github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-09 12:46:42 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Using Gitea with runner and WebAuthn #14392

New Issue
Closed
opened 2025-11-02 11:11:46 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 11:11:46 -06:00
Owner
Copy Link

Originally created by @jonastaedcke on GitHub (Apr 21, 2025).

Description

I use

  • gitea version 1.23.7,
  • runner version 0.2.11 with
  • WebAuthn activated and
  • traefik as proxy.

Both runner and WebAuthn use root_url.
Since runner should use the local url to access the Gitea instance, root_url must have the value http://gitea:3000/.
WebAuthn only works in https environments and then the value of root_url must be https://gitea.example.com/.
How can I resolve this conflict? As a workaround, I do not log in via WebAuthn.

Thank you for your very good work. I may have made a mistake or runner (local) and WebAuthn (https) cannot be used together.

Understandably, I receive this message on my gitea instance under https://gitea.example.com/:

Your ROOT_URL in app.ini is "http://gitea:3000/", it's unlikely matching the site you are visiting.
Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.

app.ini for gitea

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = gitea.example.com
SSH_DOMAIN = gitea.example.com
HTTP_PORT = 3000
ROOT_URL = http://gitea:3000/
DISABLE_SSH = false
DISABLE_HTTP_GIT = true
SSH_PORT = 43
SSH_LISTEN_PORT = 22
LFS_ALLOW_PURE_SSH = true
LFS_START_SERVER = true
LFS_JWT_SECRET = a-secret
OFFLINE_MODE = true

config.yaml for runner

log:
  level: info

runner:
  file: .runner
  capacity: 1
  envs:
    A_TEST_ENV_NAME_1: a_test_env_value_1
    A_TEST_ENV_NAME_2: a_test_env_value_2
  env_file: .env
  timeout: 3h
  shutdown_timeout: 0s
  insecure: false
  fetch_timeout: 5s
  fetch_interval: 2s
  labels:
    - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
    - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
    - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04"

cache:
  enabled: true
  dir: ""
  host: ""
  port: 0
  external_server: ""

container:
  network: "service-gitea"
  privileged: false
  options:
  workdir_parent:
  valid_volumes: []
  docker_host: ""
  force_pull: true
  force_rebuild: false

host:
  workdir_parent:

Gitea Version

1.23.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/jonastaedcke/ad84634e169df81d33667986970d9a04

Screenshots

Image

Git Version

2.47.2

Operating System

Synology NAS

How are you running Gitea?

docker-compose.yml

networks:
  traefik_proxy:
    name: traefik_proxy
    external: true
  service-gitea:
    name: service-gitea

services:
  gitea:
      image: docker.gitea.com/gitea:latest
      container_name: gitea
      environment:
        - USER_UID=${PUID}
        - USER_GID=${PGID}
        - TZ=${TZ}
        - GITEA__database__[...]
        - GITEA__mailer__[...]
        - GITEA__openid__[...]
        - GITEA__repository__[...]
        - GITEA__service__[...]
  
        - GITEA__server__ROOT_URL=http://gitea:3000/
        - GITEA__server__DOMAIN=gitea.example.com
        - GITEA__server__OFFLINE_MODE=true
        - GITEA__server__SSH_PORT=43
        - GITEA__server__SSH_LISTEN_PORT=22
        - GITEA__server__SSH_DOMAIN=gitea.example.com
      restart: always
      networks:
        - traefik_proxy
        - service-gitea
      volumes:
        - ./service-gitea/gitea/data:/data
        - /etc/localtime:/etc/localtime:ro
      depends_on:
        - gitea-postgres
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gitea.entrypoints=websecure"
        - "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
        - "traefik.http.services.gitea.loadbalancer.server.port=3000"
        - "traefik.docker.network=traefik_proxy"
  
        - "traefik.tcp.routers.gitea-ssh-router.entrypoints=ssh-gitea"
        - "traefik.tcp.routers.gitea-ssh-router.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.gitea-ssh-router.service=gitea-ssh-service"
        - "traefik.tcp.services.gitea-ssh-service.loadbalancer.server.port=22"
    gitea-postgres: [...]
    gitea-runner:
      container_name: gitea-runner
      image: docker.io/gitea/act_runner:latest
      environment:
        - CONFIG_FILE=/config.yaml
        - GITEA_INSTANCE_URL=gitea:3000
        - GITEA_RUNNER_REGISTRATION_TOKEN=my-secret
        - GITEA_RUNNER_NAME=Gitea Runner
      networks:
        - service-gitea
      depends_on:
        - gitea
      volumes:
        - ./service-gitea/gitea-runner/config.yaml:/config.yaml:ro
        - ./service-gitea/gitea-runner/data:/data
        - /var/run/docker.sock:/var/run/docker.sock

