Boggled Mind

Check if immutable attribute is currently applied or not:

lsattr /etc/resolv.conf

Result

----i---------e------- /etc/resolv.conf

Remove it:

sudo chattr -i /etc/resolv.conf

Verify:

lsattr /etc/resolv.conf

Result

--------------e------- /etc/resolv.conf

Make changes to the resolv file for DNS nameservers:

nano /etc/resolv.conf CTRL+X (save) > Y > ENTER

Apply the attribute again:

sudo chattr +i /etc/resolv.conf

Verify:

lsattr /etc/resolv.conf

Result

----i---------e------- /etc/resolv.conf

Ubuntu Forum

CHOWN

chown -R user:mail ./* ./.[!.]*

CHMOD

-#to remove executable permissions

chmod -R 600 /path

-# to make directories transversal

chmod -R u=rwX,g=,o= /path

Above. for the user owner i'm giving capital "X", so it does apply only to directories and not files

-# all files in the current directory, recursively, including hidden files

chmod 755 -R ./* ./.[!.]*

-#all files in the current directory, not recursively, including hidden files

chmod 755 ./* ./.[!.]*

Notes: This will not change an exception filename starting with 2 dots, as example,

./..weirdfilenamehere.txt

Also, be careful not to remove the x bit, or else all your directories will not be accessible (one needs the x bit to cd into a directory).

Remember this: never use bare * but ./* instead.

To avoid problems setting permissions on directories, use find instead.

find . -type f -exec chmodVALUE{} \;

ACL (Access Control Level)

-# To apply the ACL

setfacl -Rm u::rwX,g::0,o::0 /path

-# To make the applied ACL default policy so newly created files will inherit the desired permissions.

setfacl -Rm d:u::rwX,g::0,o::0 /path

Again using capital X so it applies only to directories and not files.

CHOWN - Stackoverflow Forum || CHMOD & ACL - SuperUser Forum

I was finally able to get forgejo (port 3000) (specific port) redirect to https with let's encrypt ssl.

I created a normal subdomain at normal 80/443 ports with LE SSL generated. Then in the forgejo app.ini (/etc/forgejo/app.in) file, added this under [server]

[server] ENABLE_ACME = enable HTTPS_PORT = 3000 ssl ROOT_URL = https://git.domain.tld

Then under nginx.conf ($HESTIADATA\conf\web\git.domain.tld\nginx.conf) I added

location / {
  client_max_body_size 4096M;
  proxy_pass http://localhost:3000;
  proxy_set_header Connection $http_connection;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

Then under apache2.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.conf) I added

    ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:3000/ nocanon

Then under apache2.ssl.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.ssl.conf) I added

    < VirtualHost git.domain.tld:8443 https >

    ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:3000/ nocanon

I also enabled the following to ensure the proxy works:

    a2enmod proxy
    a2enmod proxy_http
    a2enmod proxy_balancer
    a2enmod proxy_wstunnel
    systemctl restart apache2
    systemctl restart nginx
    systemctl start forgejo.service

I got the help from these: APache SSL Long Record Error || Let's Encrypt SSL Certificate || Gitea Reverse Proxy - Apache HTTPD || Gitea Reverse Proxy - General Conf || Gitea Reverse Proxy - NGINX || HestiaCP Post || Reddit Post