faicel/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Page: 13-Forgejo-Configuration
Pages
00-Architecture-Overview 01-System-Hardware 02-Operating-System 03-SSH-Hardening 04-Docker-Installation 05-Docker-Swarm 06-Network-Architecture 07-Stacks-Deployment 08-Reverse-Proxy 09-Certbot-Lets-Encrypt 10-TURN-server 11-PostgreSQL-Configuration 12-MinIO-Configuration 13-Forgejo-Configuration 14-Mattermost-Configuration 15-Backup-and-Recovery 16-Security-Checklist Home
1 13-Forgejo-Configuration
faycel edited this page 2026-02-26 21:26:54 +00:00
Table of Contents

This page documents the Forgejo configuration used in production.

Snapshot date: 2026-02
Stack: apps
Image: codeberg.org/forgejo/forgejo:1.21
Mode: Docker Swarm

1. Purpose

Forgejo provides:

  • Self-hosted Git repositories
  • SSH access for Git operations
  • Web interface for repository management
  • CI/CD integration (future use)

Forgejo is exposed via:

  • HTTPS (via Nginx)
  • SSH on port 2222

2. Network Architecture

Forgejo is attached to:

  • internal (database access)
  • web (optional, if required by architecture)

It connects internally to:

  • PostgreSQL (data_postgres)

3. Port Exposure

Forgejo exposes:

Port Purpose
3000 Internal web UI (not public)
22 Internal SSH
2222 Published SSH port

Swarm mapping:

*:2222 -> container:22

Verify:

sudo docker service inspect apps_forgejo

4. Database Configuration

Forgejo uses PostgreSQL.

Typical configuration:

  • DB type: postgres
  • Host: data_postgres
  • Port: 5432
  • Database: forgejo
  • User: forgejo
  • Password: injected via Docker secret

Secrets are mounted under:

/run/secrets/forgejo_db_password

Using _FILE pattern is recommended when supported.

5. Persistent Storage

Forgejo data directory:

/data

This must be backed by a persistent Docker volume.

Verify:

sudo docker volume ls

Inspect:

sudo docker volume inspect <forgejo_volume>

This directory contains:

  • Repositories
  • Configuration (app.ini)
  • Attachments

Loss of this volume means total repository loss.

6. Nginx Reverse Proxy Integration

Forgejo is accessed via:

https://code.your-domain.com

Nginx forwards traffic internally to:

http://apps_forgejo:3000

Ensure:

  • Correct proxy headers
  • HTTPS enforced
  • Large client body size if needed

7. SSH Access

Git SSH URL format:

ssh://git@your-domain.com:2222/organization/repository.git

Port 2222 must be open:

sudo ufw allow 2222

Verify:

sudo ss -tulpn | grep 2222

8. Initial Setup

On first run:

  • Access web UI
  • Configure database
  • Create admin account
  • Disable open registration (recommended)

9. Security Recommendations

  • Disable open registration
  • Enforce strong passwords
  • Restrict SSH access if possible
  • Backup repositories regularly
  • Protect /data volume

10. Backup Strategy

Repositories are stored under:

/data/git/repositories

Backup example:

sudo tar -czf forgejo-backup.tar.gz /var/lib/docker/volumes/<forgejo_volume>/_data

Store backups externally.

11. Verify Service

Check service:

sudo docker service ls | grep forgejo

Check logs:

sudo docker service logs apps_forgejo

Check SSH connectivity:

ssh -p 2222 git@your-domain.com
  1. Architecture Overview
  2. System Hardware
  3. Operating System
  4. SSH Hardening
  5. Docker Installation
  6. Docker Swarm Configuration
  7. Network Architecture
  8. Stacks Deployment
  9. Reverse Proxy
  10. Certbot & Let's Encrypt
  11. TURN Server (Coturn)
  12. PostgreSQL Configuration
  13. MinIO Configuration
  14. Forgejo Configuration
  15. Mattermost Configuration
  16. Backup and Recovery
  17. Security Checklist