github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-09 21:10:00 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Can run from command line but not from systemd #3387

New Issue
Closed
opened 2025-11-02 05:11:16 -06:00 by GiteaMirror · 15 comments
GiteaMirror commented 2025-11-02 05:11:16 -06:00
Owner
Copy Link

Originally created by @esbennn on GitHub (May 28, 2019).

  • Gitea version (or commit ref): 1.8
  • Git version: 2.11.0
  • Operating system: Raspbian GNU/Linux 9 (stretch)
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I have gitea up and running on port 3080 on a Raspberry Pi.
I'm currently working on getting SSL working and for that I need to expose port 80, as that's required by Lets Encrypt.
I can run gitea web with my app.ini file from command line just fine, but it will not run as a daemon when a privileged port is specified. It appears gitea is not allowed to bind a socket to the port.

I have tried providing the `gitea``user permissions as detailed in this post: https://liquidat.wordpress.com/2018/01/04/howto-run-programs-as-non-root-user-on-privileged-ports-via-systemd/

Here's my app.ini:

APP_NAME = Gitea: Git with a cup of tea
RUN_USER = gitea
RUN_MODE = prod

[security]
INTERNAL_TOKEN = *****
INSTALL_LOCK   = true
SECRET_KEY     = *****

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = *****
SSL_MODE = disable
PATH     = data/gitea.db

[repository]
ROOT = /media/usb1/gitea-repositories

[server]
PROTOCOL              = https
SSH_DOMAIN            = 192.168.1.41
DOMAIN                = our.domain.dk
HTTP_PORT             = 3000
DISABLE_SSH           = false
SSH_PORT              = 22
LFS_START_SERVER      = true
LFS_CONTENT_PATH      = /home/gitea/gitea/data/lfs
LFS_JWT_SECRET        = *****
OFFLINE_MODE          = false
CERT_FILE             = /home/gitea/gitea/custom/conf/cert.pem
KEY_FILE              = /home/gitea/gitea/custom/conf/key.pem
ENABLE_LETSENCRYPT    = false
LETSENCRYPT_ACCEPTTOS = true
LETSENCRYPT_DIRECTORY = https
LETSENCRYPT_EMAIL     = example@mail.dk
REDIRECT_OTHER_PORT   = true

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = true
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.example.org

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE      = file
#LEVEL     = Info
LEVEL     = Trace
ROOT_PATH = /home/gitea/gitea/log

[oauth2]
JWT_SECRET = *****

Here's my systemd unit file:

[Unit]
Description=Gitea (Git with a cup of tea)

After=syslog.target
After=network.target

[Service]
# Modify these two values ​​and uncomment them if you have
# repos with lots of files and get to HTTP error 500 because of that
###
# LimitMEMLOCK=infinity
# LimitNOFILE=65535
RestartSec=2s
Type=simple
User=gitea
Group=git
WorkingDirectory=/home/gitea/gitea
ExecStart=/home/gitea/gitea/gitea web
#Restart=always
Restart=no
Environment=USER=gitea 
HOME=/home/gitea
NonBlocking=true

[Install]
WantedBy=multi-user.target

Here's the output when run "normally" through command line:

gitea@git:~ $ gitea/gitea web --config gitea/custom/conf/app.ini
2019/05/28 14:55:24 [T] AppPath: /home/gitea/gitea/gitea
2019/05/28 14:55:24 [T] AppWorkPath: /home/gitea/gitea
2019/05/28 14:55:24 [T] Custom path: /home/gitea/gitea/custom
2019/05/28 14:55:24 [T] Log path: /home/gitea/gitea/log
2019/05/28 14:55:24 [I] Gitea v1.8.1+9-g8d5c3d3d0 built with go1.12.5 : bindata, sqlite, sqlite_unlock_notify
2019/05/28 14:55:24 [I] Log Mode: Console(Info)
2019/05/28 14:55:24 [I] XORM Log Mode: Console(Info)
2019/05/28 14:55:24 [I] Cache Service Enabled
2019/05/28 14:55:24 [I] Session Service Enabled
2019/05/28 14:55:24 [I] SQLite3 Supported
2019/05/28 14:55:24 [I] Run Mode: Development
2019/05/28 14:55:26 [I] Listen: http://0.0.0.0:3000
2019/05/28 14:55:26 Serving [::]:3000 with pid 9428

