github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-09 21:10:00 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

LoginGraceTime on second push #14364

New Issue
Open
opened 2025-11-02 11:10:58 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 11:10:58 -06:00
Owner
Copy Link

Originally created by @TobiZog on GitHub (Apr 11, 2025).

Description

If I pushed something to my Gitea instance, everything works fine. But the second, third, ... push will be rejected sometimes. The server shows these logs:

2025-04-11T10:22:29.612108921Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4246
2025-04-11T10:22:39.011155983Z drop connection #1 from [172.18.0.8]:52934 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:22:42.360812378Z drop connection #1 from [172.18.0.8]:52936 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:23:00.528575636Z drop connection #1 from [172.18.0.8]:52938 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:24:24.805145353Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4247
2025-04-11T10:24:32.999645959Z drop connection #1 from [172.18.0.8]:52942 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:25:48.791944890Z drop connection #1 from [172.18.0.8]:52944 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:26:20.688798443Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4249
2025-04-11T10:27:33.213804692Z drop connection #1 from [172.18.0.8]:52948 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:28:15.095043988Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4250
2025-04-11T10:29:13.283563979Z drop connection #1 from [172.18.0.8]:52952 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:30:12.126807386Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4251
2025-04-11T10:30:51.105629466Z drop connection #0 from [172.18.0.8]:52954 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:30:53.483504451Z drop connection #0 from [172.18.0.8]:52956 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:30:57.298266364Z drop connection #0 from [172.18.0.8]:52958 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime
2025-04-11T10:31:05.665168030Z drop connection #0 from [172.18.0.8]:52960 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime

Sometimes it helps to close the bash and reopens it. Sometimes it helps to wait for a couple of minutes until the next push. Always a system restart helps. But only for one push. The next pushes shows the same result.

Git-Log on client:

2025-04-11 12:37:10.438 [info] > git push origin main:main [94ms]
2025-04-11 12:37:10.438 [info] Connection closed by 161.xxx.xxx.xxx port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Gitea Version

1.23.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.47.2

Operating System

Ubuntu 22.04.3 LTS

How are you running Gitea?

Running Gitea on my self hosted V-Server. OS is Ubuntu 22.04.3 LTS with kernel 5.15.0-25-generic. I'm using traefik as reverse proxy. My docker-compose file:

version: "3"

services:
  server:
    image: gitea/gitea:latest
    container_name: gitea-app
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - default
      - proxy
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.entrypoints=https"
      - "traefik.http.routers.gitea.rule=Host(`gitea.${TLD}`)"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=http"
      - "traefik.http.routers.gitea.middlewares=default@file"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=proxy"
      
      # SSH
      - "traefik.tcp.routers.gitea-ssh.entrypoints=git-ssh"
      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh"
      - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22"

  maria-db:
    image: mariadb
    container_name: gitea-db
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ${POSTGRES_PASSWD}
      MYSQL_USER: gitea
      MYSQL_DATABASE: gitea
      MYSQL_PASSWORD: ${POSTGRES_PASSWD}
    volumes:
      - mariadb-data:/var/lib/mysql
    expose:
      - 8080

networks:
  gitea:
    external: false
  proxy:
    external: true

volumes:
  gitea-data:
    name: gitea-data
  mariadb-data:
    name: gitea-database

