A webserver similar to Github Pages using Gitea's API.
Go to file
2024-01-01 20:05:20 +01:00
cmd/rio feat: Only request certificates for existing users and orgs 2024-01-01 20:05:20 +01:00
internal feat: Only request certificates for existing users and orgs 2024-01-01 20:05:20 +01:00
.gitignore feat: Potentially handle renewing certificates 2024-01-01 14:47:13 +01:00
go.mod chore: Reduce go requirements 2024-01-01 15:43:23 +01:00
go.sum chore: Reduce go requirements 2024-01-01 15:43:23 +01:00
LICENSE Add some files 2023-12-31 23:13:06 +01:00
README.md chore: Add documentation 2024-01-01 16:28:54 +01:00

rio

A webserver similat to Github Pages using the Gitea API. Supports running in HTTP-only mode and running in HTTPS mode with automatic certificates using ACME HTTP01 challenges.

Setup

DNS

Assuming your pages domain is pages.example.org, you should add a wildcard DNS record (if your provider supports it) to allow clients to resolve any *.pages.example.org record:

; Example for an authoritative Bind nameserver
*.pages		3600	IN	A       <IPv4>
*.pages		3600	IN	AAAA	<IPv6>

If you have setup a CAA record to lock ACME certificates to a certain CA, make sure you allow certificates using the HTTP01 challenge type from the ACME CA configured in rio.

rio

To run rio, you can use environment variables or commandline flags. To see them, run rio --help or look at the main file.

If you run with --acme-disable (or ACME_DISABLE=1), then rio will not set up an HTTPS server and run with HTTP only on the configured host and port. In this configuration, only --gitea-url (GITEA_URL) and --pages-domain (PAEGS_DOMAIN) are required.

If you run without --acme-disable (default), then rio will set up a HTTPS server to listen on the configured host and port. Additionally, a HTTP-only server will be set up listening to ${ACME_HOST}:${ACME_PORT}, responsible for HTTP01 ACME challenges. In this mode, --acme-email (ACME_EMAIL; The email to use to register an ACME account), --acme-file (ACME_FILE; Path to the file where ACME account data is stored), --certs-file (CERTS_FILE; Path to the file where certificates are stored in) are additionally required. --acme-server (ACME_SERVER) should also be set to your ACME CA's directory URL as this option defaults to the Let's Encrypt Staging Environment. Note that using this optional implies that you accept your configured ACME CA's Terms of Service.

You can also run with --debug (DEBUG_ENABLE=1) to enable debug logging.

Usage

Plain Domains

When a user tries to access <user>.pages.example.org/some-repo/files.html, rio will first see if the repository some-repo exists for the user <user> on the configured Gitea server. If it does, then rio will try to proxy the file files.html from the repository <user>/some-repo. If that repository does not exist, then rio will try the repository <user>/<user>.pages.example.org next and look for the file some-repo/files.html.

Note that the files MUST reside in the repository's pages branch. Otherwise, rio will not find the files.

CNAME Domains

If you don't want to use <user>.pages.example.org and instead prefer to use your own domain (cooldomain.rio), you can add a CNAME record on your domain, redirecting to the pages domain:

; Example for Bind
cooldomain.rio.     3600    IN  CNAME   <user>.pages.example.org

This additionally requires your repository to have a file named CNAME that contains the domain to use (cooldomain.rio in this case).

Repository Redirects

If you have multiple repositories with pages (and you use a CNAME), you can additionally add a TXT record to tell rio what repository to look for. For example, the following TXT record will tell rio to use the repository example-repository whenever example-repository.rio is accessed:

; Example for Bind
_rio-pages.example-repository.rio.  3600    IN  TXT "repo=example-repository"

For this to work, it is important that the record's value starts with repo=.

License

See LICENSE.