How to properly setup HTTPS for gogs?

#1

gogs 0.11.91
Server version: Apache/2.4.6 (CentOS)

I was able to successfully setup https, but with port :3000 at the end. https://utl:3000/, how can I setup gogs without including the port :3000 in the url?

app.ini

[server]

PROTOCOL = https
DOMAIN = gogsdomaincom
HTTP_PORT = 3000
ROOT_URL = https://gogsdomaincom/
DISABLE_SSH = false
SSH_PORT = 22
START_SSH_SERVER = false
OFFLINE_MODE = false
CERT_FILE = /opt/gogs/custom/conf/cert.pem
KEY_FILE = /opt/gogs/custom/conf/key.pem

gogs.domain.com.conf

ServerName gogsdomaincom ServerAlias gogsdomaincom SSLCertificateFile /etc/letsencrypt/live/gogs.domain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/gogs.domain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/gogs.domain.com/chain.pem Order allow,deny Allow from all SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://127.0.0.1:3000/ ProxyPassReverse / https://127.0.0.1:3000/

gogsdomain.conf

<VirtualHost *:80>
ServerName gogs.domain.com
ServerAlias gogs.domain.com
<Proxy *>
Order allow,deny
Allow from all

ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
#Require all granted
RewriteEngine on
RewriteCond %{SERVER_NAME} =gogs.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

#2

Hi, you have reverse proxy, I don’t see why you can’t visit Gogs instance without :3000.

#3

I still cant figure this ouw. any place that I should be looking at?

#4

HTTPS has nothing to do with the port number, if you can’t visit your site without port number, then most likely the reverse proxy you use has incorrect configuration.

#5

I am able to visit my site without the port,but if I do https://gogs.domain.com that is when I cant access the website.

#6

What do you mean by “able to visit my site without the port”?

#7

I was able to visit my url like this http://gogs.domain.com/ and I was also able to set up https but like this.

https://gogs.domain.com:3000/

but if I try to do https://gogs.domain.com/ this one wont work.

#8

Ah, OK. I think the problem is you don’t/shouldn’t set up HTTPS in Gogs, instead you do it in the reverse proxy configuration. Gogs itself still accepts normal HTTP traffic behind the reverse proxy.

#9

is it possible to do it with centos apache?

I have this on my HTTPS but keep getting send to the welcome page of apache instead of the content of gogs.

<VirtualHost *:443>

    ServerName gogs.domain.com

    ServerAlias gogs.domain.com

    SSLEngine On

    SSLProxyEngine On

SSLCertificateFile /etc/letsencrypt/live/gogs.domain.com/cert.pem

SSLCertificateKeyFile /etc/letsencrypt/live/gogs.domain.com/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateChainFile /etc/letsencrypt/live/gogs.domain.com/chain.pem

<Proxy *>
     Order allow,deny
     Allow from all
</Proxy>
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
#10

Yes, it is definitely possible, but I’m never used Apache myself, this article might be helpful: https://www.centosblog.com/configure-apache-https-reverse-proxy-centos-linux/

#11

I was able to solve it. pretty weird actually. So I tried to copy my proxy configuration to the main httpd.conf and restart apache and it works and then I remove that configuration from httpd.conf and put it back to the host.conf file and it now works.

#12

:joy: haha, I have no idea… but it’s solved!

#13

haha yeah, it’s really weird.