github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Unix socket: cannot pull/push over SSH #1664

New Issue
Closed
opened 2025-11-02 04:08:52 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2025-11-02 04:08:52 -06:00
Owner
Copy Link

Originally created by @sloonz on GitHub (Mar 29, 2018).

  • Gitea version (or commit ref): 1.4.0
  • Git version: 2.16.3
  • Go version: 1.10
  • Operating system: ArchLinux
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant

Description

With the following configuration (actual domain redacted by example.com) in the [server] section:

PROTOCOL                   = unix
HTTP_ADDR                  = /run/nginx/gitea.sock
DOMAIN                     = git.example.com
ROOT_URL                   = https://git.example.com/
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/

Trying to perform a git pull/push via SSH results in an error :

UpdatePublicKey: Post unix:///run/nginx/gitea.sockapi/internal/ssh/1/update: unsupported protocol scheme "unix"

Looks like a regression over https://github.com/go-gitea/gitea/issues/2232, which has been fixed months ago. Adding some good old Printf traces in the code, I can see that req.SetTransport is called in newInternalRequest, but the Dial function that is set up there is never called ; the error is encountered before then. Changing LOCAL_ROOT_URL to http://%(DOMAIN)s/ fixes the issue : both the req.SetTransport and Dial functions are called, and the request is performed on the unix socket (no log in the reverse proxy that’s listening on https://git.example.com/, and adding deny all on the reverse proxy do not prevent SSH pull/push), but that does not looks like to be the intended behavior.

Originally created by @sloonz on GitHub (Mar 29, 2018). - Gitea version (or commit ref): 1.4.0 - Git version: 2.16.3 - Go version: 1.10 - Operating system: ArchLinux - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant ## Description With the following configuration (actual domain redacted by example.com) in the `[server]` section: ``` PROTOCOL = unix HTTP_ADDR = /run/nginx/gitea.sock DOMAIN = git.example.com ROOT_URL = https://git.example.com/ LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ ``` Trying to perform a git pull/push via SSH results in an error : ``` UpdatePublicKey: Post unix:///run/nginx/gitea.sockapi/internal/ssh/1/update: unsupported protocol scheme "unix" ``` Looks like a regression over https://github.com/go-gitea/gitea/issues/2232, which has been fixed months ago. Adding some good old `Printf` traces in the code, I can see that `req.SetTransport` is called in `newInternalRequest`, but the `Dial` function that is set up there is never called ; the error is encountered before then. Changing `LOCAL_ROOT_URL` to `http://%(DOMAIN)s/` fixes the issue : both the `req.SetTransport` and `Dial` functions are called, and the request is performed on the unix socket (no log in the reverse proxy that’s listening on https://git.example.com/, and adding `deny all` on the reverse proxy do not prevent SSH pull/push), but that does not looks like to be the intended behavior.
GiteaMirror added the type/question label 2025-11-02 04:08:52 -06:00
GiteaMirror commented 2025-11-02 04:08:52 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Mar 29, 2018):

When using unix sockets you should not set LOCAL_ROOT_URL in app.ini or need to set it to http://unix/

@lafriks commented on GitHub (Mar 29, 2018): When using unix sockets you should not set `LOCAL_ROOT_URL` in app.ini or need to set it to `http://unix/`
GiteaMirror commented 2025-11-02 04:08:52 -06:00
Author
Owner
Copy Link

@sloonz commented on GitHub (Mar 30, 2018):

It works fine that way, but that is not what I understand from app.ini.sample:

; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node.
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/

@sloonz commented on GitHub (Mar 30, 2018): It works fine that way, but that is not what I understand from `app.ini.sample`: > ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. > ; In most cases you do not need to change the default value. > ; Alter it only if your SSH server node is not the same as HTTP node. > LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
GiteaMirror commented 2025-11-02 04:08:53 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Mar 30, 2018):

Yes this description is correct only if using http protocol for gitea listener, description needs to be updated if using other protocols

@lafriks commented on GitHub (Mar 30, 2018): Yes this description is correct only if using http protocol for gitea listener, description needs to be updated if using other protocols
GiteaMirror commented 2025-11-02 04:08:53 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (May 16, 2018):

When using unix sockets you should not set LOCAL_ROOT_URL in app.ini or need to set it to http://unix/

Couldn't this be done automatically when listening on a unix socket?

@silverwind commented on GitHub (May 16, 2018): > When using unix sockets you should not set LOCAL_ROOT_URL in app.ini or need to set it to http://unix/ Couldn't this be done automatically when listening on a unix socket?
GiteaMirror commented 2025-11-02 04:08:53 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (May 16, 2018):

It is if you have not set LOCAL_ROOT_URL to something in app.ini

@lafriks commented on GitHub (May 16, 2018): It is if you have not set `LOCAL_ROOT_URL` to something in app.ini
GiteaMirror commented 2025-11-02 04:08:53 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (May 16, 2018):

What I meant is that we could ignore LOCAL_ROOT_URL when PROTOCOL == 'unix', or am I missing something?

@silverwind commented on GitHub (May 16, 2018): What I meant is that we could ignore `LOCAL_ROOT_URL` when `PROTOCOL == 'unix'`, or am I missing something?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1664
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?