github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Using port redirection inside Docker result in permission denied #2008

New Issue
Closed
opened 2025-11-02 04:21:02 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-02 04:21:02 -06:00
Owner
Copy Link

Originally created by @rkt2spc on GitHub (Jul 4, 2018).

  • Gitea version (or commit ref): 1.4.2
  • Git version: 2.15.2
  • Operating system: Ubuntu 16.04
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes
    • No
    • Not relevant
  • Log gist:

Description

Using port redirection inside Docker result in permission denied

Screenshots

image

Temporary solution

Specify PORT_TO_REDIRECT to something other than 80. Adjust docker ports mapping to it

Originally created by @rkt2spc on GitHub (Jul 4, 2018). <!-- 1. Please speak English, this is the language all of us can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.4.2 - Git version: 2.15.2 - Operating system: Ubuntu 16.04 - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes - [ ] No - [ ] Not relevant - Log gist: ## Description Using port redirection inside Docker result in permission denied ## Screenshots ![image](https://user-images.githubusercontent.com/17026876/42293162-4ef7d0ae-8002-11e8-983b-5ec0d2ab9586.png) ## Temporary solution Specify *PORT_TO_REDIRECT* to something other than 80. Adjust docker ports mapping to it
GiteaMirror added the type/question label 2025-11-02 04:21:02 -06:00
GiteaMirror commented 2025-11-02 04:21:03 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jul 4, 2018):

As Gitea doesn't run as root it doesn't have permissions to utilize port 80. Can you try setting PORT_TO_REDIRECT option to something over 1024, then in your docker run command or docker-compose map the port that is over 1024 to part 80, ex. -p 1080:80

@techknowlogick commented on GitHub (Jul 4, 2018): As Gitea doesn't run as root it doesn't have permissions to utilize port 80. Can you try setting `PORT_TO_REDIRECT` option to something over 1024, then in your docker run command or docker-compose map the port that is over 1024 to part 80, ex. `-p 1080:80`
GiteaMirror commented 2025-11-02 04:21:03 -06:00
Author
Owner
Copy Link

@rkt2spc commented on GitHub (Jul 5, 2018):

Not really an error, but it can be fixed https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

@rkt2spc commented on GitHub (Jul 5, 2018): Not really an error, but it can be fixed https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443
GiteaMirror commented 2025-11-02 04:21:03 -06:00
Author
Owner
Copy Link

@rkt2spc commented on GitHub (Jul 5, 2018):

I'll look into the Dockerfile when I have time if you think you want this fix

@rkt2spc commented on GitHub (Jul 5, 2018): I'll look into the Dockerfile when I have time if you think you want this fix
GiteaMirror commented 2025-11-02 04:21:03 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jul 5, 2018):

@rocketspacer thank you for that offer. It is an intentional option to not provide the binary that option. We've documented that here: https://docs.gitea.io/en-us/command-line/

@techknowlogick commented on GitHub (Jul 5, 2018): @rocketspacer thank you for that offer. It is an intentional option to not provide the binary that option. We've documented that here: https://docs.gitea.io/en-us/command-line/
GiteaMirror commented 2025-11-02 04:21:04 -06:00
Author
Owner
Copy Link

@jbltx commented on GitHub (Feb 24, 2019):

Is there any solution for this?

Changing PORT_TO_REDIRECT in my docker-compose file didn't help, Gitea is unable to bind port 80 in the container. In my setup, I only use inner ports and the load-balancer/reverse-proxy (Traefik) handles external connections. One of my other container, Drone, uses ports 80 and 443 internally without any issues.

I can't bind it to the external port 80 since it's already used by Traefik. I need to use port 80 because of Drone builds which try to fetch data on Gitea server using this port.
What are the solutions ? Thank you.

@jbltx commented on GitHub (Feb 24, 2019): Is there any solution for this? Changing `PORT_TO_REDIRECT` in my docker-compose file didn't help, Gitea is unable to bind port 80 in the container. In my setup, I only use inner ports and the load-balancer/reverse-proxy (Traefik) handles external connections. One of my other container, [Drone](https://hub.docker.com/r/drone/drone/), uses ports 80 and 443 internally without any issues. I can't bind it to the external port 80 since it's already used by Traefik. I need to use port 80 because of Drone builds which try to fetch data on Gitea server using this port. What are the solutions ? Thank you.
GiteaMirror commented 2025-11-02 04:21:04 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Feb 24, 2019):

Gitea doesn’t run as root, as such it is unable to bind to ports below 1024. Traefik is able to handle accepting traffic on port 80 and passing it to whichever port gitea is using.

@techknowlogick commented on GitHub (Feb 24, 2019): Gitea doesn’t run as root, as such it is unable to bind to ports below 1024. Traefik is able to handle accepting traffic on port 80 and passing it to whichever port gitea is using.
GiteaMirror commented 2025-11-02 04:21:04 -06:00
Author
Owner
Copy Link

@jbltx commented on GitHub (Feb 24, 2019):

I know Traefik can handle that, the issue is not there as it works fine.

Maybe i missed something with GItea configuration :

HTTP_PORT        = 3000
ROOT_URL         = http://git.my-domain/
DOMAIN           = localhost

My domain is localhost internally, but outside i reach Gitea using http://git.my-domain/
This custom domain is reachable because on my client machine i added the domain in /etc/hosts to be redirect to my virtual machine running Docker.

Now when Gitea triggers Webhooks, it sends git_clone_url with a value like "http://git.my-domain/user/repo.git".

Now it's an other container which handles the request and has to access git server. Internally it will fail because it doesn't know where to be redirected using git.my-domain.

My workaround was to aliases the domain in the docker-compose's network :

services:
  gitea:
    networks:
      traefik:
        aliases:
          - git.my-domain
    expose:
      - "3000"

This was half the solution, since aliases works for hostnames, not ports. So finally my CI server tries to reach Gitea on port 80 instead of 3000.

I hope to find a solution without the need to manage a custon DNS server in my local network.

@jbltx commented on GitHub (Feb 24, 2019): I know Traefik can handle that, the issue is not there as it works fine. Maybe i missed something with GItea configuration : ``` HTTP_PORT = 3000 ROOT_URL = http://git.my-domain/ DOMAIN = localhost ``` My domain is `localhost` internally, but outside i reach Gitea using `http://git.my-domain/` This custom domain is reachable because on my client machine i added the domain in `/etc/hosts` to be redirect to my virtual machine running Docker. Now when Gitea triggers Webhooks, it sends `git_clone_url` with a value like `"http://git.my-domain/user/repo.git"`. Now it's an other container which handles the request and has to access git server. Internally it will fail because it doesn't know where to be redirected using `git.my-domain`. My workaround was to aliases the domain in the docker-compose's network : ``` services: gitea: networks: traefik: aliases: - git.my-domain expose: - "3000" ``` This was half the solution, since aliases works for hostnames, not ports. So finally my CI server tries to reach Gitea on port 80 instead of 3000. I hope to find a solution without the need to manage a custon DNS server in my local network.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#2008
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?