env-example

Caddyfile

@@ -0,0 +1,15 @@
+{
+	email {$ACME_EMAIL}
+}
+
+git.tvheggland.no {
+	rate_limit {
+		zone git_zone {
+			key {remote_host}
+			events 30
+			window 10s
+		}
+	}
+
+	reverse_proxy gitea:3000
+}

Dockerfile

@@ -0,0 +1,10 @@
+FROM caddy:2-builder AS builder
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    xcaddy build \
+    --with github.com/mholt/caddy-ratelimit
+
+FROM caddy:2
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker-compose.yaml

@@ -28,18 +28,33 @@ services:
     networks:
       - gitea_net
 
-  cloudflared:
+
-    image: cloudflare/cloudflared:latest
+  caddy:
-    container_name: cloudflared
+    build: .
+    container_name: caddy
     restart: unless-stopped
-    command: tunnel --no-autoupdate run
-    environment:
-      TUNNEL_TOKEN: "${CLOUDFLARE_TUNNEL_TOKEN}"
     depends_on:
       - gitea
+    ports:
+      - "80:80"
+      - "443:443"
+    env_file:
+      - .env
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
     networks:
       - gitea_net
 
+
+
 networks:
   gitea_net:
     driver: bridge
+
+
+
+volumes:
+  caddy_data:
+  caddy_config:

down.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+docker compose down
+sudo ufw delete allow 80/tcp
+sudo ufw delete allow 443/tcp

env.example

@@ -0,0 +1,15 @@
+USER_UID=1000
+USER_GID=1000
+
+GITEA_DOMAIN=git.example.com
+GITEA_ROOT_URL=https://git.example.com/
+GITEA_SSH_DOMAIN=git.example.com
+GITEA_SSH_PORT=22
+
+GITEA_REPOSITORY_ROOT=/git
+GITEA_DEFAULT_PRIVATE=true
+GITEA_DEFAULT_PUSH_CREATE_PRIVATE=true
+GITEA_ENABLE_PUSH_CREATE_USER=true
+GITEA_ENABLE_PUSH_CREATE_ORG=true
+
+ACME_EMAIL=you@example.com

up.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+docker compose up -d