run Gitea with TLS

You need two certificates: the certificate chain to the Root CA and the certificate for gitea. I’m running an own root CA in my LAN (mostly for fun and educational purpose) and issued a cert for gitea.

Self-signed certificates can also be generated with gitea cert --host <host>.

Edit section [server] in gitea.conf:

• Change PROTOCOL from http to https.
• Change the scheme in ROOT_URL from http to https.
• CERT_FILE is the certificate chain to the Root CA.
• KEY_FILE is the certificate for gitea.

Excerpt of my gitea.conf: