Add how-to for enabling HTTPS (#4101)

Signed-off-by: Jonas Franz <info@jonasfranz.de>
2018-06-03 03:55:23 +02:00 · 2018-06-03 03:55:23 +02:00 · fb1daad13d
commit fb1daad13d
parent da466b0505
1 changed files with 46 additions and 0 deletions
--- a/docs/content/doc/usage/https-support.md
+++ b/docs/content/doc/usage/https-support.md
@ -0,0 +1,46 @@
+---
+date: "2018-06-02T11:00:00+02:00"
+title: "Usage: HTTPS setup"
+slug: "https-setup"
+weight: 12
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "HTTPS setup"
+    weight: 12
+    identifier: "https-setup"
+---
+
+# HTTPS setup to encrypt connections to Gitea
+
+## Using built-in server
+
+Before you enable HTTPS make sure that you have valid SSL/TLS certificates.
+You could use self-generated certificates for evaluation and testing. Please run `gitea cert --host [HOST]` to generate a self signed certificate.
+
+To use Gitea's built-in HTTPS support you must change your `app.ini` file:
+
+```ini
+[server]
+PROTOCOL=https
+ROOT_URL = `https://git.example.com:3000/`
+HTTP_PORT = 3000
+CERT_FILE = cert.pem
+KEY_FILE = key.pem
+```
+To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
+
+## Using reverse proxy
+
+Setup up your reverse proxy like shown in the [reverse proxy guide](../reverse-proxies).
+
+After that, enable HTTPS by following one of these guides:
+
+* [nginx](https//nginx.org/en/docs/http/configuring_https_servers.html)
+* [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)
+* [caddy](https://caddyserver.com/docs/tls)
+
+Note: You connection between your reverse proxy and gitea might be unencrypted. To encrypt it too follow the [built-in server guide](#using-built-in-server) and change
+the proxy url to `https://[URL]`.