.... And heres a tail of the log when (re)starting the service with systemd:

2019/05/28 15:10:36 [I] Log Mode: File(Trace)
2019/05/28 15:10:36 [I] XORM Log Mode: File(Trace)
2019/05/28 15:10:36 [I] Cache Service Enabled
2019/05/28 15:10:36 [I] Session Service Enabled
2019/05/28 15:10:36 [I] Beginning ORM engine initialization.
2019/05/28 15:10:36 [I] ORM engine initialization attempt #1/10...
2019/05/28 15:10:36 [I] ORM engine initialization successful!
2019/05/28 15:10:37 [I] Git Version: 2.11.0
2019/05/28 15:10:37 [T] Doing: ArchiveCleanup
2019/05/28 15:10:37 [T] Doing: CheckRepoStats
2019/05/28 15:10:37 [T] Doing: DeletedBranchesCleanup
2019/05/28 15:10:37 [I] SQLite3 Supported
2019/05/28 15:10:37 [I] Run Mode: Production
2019/05/28 15:10:39 [I] Listen: https://0.0.0.0:3000
2019/05/28 15:10:39 [I] LFS server enabled
2019/05/28 15:10:39 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000
2019/05/28 15:10:39 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor

Any ideas are much appreciated.
I guess i could just make my own startup script, but i'd really prefer running things through systemd, as that seems to be the intended use.
...

Screenshots

Originally created by @esbennn on GitHub (May 28, 2019). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.8 - Git version: 2.11.0 - Operating system: Raspbian GNU/Linux 9 (stretch) - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description I have gitea up and running on port 3080 on a Raspberry Pi. I'm currently working on getting SSL working and for that I need to expose port 80, as that's required by Lets Encrypt. I can run `gitea web` with my `app.ini` file from command line just fine, but it will not run as a daemon when a privileged port is specified. It appears gitea is not allowed to bind a socket to the port. I have tried providing the `gitea``user permissions as detailed in this post: [https://liquidat.wordpress.com/2018/01/04/howto-run-programs-as-non-root-user-on-privileged-ports-via-systemd/](https://liquidat.wordpress.com/2018/01/04/howto-run-programs-as-non-root-user-on-privileged-ports-via-systemd/) Here's my `app.ini`: ``` APP_NAME = Gitea: Git with a cup of tea RUN_USER = gitea RUN_MODE = prod [security] INTERNAL_TOKEN = ***** INSTALL_LOCK = true SECRET_KEY = ***** [database] DB_TYPE = mysql HOST = 127.0.0.1:3306 NAME = gitea USER = gitea PASSWD = ***** SSL_MODE = disable PATH = data/gitea.db [repository] ROOT = /media/usb1/gitea-repositories [server] PROTOCOL = https SSH_DOMAIN = 192.168.1.41 DOMAIN = our.domain.dk HTTP_PORT = 3000 DISABLE_SSH = false SSH_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /home/gitea/gitea/data/lfs LFS_JWT_SECRET = ***** OFFLINE_MODE = false CERT_FILE = /home/gitea/gitea/custom/conf/cert.pem KEY_FILE = /home/gitea/gitea/custom/conf/key.pem ENABLE_LETSENCRYPT = false LETSENCRYPT_ACCEPTTOS = true LETSENCRYPT_DIRECTORY = https LETSENCRYPT_EMAIL = example@mail.dk REDIRECT_OTHER_PORT = true [mailer] ENABLED = false [service] REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false DISABLE_REGISTRATION = true ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.example.org [picture] DISABLE_GRAVATAR = false ENABLE_FEDERATED_AVATAR = true [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [session] PROVIDER = file [log] MODE = file #LEVEL = Info LEVEL = Trace ROOT_PATH = /home/gitea/gitea/log [oauth2] JWT_SECRET = ***** ``` Here's my systemd unit file: ``` [Unit] Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target [Service] # Modify these two values ​​and uncomment them if you have # repos with lots of files and get to HTTP error 500 because of that ### # LimitMEMLOCK=infinity # LimitNOFILE=65535 RestartSec=2s Type=simple User=gitea Group=git WorkingDirectory=/home/gitea/gitea ExecStart=/home/gitea/gitea/gitea web #Restart=always Restart=no Environment=USER=gitea HOME=/home/gitea NonBlocking=true [Install] WantedBy=multi-user.target ``` Here's the output when run "normally" through command line: ``` gitea@git:~ $ gitea/gitea web --config gitea/custom/conf/app.ini 2019/05/28 14:55:24 [T] AppPath: /home/gitea/gitea/gitea 2019/05/28 14:55:24 [T] AppWorkPath: /home/gitea/gitea 2019/05/28 14:55:24 [T] Custom path: /home/gitea/gitea/custom 2019/05/28 14:55:24 [T] Log path: /home/gitea/gitea/log 2019/05/28 14:55:24 [I] Gitea v1.8.1+9-g8d5c3d3d0 built with go1.12.5 : bindata, sqlite, sqlite_unlock_notify 2019/05/28 14:55:24 [I] Log Mode: Console(Info) 2019/05/28 14:55:24 [I] XORM Log Mode: Console(Info) 2019/05/28 14:55:24 [I] Cache Service Enabled 2019/05/28 14:55:24 [I] Session Service Enabled 2019/05/28 14:55:24 [I] SQLite3 Supported 2019/05/28 14:55:24 [I] Run Mode: Development 2019/05/28 14:55:26 [I] Listen: http://0.0.0.0:3000 2019/05/28 14:55:26 Serving [::]:3000 with pid 9428 ``` .... And heres a tail of the log when (re)starting the service with systemd: ``` 2019/05/28 15:10:36 [I] Log Mode: File(Trace) 2019/05/28 15:10:36 [I] XORM Log Mode: File(Trace) 2019/05/28 15:10:36 [I] Cache Service Enabled 2019/05/28 15:10:36 [I] Session Service Enabled 2019/05/28 15:10:36 [I] Beginning ORM engine initialization. 2019/05/28 15:10:36 [I] ORM engine initialization attempt #1/10... 2019/05/28 15:10:36 [I] ORM engine initialization successful! 2019/05/28 15:10:37 [I] Git Version: 2.11.0 2019/05/28 15:10:37 [T] Doing: ArchiveCleanup 2019/05/28 15:10:37 [T] Doing: CheckRepoStats 2019/05/28 15:10:37 [T] Doing: DeletedBranchesCleanup 2019/05/28 15:10:37 [I] SQLite3 Supported 2019/05/28 15:10:37 [I] Run Mode: Production 2019/05/28 15:10:39 [I] Listen: https://0.0.0.0:3000 2019/05/28 15:10:39 [I] LFS server enabled 2019/05/28 15:10:39 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000 2019/05/28 15:10:39 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor ``` Any ideas are much appreciated. I guess i could just make my own startup script, but i'd really prefer running things through systemd, as that seems to be the intended use. ... ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** -->
GiteaMirror added the issue/staleissue/needs-feedback labels 2025-11-02 05:11:16 -06:00
GiteaMirror commented 2025-11-02 05:11:17 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (May 28, 2019):

