changes

Dockerfile

@@ -1,11 +0,0 @@
-FROM gitea/gitea:latest
-
-# Add Tailscale Alpine repository
-RUN echo 'https://pkgs.tailscale.com/stable/alpine/v3.19/main' >> /etc/apk/repositories \
-    && apk add --no-cache tailscale
-
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-CMD ["gitea"]

docker-compose.gitea.yml

@@ -6,21 +6,32 @@ services:
     hostname: tailscale-gitea
     environment:
       - TS_AUTHKEY=tskey-auth-kNm64Dbcts11CNTRL-4eLQjm2pQYCLdy285gNaYCFDF1KTjP71
-        # - TS_EXTRA_ARGS=--advertise-tags=tag:container
       - TS_STATE_DIR=/var/lib/tailscale
       - TS_USERSPACE=false
     volumes:
-      - ./tailscale-nginx/state:/var/lib/tailscale
+      - tailscale-state:/var/lib/tailscale
     devices:
       - /dev/net/tun:/dev/net/tun
     cap_add:
       - net_admin
       - net_raw
     restart: unless-stopped
+
+  nginx:
+    image: nginx:latest
+    depends_on:
+      - tailscale
+    network_mode: service:tailscale
+    restart: unless-stopped
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    expose:
+      - "80"
+
   gitea:
     image: gitea/gitea:latest
     depends_on:
-    - tailscale
+      - tailscale
     network_mode: service:tailscale
     container_name: gitea
     restart: unless-stopped

entrypoint.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-set -e
-
-# Start tailscaled in background
-tailscaled &
-
-# Wait for tailscaled to be ready
-until tailscale status >/dev/null 2>&1; do
-    sleep 0.5
-done
-
-# Authenticate with Tailscale
-tailscale up --authkey="${TAILSCALE_AUTHKEY}" --hostname="${TAILSCALE_HOSTNAME:-gitea}"
-
-echo "Tailscale connected: $(tailscale status --json | grep -o '"Hostname":"[^"]*"' | head -1 | cut -d'"' -f4)"
-
-# Run Gitea
-exec docker/entrypoint.sh "$@"

nginx.conf

@@ -6,41 +6,23 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    # Gitea subfolder - completely transparent to Gitea
     server {
         listen 80;
-        server_name localhost;
+        server_name _;
 
         client_max_body_size 20M;
 
-        location /gitea/ {
+        location / {
-            # Strip /gitea prefix when forwarding to Gitea
+            proxy_pass http://gitea:3000;
-            rewrite ^/gitea/(.*) /$1 break;
-            proxy_pass http://gitea:3000/;
-
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix /gitea;
 
-            # Rewrite Location headers (redirects)
-            proxy_redirect ~^(http|https)://([^/]+):3000(/.*)$ $1://$host/gitea$3;
-
-            # Rewrite URLs in response body (HTML, JSON, etc.)
-            sub_filter_once off;
-            sub_filter_types text/html application/json;
-            sub_filter 'http://gitea:3000' 'http://$host/gitea';
-            sub_filter 'http://raspberrypi:3000' 'http://$host/gitea';
-            sub_filter 'https://gitea:3000' 'http://$host/gitea';
-            sub_filter 'https://raspberrypi:3000' 'http://$host/gitea';
-
-            # WebSocket support
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
 
-            # Timeouts
             proxy_connect_timeout 60s;
             proxy_send_timeout 60s;
             proxy_read_timeout 60s;