Database

MySQL/MariaDB

Originally created by @TobiZog on GitHub (Apr 11, 2025). ### Description If I pushed something to my Gitea instance, everything works fine. But the second, third, ... push will be rejected sometimes. The server shows these logs: ```bash 2025-04-11T10:22:29.612108921Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4246 2025-04-11T10:22:39.011155983Z drop connection #1 from [172.18.0.8]:52934 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:22:42.360812378Z drop connection #1 from [172.18.0.8]:52936 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:23:00.528575636Z drop connection #1 from [172.18.0.8]:52938 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:24:24.805145353Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4247 2025-04-11T10:24:32.999645959Z drop connection #1 from [172.18.0.8]:52942 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:25:48.791944890Z drop connection #1 from [172.18.0.8]:52944 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:26:20.688798443Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4249 2025-04-11T10:27:33.213804692Z drop connection #1 from [172.18.0.8]:52948 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:28:15.095043988Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4250 2025-04-11T10:29:13.283563979Z drop connection #1 from [172.18.0.8]:52952 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:30:12.126807386Z Timeout before authentication for connection from 172.18.0.8 to 172.18.0.4, pid = 4251 2025-04-11T10:30:51.105629466Z drop connection #0 from [172.18.0.8]:52954 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:30:53.483504451Z drop connection #0 from [172.18.0.8]:52956 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:30:57.298266364Z drop connection #0 from [172.18.0.8]:52958 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime 2025-04-11T10:31:05.665168030Z drop connection #0 from [172.18.0.8]:52960 on [172.18.0.4]:22 penalty: exceeded LoginGraceTime ``` Sometimes it helps to close the bash and reopens it. Sometimes it helps to wait for a couple of minutes until the next push. Always a system restart helps. But only for one push. The next pushes shows the same result. Git-Log on client: ```bash 2025-04-11 12:37:10.438 [info] > git push origin main:main [94ms] 2025-04-11 12:37:10.438 [info] Connection closed by 161.xxx.xxx.xxx port 22 fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. ``` ### Gitea Version 1.23.7 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version 2.47.2 ### Operating System Ubuntu 22.04.3 LTS ### How are you running Gitea? Running Gitea on my self hosted V-Server. OS is Ubuntu 22.04.3 LTS with kernel 5.15.0-25-generic. I'm using traefik as reverse proxy. My docker-compose file: ```yml version: "3" services: server: image: gitea/gitea:latest container_name: gitea-app environment: - USER_UID=1000 - USER_GID=1000 restart: always networks: - default - proxy volumes: - gitea-data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: # Frontend - "traefik.enable=true" - "traefik.http.routers.gitea.entrypoints=https" - "traefik.http.routers.gitea.rule=Host(`gitea.${TLD}`)" - "traefik.http.routers.gitea.tls=true" - "traefik.http.routers.gitea.tls.certresolver=http" - "traefik.http.routers.gitea.middlewares=default@file" - "traefik.http.routers.gitea.service=gitea" - "traefik.http.services.gitea.loadbalancer.server.port=3000" - "traefik.docker.network=proxy" # SSH - "traefik.tcp.routers.gitea-ssh.entrypoints=git-ssh" - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh" - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22" maria-db: image: mariadb container_name: gitea-db restart: always environment: MYSQL_ROOT_PASSWORD: ${POSTGRES_PASSWD} MYSQL_USER: gitea MYSQL_DATABASE: gitea MYSQL_PASSWORD: ${POSTGRES_PASSWD} volumes: - mariadb-data:/var/lib/mysql expose: - 8080 networks: gitea: external: false proxy: external: true volumes: gitea-data: name: gitea-data mariadb-data: name: gitea-database ``` ### Database MySQL/MariaDB
GiteaMirror added the issue/workaroundissue/not-a-bug labels 2025-11-02 11:10:58 -06:00
GiteaMirror commented 2025-11-02 11:10:58 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Apr 11, 2025):

Looks like a configuration problem.

@lunny commented on GitHub (Apr 11, 2025): Looks like a configuration problem.
GiteaMirror commented 2025-11-02 11:10:59 -06:00
Author
Owner
Copy Link

@TobiZog commented on GitHub (Apr 12, 2025):

But what kind of error? What should I try? Or do you need more information?

@TobiZog commented on GitHub (Apr 12, 2025): But what kind of error? What should I try? Or do you need more information?
GiteaMirror commented 2025-11-02 11:10:59 -06:00
Author
Owner
Copy Link

@cmellwig commented on GitHub (May 10, 2025):

@TobiZog I've been running into this as well since a recent update (forgejo 11, don't know the gitea version that relates to). I have a similar traefik and docker setup for it.

Found this PR on forgejo k8s-cluster which I carried over and it solved the issue for me.

For your traefik setup you can bind mount a file like /etc/ssh/sshd_config.d/penalties.conf with the content:

LoginGraceTime 0
PerSourcePenalties no

into the sshd config by adding the include folder (or a single include) via the SSH_INCLUDE_FILE env.

In compose yaml define the folder/config that should be included

    environment:
      - SSH_INCLUDE_FILE=/etc/ssh/sshd_config.d/*.conf
@cmellwig commented on GitHub (May 10, 2025): @TobiZog I've been running into this as well since a recent update (forgejo 11, don't know the gitea version that relates to). I have a similar traefik and docker setup for it. Found this PR on forgejo [k8s-cluster](https://code.forgejo.org/infrastructure/k8s-cluster/pulls/413/files) which I carried over and it solved the issue for me. For your traefik setup you can bind mount a file like `/etc/ssh/sshd_config.d/penalties.conf` with the content: ``` LoginGraceTime 0 PerSourcePenalties no ``` into the sshd config by adding the include folder (or a single include) via the SSH_INCLUDE_FILE env. In compose yaml define the folder/config that should be included ``` yaml environment: - SSH_INCLUDE_FILE=/etc/ssh/sshd_config.d/*.conf ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/not-a-bug issue/workaround
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14364
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?