The hint is here:

2019/05/28 15:10:39 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000
2019/05/28 15:10:39 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor

Not root users are not allowed to open port 80 unless actively allowed.

@zeripath commented on GitHub (May 28, 2019): The hint is here: ``` 2019/05/28 15:10:39 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000 2019/05/28 15:10:39 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor ``` Not root users are not allowed to open port 80 unless actively allowed.
GiteaMirror commented 2025-11-02 05:11:17 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (May 28, 2019):

@zeripath that's what I was thinking too. Only I don't understand why it works from command line. As you can see in the snippet above, it's run without sudo.

I've left the office for today, but I'm pretty sure it successfully redirected me when accessing on port 80.

Any idea how to make it work with redirection from port 80?

@esbennn commented on GitHub (May 28, 2019): @zeripath that's what I was thinking too. Only I don't understand why it works from command line. As you can see in the snippet above, it's run without sudo. I've left the office for today, but I'm pretty sure it successfully redirected me when accessing on port 80. Any idea how to make it work with redirection from port 80?
GiteaMirror commented 2025-11-02 05:11:17 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (May 28, 2019):

743697a549/contrib/systemd/gitea.service (L26-L30)

@zeripath commented on GitHub (May 28, 2019): https://github.com/go-gitea/gitea/blob/743697a549bda16508ab961ac79a8bc5bdca3bbd/contrib/systemd/gitea.service#L26-L30
GiteaMirror commented 2025-11-02 05:11:17 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (May 29, 2019):

743697a549/contrib/systemd/gitea.service (L26-L30)

Thanks - i actually found and added those two lines shortly after posting. It isn't working for me though.

