diff --git a/docker/gitea-init/Dockerfile b/docker/gitea-init/Dockerfile
index 2534ed9ea7..a6e36e73be 100644
--- a/docker/gitea-init/Dockerfile
+++ b/docker/gitea-init/Dockerfile
@@ -12,7 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-FROM opendevorg/jinja-init
+FROM opendevorg/jinja-init as gitea-init
 
 COPY entrypoint.sh /
 
diff --git a/docker/gitea-init/entrypoint.sh b/docker/gitea-init/entrypoint.sh
index b49da7c46e..fb927af296 100755
--- a/docker/gitea-init/entrypoint.sh
+++ b/docker/gitea-init/entrypoint.sh
@@ -21,6 +21,12 @@ chown 1000:1000 /data/git
 mkdir -p /data/gitea
 chown 1000:1000 /data/gitea
 
+mkdir -p /data/gitea/ssl
+chown 1000:1000 /data/gitea/ssl
+chmod 0500 /data/gitea/ssl
+cp /secrets/gitea_tls_cert /data/gitea/ssl/cert.pem
+cp /secrets/gitea_tls_key /data/gitea/ssl/key.pem
+
 # This one is used by openssh and can remain root-owned
 mkdir -p /data/ssh
 
diff --git a/kubernetes/gitea/app.ini.j2 b/kubernetes/gitea/app.ini.j2
index 79ec762f86..990324f64c 100644
--- a/kubernetes/gitea/app.ini.j2
+++ b/kubernetes/gitea/app.ini.j2
@@ -5,8 +5,9 @@ RUN_USER = git
 [server]
 APP_DATA_PATH    = /data/gitea
 SSH_DOMAIN       = localhost
+PROTOCOL         = https
 HTTP_PORT        = 3000
-ROOT_URL         = http://38.108.68.64/
+ROOT_URL         = https://38.108.68.64/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_CONTENT_PATH = /data/git/lfs
@@ -14,6 +15,10 @@ DOMAIN           = localhost
 LFS_START_SERVER = true
 LFS_JWT_SECRET   = {{ lfs_jwt_secret }}
 OFFLINE_MODE     = false
+CERT_FILE        = /data/gitea/ssl/cert.pem
+KEY_FILE         = /data/gitea/ssl/key.pem
+REDIRECT_OTHER_PORT = true
+PORT_TO_REDIRECT = 3080
 
 [database]
 DB_TYPE  = mysql
@@ -24,6 +29,9 @@ PASSWD   = {{ db_password }}
 SSL_MODE = disable
 LOG_SQL  = false
 
+[repository]
+ROOT = /data/git/repositories
+
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
 REPO_INDEXER_ENABLED = true
@@ -50,7 +58,7 @@ SECRET_KEY     = {{ secret_key }}
 INTERNAL_TOKEN = {{ internal_token }}
 
 [service]
-DISABLE_REGISTRATION              = false
+DISABLE_REGISTRATION              = true
 REQUIRE_SIGNIN_VIEW               = false
 REGISTER_EMAIL_CONFIRM            = false
 ENABLE_NOTIFY_MAIL                = false
diff --git a/kubernetes/gitea/k8s/deployment.yaml b/kubernetes/gitea/k8s/deployment.yaml
index 7b0cede8b3..886c847d91 100644
--- a/kubernetes/gitea/k8s/deployment.yaml
+++ b/kubernetes/gitea/k8s/deployment.yaml
@@ -34,6 +34,7 @@ spec:
               value: '2'  # Increment to trigger a deployment.
           ports:
             - containerPort: 3000
+            - containerPort: 3080
           volumeMounts:
             - name: gitea-data
               mountPath: /data
diff --git a/kubernetes/gitea/k8s/secret.yaml b/kubernetes/gitea/k8s/secret.yaml
index 39655f2138..c119995278 100644
--- a/kubernetes/gitea/k8s/secret.yaml
+++ b/kubernetes/gitea/k8s/secret.yaml
@@ -10,3 +10,5 @@ stringData:
   lfs_jwt_secret: {{ gitea_lfs_jwt_secret }}
   db_username: {{ gitea_db_username }}
   db_password: {{ gitea_db_password }}
+  gitea_tls_cert: {{ gitea_tls_cert }}
+  gitea_tls_key: {{ gitea_tls_key }}
diff --git a/kubernetes/gitea/k8s/service.yaml b/kubernetes/gitea/k8s/service.yaml
index 383671cb56..3ce9f04a47 100644
--- a/kubernetes/gitea/k8s/service.yaml
+++ b/kubernetes/gitea/k8s/service.yaml
@@ -9,6 +9,10 @@ spec:
   ports:
     - protocol: TCP
       port: 80
+      targetPort: 3080
+      name: http
+    - protocol: TCP
+      port: 443
       targetPort: 3000
       name: http
     - protocol: TCP