT = /data/git/repositories
+
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
@@ -50,7 +58,7 @@ SECRET_KEY = {{ secret_key }}
INTERNAL_TOKEN = {{ internal_token }}
[service]
-DISABLE_REGISTRATION = false
+DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
diff --git a/kubernetes/gitea/k8s/deployment.yaml b/kubernetes/gitea/k8s/deployment.yaml
index 7b0cede8b3..886c847d91 100644
--- a/kubernetes/gitea/k8s/deployment.yaml
+++ b/kubernetes/gitea/k8s/deployment.yaml
@@ -34,6 +34,7 @@ spec:
value: '2' # Increment to trigger a deployment.
ports:
- containerPort: 3000
+ - containerPort: 3080
volumeMounts:
- name: gitea-data
mountPath: /data
diff --git a/kubernetes/gitea/k8s/secret.yaml b/kubernetes/gitea/k8s/secret.yaml
index 39655f2138..c119995278 100644
--- a/kubernetes/gitea/k8s/secret.yaml
+++ b/kubernetes/gitea/k8s/secret.yaml
@@ -10,3 +10,5 @@ stringData:
lfs_jwt_secret: {{ gitea_lfs_jwt_secret }}
db_username: {{ gitea_db_username }}
db_password: {{ gitea_db_password }}
+ gitea_tls_cert: {{ gitea_tls_cert }}
+ gitea_tls_key: {{ gitea_tls_key }}
diff --git a/kubernetes/gitea/k8s/service.yaml b/kubernetes/gitea/k8s/service.yaml
index 383671cb56..3ce9f04a47 100644
--- a/kubernetes/gitea/k8s/service.yaml
+++ b/kubernetes/gitea/k8s/service.yaml
@@ -9,6 +9,10 @@ spec:
ports:
- protocol: TCP
port: 80
+ targetPort: 3080
+ name: http
+ - protocol: TCP
+ port: 443
targetPort: 3000
name: http
- protocol: TCP