about summary refs log tree commit diff
path: root/doc/forge.skb
diff options
context:
space:
mode:
Diffstat (limited to 'doc/forge.skb')
-rw-r--r--doc/forge.skb33
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/forge.skb b/doc/forge.skb
index 8d59bef..e772b34 100644
--- a/doc/forge.skb
+++ b/doc/forge.skb
@@ -187,6 +187,39 @@ per your needs. The overall configuration used in this tutorial is
 repeated below for your reference.])
     (prog (source :language scheme
                   :file "doc/snippets/tutorial.scm")))
+  (chapter :title [How To]
+           :ident "chapter-how-to"
+    (section :title [How to set up cgit]
+             :ident "section-how-to-set-up-cgit"
+      (p [guix-forge comes with an end-to-end cgit solution that not
+only sets up cgit itself but also an nginx server complete with
+automatically renewed TLS certificates.])
+      (p [The cgit service uses the forge-nginx service as its web
+server. The forge-nginx service in turn uses the ACME service to fetch
+and renew TLS certificates. Here's a minimal working configuration.])
+      (prog (source :language scheme
+                    :file "doc/snippets/how-to-set-up-cgit.scm")
+            :line #f)
+      (p [The cgit service configuration specifies the domain ,(samp
+[git.example.org]) to serve cgit on and the ,(file "/srv/git")
+repository directory containing bare git repositories to publish. The
+forge nginx service configuration specifies the ports to serve HTTP
+and HTTPS on. The ACME service configuration specifies the email
+address to register an ACME account with. The sudoers file declaration
+is required to allow the ,(samp [acme]) user to restart the nginx
+server when a certificate is renewed. The configured machine will
+start out with self-signed certificates. Run ,(samp [/usr/bin/acme
+renew]) the first time to get CA-issued certificates. Thereafter,
+certificates will auto-renew via a cron job.])
+      (p [When testing your deployment, it might help to start with
+the Let's Encrypt staging server as shown below. This will give you
+dummy certificates, but will help you avoid running afoul of Let's
+Encrypt rate limits. Once you know everything works, delete the ACME
+state directory (,(file "/var/lib/acme") by default) and run ,(samp
+[/usr/bin/acme renew]) again to get real certificates.]
+         (prog (source :language scheme
+                       :file "doc/snippets/acme-staging-url.scm")
+               :line #f))))
   (chapter :title [Services]
            :ident "chapter-services"
     (section :title [Git web viewers]
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-09-19 02:43:19 +0000