mkdir ~/ssl cd ~/ssl openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out csr.pem openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem mkdir /etc/nginx/ssl cp *.pem /etc/nginx/ssl mkdir /usr/lib/gogs/custom/ssl cp *.pem /usr/lib/gogs/custom/ssl chown -R gogs:gogs /usr/lib/gogs/custom/ssl
server { listen 80; server_name gogs.myserver.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name gogs.myserver.com; ssl_certificate /etc/nginx/ssl/certificate.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AES128:EDH+AES128'; add_header Strict-Transport-Security max-age=31536000; location / { proxy_pass https://localhost:3000; } }
[server] SSH_PORT = 22 LISTEN = 127.0.0.1 DOMAIN = gogs.myserver.com HTTP_PORT = 3000 PROTOCOL = https ROOT_URL = https://gogs.myserver.com:3000/ OFFLINE_MODE = false CERT_FILE = /usr/lib/gogs/custom/ssl/certificate.pem KEY_FILE = /usr/lib/gogs/custom/ssl/key.pem