Stage reverse proxy configuration and automated deploy script
for securing the Gitea instance with TLS. Includes:
- Nginx config with HTTPS redirect, HSTS, WebSocket support
- One-command deploy script (setup-gitea-tls.sh) that installs
Nginx + Certbot, obtains cert, patches app.ini, blocks port 3000
- app.ini hardening reference from security audit (#971)
Requires DNS A record for git.alexanderwhitestone.com -> 143.198.27.163
before running the deploy script on the server.
Fixes#989
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
e831176dec