this post was submitted on 28 Mar 2026
31 points (100.0% liked)

Selfhosted

60543 readers
338 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the link in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post. )

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I am experimenting with using forgejo instead of GitHub for my personal projects. So far I like it, however I would like to make it available to the outside world at some point.

I was wondering what kind of traps I should avoid. The following things come to mind so far:

  • Forgejo Actions seem like a massive potential security risk, however I do not intend to enable sign up for other
  • OpenID appears to be a thing for forgejo, I do not know how it works and it seems like it would allow access to my instance even with registering disabled
  • I would put the instance behind a nginx as reverse proxy, but how do you keep bot traffic to a minimum? Anubis?

I feel like there are a ton of things I have not thought of, which is why I am holding off on making anything available without a VPN so far.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] morethanevil@lemmy.fedifriends.social 1 points 3 months ago (1 children)

You can use Forgejo with OIDC or normal login behind a reverse proxy. If you want to make a repo public, you need to add this to your App.ini under the [service] section: REQUIRE_SIGNIN_VIEW = false

Example:

[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_INTERNAL_SIGNIN = false
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = true
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
REQUIRE_SIGNIN_VIEW = false

Then you can create a public repo which people can view without an account. You can change visibilty at any time

[โ€“] arschflugkoerper@feddit.org 2 points 3 months ago

Yes, this has been configured already, thanks for the suggestion.