Hop-State: A_06FNB6HTKZAXH2SX1G8AB0R Hop-Proposal: R_06FNB6HA40Y1E1T39G6YJHG Hop-Task: T_06FNB5TE4DHAVABVH82WBN8 Hop-Attempt: AT_06FNB5TE4FW7MD6KTFYP3EG
1.7 KiB
Production deployment
Run the Compose stack behind an HTTPS reverse proxy. Keep the Gitea HTTP port and Hop control-plane port bound to loopback; only publish Gitea's SSH port if the deployment has a DNS-only hostname that can reach it without an HTTP proxy.
Start from .env.example, replace every secret, and set at least:
GITEA_DOMAIN=git.example.com
GITEA_ROOT_URL=https://git.example.com/
GITEA_HTTP_BIND=127.0.0.1
HOP_HTTP_BIND=127.0.0.1
GITEA_SSH_BIND=127.0.0.1
GITEA_DISABLE_SSH=true
GITEA_DISABLE_REGISTRATION=true
GITEA_ACTIONS_ENABLED=false
Start the services and install the Hop-native Gitea assets:
docker compose --env-file .env up --build -d
./deploy/gitea/install-hop-native.sh
The reverse proxy should forward the public hostname to the configured
GITEA_HTTP_BIND:GITEA_HTTP_PORT, preserve the Host header, and set
X-Forwarded-Proto to https. It must also proxy /hop/ to the Hop control
plane, preserving the browser's Gitea session cookie. This lets the Prompts
view check the viewer's repository access before returning potentially
sensitive prompt text.
The control plane verifies the browser session through Gitea's protected web
settings route, then uses GITEA_API_TOKEN to resolve the server-rendered login
to Gitea's immutable user ID. Gitea's /api/v1/user endpoint is token-only and
must not be used to validate browser sessions.
For nginx, the control-plane location should precede the Gitea catch-all:
location /hop/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
}
Persistent repository and database data live in the named Compose volumes.