diff --git a/handlers/main.yml b/handlers/main.yml
index cf33e55..d10821b 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -4,4 +4,14 @@
service:
name: gitea
state: restarted
+
+- name: restart_httpd
+ service:
+ name: httpd
+ state: restarted
+
+- name: restart_nginx
+ service:
+ name: nginx
+ state: restarted
...
diff --git a/tasks/gitea/install.yml b/tasks/gitea/install.yml
index 58a1d8b..1aa27aa 100644
--- a/tasks/gitea/install.yml
+++ b/tasks/gitea/install.yml
@@ -30,6 +30,36 @@
# - gitea_web_install == "caddy"
# - gitea_web_config|bool
+- name: "Install httpd"
+ dnf:
+ name: httpd
+ state: present
+ when:
+ - gitea_web_install == "httpd"
+ - gitea_web_config|bool
+
+- name: "Start and enable httpd"
+ ansible.builtin.systemd:
+ name: httpd.service
+ enabled: true
+ state: started
+ when:
+ - gitea_web_install == "httpd"
+ - gitea_web_config|bool
+
+- name: "Deploy httpd"
+ ansible.builtin.template:
+ src: etc/httpd/conf.d/gitea.conf.j2
+ dest: /etc/httpd/conf.d/gitea.conf
+ owner: root
+ group: root
+ mode: '0644'
+ when:
+ - gitea_web_install == "httpd"
+ - gitea_web_config|bool
+ notify:
+ - restart_httpd
+
# Setup CSS Themes
- name:
ansible.builtin.file:
diff --git a/templates/etc/httpd/conf.d/gitea.conf.j2 b/templates/etc/httpd/conf.d/gitea.conf.j2
new file mode 100644
index 0000000..e966ee8
--- /dev/null
+++ b/templates/etc/httpd/conf.d/gitea.conf.j2
@@ -0,0 +1,30 @@
+
+ ServerName {{ gitea_basename }}
+ ServerAlias {{ gitea_basename }}
+ ProxyPreserveHost On
+ ProxyRequests Off
+ AllowEncodedSlashes NoDecode
+ ProxyPass / http://localhost:3000/ nocanon
+ ProxyPassReverse / http://localhost:3000/ nocanon
+ ServerAdmin {{ gitea_server_admin }}
+
+
+
+ Protocols h2 http/1.1
+ SSLEngine On
+ ServerName {{ gitea_basename }}
+ ServerAlias {{ gitea_basename }}
+ ProxyPreserveHost On
+ ProxyRequests Off
+ AllowEncodedSlashes NoDecode
+ ProxyPass / http://localhost:3000/ nocanon
+ ProxyPassReverse / http://localhost:3000/ nocanon
+
+ SSLEngine on
+ SSLHonorCipherOrder on
+ SSLCipherSuite PROFILE=SYSTEM
+ SSLProxyCipherSuite PROFILE=SYSTEM
+ SSLCertificateFile /etc/pki/tls/certs/{{ gitea_basename }}.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/{{ gitea_basename }}.key
+ ServerAdmin {{ gitea_server_admin }}
+
diff --git a/vars/common.yml b/vars/common.yml
index bf6c2ef..8dcc4de 100644
--- a/vars/common.yml
+++ b/vars/common.yml
@@ -7,6 +7,9 @@ gitea_web_config_certs_external: "false"
gitea_themes: "auto,gitea,arc-green,gitea-blue,gitea-modern,carbonred,darkred,pitchblack"
gitea_basename: "git.resf.org"
gitea_automation_user: "rockyautomation"
+gitea_raise_memlock_nofile_limits: "true"
+gitea_net_cap: "true"
+gitea_server_admin: "infrastructure@rockylinux.org"
# Certs issued by FreeIPA Only
ipa_getcert_requested_hostnames: