Sign in Subscribe

Forgejo: The fresh outlook on Software Forges

Forgejo: The fresh outlook on Software Forges
Source: Forgejo

Self‑hosting a site like GitHub or GitLab has never felt more “right” than it does now. Forgejo – the fork of Gitea that prides itself on lean code, speed, and enterprise‑ready features – is delivering a wave of improvements that make it an ideal choice for teams and solo devs alike. Below is a quick rundown of the most recent updates and the practical implications for your workflow.

1. Forgejo's history

Forgejo itself was forked from Gitea in 2022 because of the – sort of hostile – takeover of the Gitea peoject by the for-profit company Gitea Limited. The initial fork – which was carried out after the leadership of the Gitea project didn't responded to an open letter – was a so called "soft fork" but it was changed in 2024 to a "hard fork" (difference is that the project that has hard forked doesn't actively contribute to the former upstream project).

After becaming a hard fork independent from Gitea was Forgejo attacked by maintainers of Gitea over the functioning of Git when the Forgejo maintainers cherry picked commits merged into Gitea despite that the Forgejo maintainers respecting the licence of the Gitea code.

2. Security Boosts – 2FA, EXIF Stripping, and Actions Secrets

  • Global Two‑Factor Enforcement – With the new security.GLOBAL_TWO_FACTOR_REQUIREMENT setting, administrators can enforce TOTP (or other 2FA methods) for all users or just admins. This adds a solid layer of protection against credential‑stealing attacks.
  • Avatar Privacy – Forgejo now strips EXIF data from uploaded avatar images automatically. This small but important step removes the risk of leaking personally identifiable information (e.g., GPS coordinates) when sharing profile pictures. An admin can run the forgejo doctor avatar-strip-exif command to purge existing avatars of metadata.
  • Secrets Management – Secrets used in Actions are now handled by a more secure module introduced in 2024, already in use for TOTP secrets. This tightening reduces the attack surface for compromised repositories.
  • Action Logs – You can now view previous logs for retried Actions runs via a convenient dropdown, giving greater transparency into CI/CD pipelines.
    All these changes collectively tighten Forgejo’s security posture while keeping the user experience smooth.
    [3]

3. Usability Enhancements

  • Action Retry Visibility – By adding a UI element for previous action attempts, developers can diagnose failures without digging through logs.
  • Avatar Image Privacy – The aforementioned EXIF stripping not only protects privacy but also reduces storage overhead by eliminating unnecessary metadata.
  • Federation – Forgejo works on implementing the ActivityPub protocol to federate software forges with each other.

These incremental UI/UX tweaks make Forgejo a more developer‑friendly platform without adding bloat.

4. Migration Path from Gitea

If you’re moving deployments from Gitea, Forgejo provides a dedicated migration tutorial. Like Gitea Forgejo has migration tools to migrate or mirror repositories from other forges like GitHub, GitLab and co. You can even mirror your repositories from your Forgejo deployment to other forges.

5. Installing Forgejo

This pushed you to install Forgejo? Here's how you can install the software forge with Docker. Forgejo can be installed on either your own server in your Homelab or on a Virtual Private Server (e.g. from Hetzner¹)

This requires that you have already installed Docker and Docker Compose on the install system.

At first we either use the Docker Compose example from Forgejo or an boilerplate repository (for example: My own boilerplates repo). Depending on which example you have chosen can you make your own changes and you should change the password for the database.

If you want to use the existing SSH daemon on your system for Forgejo too you can follow the README for forgejo in my boilerplates repository for steps to activate SSH passthrough for Forgejo.

Why Forgejo is Worth a Second Look

  • Simplicity & Speed – Forgejo is designed to be lightweight, meaning faster startup times and lower resource footprints than heavier alternatives.
  • Self‑Hosted Control – You decide where your code lives, how it’s backed up, and who has access.
  • Active Community – The rapid release cadence and active support channels (chat, RSS feeds) mean bugs are squashed quickly.
  • Future‑Proofing – With LTS branches and regular point releases, you can stay secure without constant upgrades.

If you’re building a team’s internal repo, a hobby project, or simply want to own your code, Forgejo give you the confidence that the platform will stay secure, responsive, and feature‑rich for years to come.

Happy coding and happy self‑hosting! 💻

If you want to hear more from me you can find me in the Fediverse at @gelbphoenix@social.gelbphoenix.de (Mastodon) or @gelbphoenix@gram.social (Pixelfed). For more posts like this subscribe to my new newsletter.

¹ [Affiliate Link: Following this link gives you $20 in Hetzner Cloud Credit when registering]