I was finally able to get forgejo (port 3000) (specific port) redirect to https with let's encrypt ssl.
I created a normal subdomain at normal 80/443 ports with LE SSL generated.
Then in the forgejo app.ini (/etc/forgejo/app.in) file, added this under [server]
[server]
ENABLE_ACME = enable
HTTPS_PORT = 3000 ssl
ROOT_URL = https://git.domain.tld
Then under nginx.conf ($HESTIADATA\conf\web\git.domain.tld\nginx.conf) I added
location / {
client_max_body_size 4096M;
proxy_pass http://localhost:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Then under apache2.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.conf) I added
ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon
Then under apache2.ssl.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.ssl.conf) I added
< VirtualHost git.domain.tld:8443 https >
ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon
I also enabled the following to ensure the proxy works:
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_balancer
a2enmod proxy_wstunnel
systemctl restart apache2
systemctl restart nginx
systemctl start forgejo.service
I got the help from these:
APache SSL Long Record Error || Let's Encrypt SSL Certificate || Gitea Reverse Proxy - Apache HTTPD || Gitea Reverse Proxy - General Conf || Gitea Reverse Proxy - NGINX || HestiaCP Post || Reddit Post