Gitea 1.25 on Ubuntu 24.04 on Azure User Guide

Overview

Gitea is the lightweight self-hosted Git server — single Go binary (~150 MB install), sqlite default, runs comfortably on a 4 GB VM. The cloudimg image installs the latest 1.25.x release from GitHub. At first boot, gitea-firstboot.service rotates SECRET_KEY + INTERNAL_TOKEN + JWT_SECRET in /etc/gitea/app.ini, generates a per-VM cloudimg admin password, creates the user, and writes credentials to /stage/scripts/gitea-credentials.log (mode 0600 root only).

What is included:

• Gitea 1.25.5 single Go binary (/usr/local/bin/gitea)
• SQLite database at /var/lib/gitea/data/gitea.db (no separate DB to maintain)
• gitea.service running as git:git
• gitea-firstboot.service rotating secrets + creating per-VM admin user
• Web UI on TCP 3000 (HTTP); SSH for git push/pull on TCP 2222
• LFS server enabled
• GITEA_WORK_DIR=/var/lib/gitea (NOT /mnt)
• Ubuntu 24.04 LTS base, latest patches
• 24/7 cloudimg support, 24h response SLA

Prerequisites

Active Azure subscription, SSH key, VNet + subnet. Recommended VM: Standard_B2s (Gitea is famously efficient — 4 GB RAM is plenty for small teams).

Step 1: Deploy from the Azure Portal

Search Gitea 1.25, NSG: TCP 22 + 3000 + 2222 from your client networks. Front 3000 with a TLS reverse proxy in production.

Step 2: Deploy from the Azure CLI

RG="gitea-prod"; LOCATION="eastus"; VM_NAME="gitea-01"
GALLERY_IMAGE_ID="/subscriptions/<sub-id>/resourceGroups/azure-cloudimg/providers/Microsoft.Compute/galleries/cloudimgGallery/images/gitea-1-25-ubuntu-24-04/versions/<version>"
SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
az group create --name "$RG" --location "$LOCATION"
az network vnet create -g "$RG" --name git-vnet --address-prefix 10.102.0.0/16 --subnet-name git-subnet --subnet-prefix 10.102.1.0/24
az network nsg create -g "$RG" --name git-nsg
az network nsg rule create -g "$RG" --nsg-name git-nsg --name allow-ssh --priority 100 \
  --source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 22 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name git-nsg --name allow-web --priority 110 \
  --source-address-prefixes 10.102.0.0/16 --destination-port-ranges 3000 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name git-nsg --name allow-git-ssh --priority 120 \
  --source-address-prefixes 10.102.0.0/16 --destination-port-ranges 2222 --access Allow --protocol Tcp
az vm create -g "$RG" --name "$VM_NAME" --image "$GALLERY_IMAGE_ID" \
  --size Standard_B2s --storage-sku StandardSSD_LRS \
  --admin-username azureuser --ssh-key-values "$SSH_KEY" \
  --vnet-name git-vnet --subnet git-subnet --nsg git-nsg --public-ip-sku Standard

Step 3: Connect via SSH

ssh azureuser@<vm-ip>

Both gitea.service and gitea-firstboot.service run automatically.

Step 4: Verify the Service

sudo systemctl status gitea.service --no-pager
sudo test -f /var/lib/cloudimg/gitea-firstboot.done && echo FIRSTBOOT_DONE
sudo ss -tln | grep -E ':(3000|2222)'

Step 5: Retrieve the Admin Password

sudo cat /stage/scripts/gitea-credentials.log

GITEA_USER=cloudimg
GITEA_PASSWORD=<GITEA_PASSWORD>
HTTP_PORT=3000
SSH_PORT=2222
GITEA_URL=http://localhost:3000/

Step 6: Use the Gitea API

PASS=$(sudo grep '^GITEA_PASSWORD=' /stage/scripts/gitea-credentials.log | cut -d= -f2-)

curl -fsS http://localhost:3000/api/v1/version
curl -fsS -u "cloudimg:${PASS}" http://localhost:3000/api/v1/user

# Create a repo
curl -X POST -u "cloudimg:${PASS}" -H 'Content-Type: application/json' \
  -d '{"name":"hello-world","auto_init":true}' \
  http://localhost:3000/api/v1/user/repos

Step 7: Open the Web UI

open http://<vm-ip>:3000/

Sign in with cloudimg / <GITEA_PASSWORD>. The dashboard lands on your activity feed:

The Site Administration page (/-/admin) shows server stats, all users, organizations, and repos:

Step 8: Push Your First Repo

mkdir myrepo && cd myrepo
git init
echo "# myrepo" > README.md
git add README.md
git commit -m "Initial commit"
# Use HTTPS (with cloudimg / password)
git remote add origin http://<vm-ip>:3000/cloudimg/myrepo.git
git push -u origin main

# Or SSH (after adding your SSH key in Settings → SSH/GPG Keys)
git remote add origin ssh://git@<vm-ip>:2222/cloudimg/myrepo.git
git push -u origin main

Step 9: Server Components

/usr/local/bin/gitea --version

Step 10: Managing the Service

sudo systemctl restart gitea.service
sudo tail -f /var/lib/gitea/log/gitea.log
sudo -u git /usr/local/bin/gitea admin user list --config /etc/gitea/app.ini

Step 11: Security Recommendations

• Rotate cloudimg admin password in Account Settings or via gitea admin user change-password
• Restrict NSG so 3000 / 2222 only reach trusted networks
• Front Gitea with TLS at a reverse proxy for production
• Disable open registration by setting DISABLE_REGISTRATION = true in [service] section of app.ini
• Enable 2FA in Account Settings → Security
• Back up /var/lib/gitea/ to Azure Blob (the SQLite DB + custom/ + data/)
• Patch the OS monthly with apt-get update && apt-get upgrade && reboot

Step 12: Migrate from sqlite to PostgreSQL (Optional)

For larger teams, swap sqlite for an external PostgreSQL:

1. Stop Gitea: sudo systemctl stop gitea
2. sudo -u git /usr/local/bin/gitea dump --config /etc/gitea/app.ini --type zip --file /tmp/gitea-dump.zip
3. Update [database] section in /etc/gitea/app.ini (DB_TYPE=postgres + connection params)
4. sudo -u git /usr/local/bin/gitea migrate --config /etc/gitea/app.ini
5. sudo systemctl start gitea

Step 13: Support and Licensing

Gitea is MIT-licensed — no per-CPU or per-user fee. cloudimg provides commercial support separately.

• Email: support@cloudimg.co.uk
• Website: www.cloudimg.co.uk
• Support hours: 24/7, 24h response SLA

Deploy on Azure

Launch Gitea 1.25 on Ubuntu 24.04 with 24/7 support from cloudimg.

View on Marketplace

Need Help?

Our support team is available 24/7. support@cloudimg.co.uk