Database

PostgreSQL

Originally created by @jonastaedcke on GitHub (Apr 21, 2025). ### Description I use - gitea version `1.23.7`, - runner version `0.2.11` with - WebAuthn activated and - traefik as proxy. Both runner and WebAuthn use `root_url`. Since runner should use the local url to access the Gitea instance, `root_url` must have the value `http://gitea:3000/`. WebAuthn only works in https environments and then the value of `root_url` must be `https://gitea.example.com/`. How can I resolve this conflict? As a workaround, I do not log in via WebAuthn. Thank you for your very good work. I may have made a mistake or runner (local) and WebAuthn (https) cannot be used together. --- Understandably, I receive this message on my gitea instance under `https://gitea.example.com/`: ``` Your ROOT_URL in app.ini is "http://gitea:3000/", it's unlikely matching the site you are visiting. Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in. ``` `app.ini` for gitea ```ini [server] APP_DATA_PATH = /data/gitea DOMAIN = gitea.example.com SSH_DOMAIN = gitea.example.com HTTP_PORT = 3000 ROOT_URL = http://gitea:3000/ DISABLE_SSH = false DISABLE_HTTP_GIT = true SSH_PORT = 43 SSH_LISTEN_PORT = 22 LFS_ALLOW_PURE_SSH = true LFS_START_SERVER = true LFS_JWT_SECRET = a-secret OFFLINE_MODE = true ``` `config.yaml` for runner ```yaml log: level: info runner: file: .runner capacity: 1 envs: A_TEST_ENV_NAME_1: a_test_env_value_1 A_TEST_ENV_NAME_2: a_test_env_value_2 env_file: .env timeout: 3h shutdown_timeout: 0s insecure: false fetch_timeout: 5s fetch_interval: 2s labels: - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" cache: enabled: true dir: "" host: "" port: 0 external_server: "" container: network: "service-gitea" privileged: false options: workdir_parent: valid_volumes: [] docker_host: "" force_pull: true force_rebuild: false host: workdir_parent: ``` ### Gitea Version 1.23.7 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist https://gist.github.com/jonastaedcke/ad84634e169df81d33667986970d9a04 ### Screenshots ![Image](https://github.com/user-attachments/assets/7522d185-05e6-45ef-a69e-2bdc49907ec2) ### Git Version 2.47.2 ### Operating System Synology NAS ### How are you running Gitea? docker-compose.yml ```yml networks: traefik_proxy: name: traefik_proxy external: true service-gitea: name: service-gitea services: gitea: image: docker.gitea.com/gitea:latest container_name: gitea environment: - USER_UID=${PUID} - USER_GID=${PGID} - TZ=${TZ} - GITEA__database__[...] - GITEA__mailer__[...] - GITEA__openid__[...] - GITEA__repository__[...] - GITEA__service__[...] - GITEA__server__ROOT_URL=http://gitea:3000/ - GITEA__server__DOMAIN=gitea.example.com - GITEA__server__OFFLINE_MODE=true - GITEA__server__SSH_PORT=43 - GITEA__server__SSH_LISTEN_PORT=22 - GITEA__server__SSH_DOMAIN=gitea.example.com restart: always networks: - traefik_proxy - service-gitea volumes: - ./service-gitea/gitea/data:/data - /etc/localtime:/etc/localtime:ro depends_on: - gitea-postgres labels: - "traefik.enable=true" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)" - "traefik.http.services.gitea.loadbalancer.server.port=3000" - "traefik.docker.network=traefik_proxy" - "traefik.tcp.routers.gitea-ssh-router.entrypoints=ssh-gitea" - "traefik.tcp.routers.gitea-ssh-router.rule=HostSNI(`*`)" - "traefik.tcp.routers.gitea-ssh-router.service=gitea-ssh-service" - "traefik.tcp.services.gitea-ssh-service.loadbalancer.server.port=22" gitea-postgres: [...] gitea-runner: container_name: gitea-runner image: docker.io/gitea/act_runner:latest environment: - CONFIG_FILE=/config.yaml - GITEA_INSTANCE_URL=gitea:3000 - GITEA_RUNNER_REGISTRATION_TOKEN=my-secret - GITEA_RUNNER_NAME=Gitea Runner networks: - service-gitea depends_on: - gitea volumes: - ./service-gitea/gitea-runner/config.yaml:/config.yaml:ro - ./service-gitea/gitea-runner/data:/data - /var/run/docker.sock:/var/run/docker.sock ``` ### Database PostgreSQL
GiteaMirror added the type/bugissue/needs-feedback labels 2025-11-02 11:11:46 -06:00
GiteaMirror commented 2025-11-02 11:11:48 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Apr 21, 2025):

In short: ROOT_URL must be the website's public URL to end users.

I think it is related to https://github.com/go-gitea/gitea/issues/32554 and maybe you could refer to that workaround.

And maybe you could wait for this one in 1.24 " Make public URL generation configurable #34250 "

@wxiaoguang commented on GitHub (Apr 21, 2025): In short: ROOT_URL must be the website's public URL to end users. ---- I think it is related to https://github.com/go-gitea/gitea/issues/32554 and maybe you could refer to that workaround. And maybe you could wait for this one in 1.24 " Make public URL generation configurable #34250 "
GiteaMirror commented 2025-11-02 11:11:48 -06:00
Author
Owner
Copy Link

@jonastaedcke commented on GitHub (Apr 21, 2025):

Awesome! Thank you very much! I can wait 😴 :)
I'll give feedback with the new version

@jonastaedcke commented on GitHub (Apr 21, 2025): Awesome! Thank you very much! I can wait 😴 :) I'll give feedback with the new version
GiteaMirror commented 2025-11-02 11:11:48 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Apr 22, 2025):

That change is in main-nightly build now (which will be 1.24 soon), feel free to try:

Then set this in your "app.ini":

[server]
ROOT_URL = https://gitea.example.com/
PUBLIC_URL_DETECTION = auto
@wxiaoguang commented on GitHub (Apr 22, 2025): That change is in main-nightly build now (which will be 1.24 soon), feel free to try: * https://dl.gitea.com/gitea/main-nightly/ * https://hub.docker.com/r/gitea/gitea/tags?name=nightly Then set this in your "app.ini": ``` [server] ROOT_URL = https://gitea.example.com/ PUBLIC_URL_DETECTION = auto ```
GiteaMirror commented 2025-11-02 11:11:48 -06:00
Author
Owner
Copy Link

@jonastaedcke commented on GitHub (Apr 24, 2025):

The nightly build works great without any problems! Awesome job :)

@jonastaedcke commented on GitHub (Apr 24, 2025): The nightly build works great without any problems! Awesome job :)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14392
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?