System Requirements state that a RasPi 3 should be able to run Gitea, and that it should be run on a non-root user. Am i missing some sort of dependency to make this work?

@esbennn commented on GitHub (May 29, 2019): > https://github.com/go-gitea/gitea/blob/743697a549bda16508ab961ac79a8bc5bdca3bbd/contrib/systemd/gitea.service#L26-L30 Thanks - i actually found and added those two lines shortly after posting. It isn't working for me though. [System Requirements](https://docs.gitea.io/en-us/) state that a RasPi 3 should be able to run Gitea, and that it should be run on a non-root user. Am i missing some sort of dependency to make this work?
GiteaMirror commented 2025-11-02 05:11:18 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (May 29, 2019):

No you're not missing any dependency it's something to do with your config. As you can see it works fine when you start from the command line - your service file is incorrect or config for the service is incorrect.

I note you have:

ENABLE_LETSENCRYPT    = false

But also

REDIRECT_OTHER_PORT   = true

Just remove the letsencrypt stuff for the moment. May be it's the redirector that is killing Gitea.

@zeripath commented on GitHub (May 29, 2019): No you're not missing any dependency it's something to do with your config. As you can see it works fine when you start from the command line - your service file is incorrect or config for the service is incorrect. I note you have: ``` ENABLE_LETSENCRYPT = false ``` But also ``` REDIRECT_OTHER_PORT = true ``` Just remove the letsencrypt stuff for the moment. May be it's the redirector that is killing Gitea.
GiteaMirror commented 2025-11-02 05:11:18 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (May 29, 2019):

Thank you very much for troubleshooting with me @zeripath !
So, with the following app.ini

APP_NAME = Gitea: Git with a cup of tea
RUN_USER = gitea
RUN_MODE = prod

[security]
INTERNAL_TOKEN = *****
INSTALL_LOCK   = true
SECRET_KEY     = *****

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = *****
SSL_MODE = disable
PATH     = data/gitea.db

[repository]
ROOT = /media/usb1/gitea-repositories

[server]
PROTOCOL              = https
SSH_DOMAIN            = 192.168.1.41
# DOMAIN           = 192.168.1.41
DOMAIN                = git.pm2.dk
HTTP_PORT             = 3000
# ROOT_URL         = https://192.168.1.41:3000/
DISABLE_SSH           = false
SSH_PORT              = 22
LFS_START_SERVER      = true
LFS_CONTENT_PATH      = /home/gitea/gitea/data/lfs
LFS_JWT_SECRET        = *****
OFFLINE_MODE          = false
CERT_FILE             = /home/gitea/gitea/custom/conf/cert.pem
KEY_FILE              = /home/gitea/gitea/custom/conf/key.pem

REDIRECT_OTHER_PORT   = true

#PORT_TO_REDIRECT = 1025

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = true
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.example.org

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE      = file
#LEVEL     = Info
LEVEL     = Trace
ROOT_PATH = /home/gitea/gitea/log

[oauth2]
JWT_SECRET = *****

and the following unit file

[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target

[Service]
# Modify these two values ​​and uncomment them if you have
# repos with lots of files and get to HTTP error 500 because of that
###
# LimitMEMLOCK=infinity
# LimitNOFILE=65535
RestartSec=2s
Type=simple
User=gitea
Group=git
WorkingDirectory=/home/gitea/gitea
ExecStart=/home/gitea/gitea/gitea web
Restart=no
Environment=USER=gitea 
Environment=USER=gitea HOME=/home/gitea GIITEA_WORK_DIR=/home/gitea/gitea
NonBlocking=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

I'm still getting this

[.......]
2019/05/29 11:17:23 [I] Listen: https://0.0.0.0:3000
2019/05/29 11:17:23 [I] LFS server enabled
2019/05/29 11:17:23 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000
2019/05/29 11:17:23 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor

From googling around, it seems other people, who are having trouble using privileged ports, usually get a message that hints at a permission issue. I'm getting a bad file descriptor though.
Any thoughts?

@esbennn commented on GitHub (May 29, 2019): Thank you very much for troubleshooting with me @zeripath ! So, with the following `app.ini` ``` APP_NAME = Gitea: Git with a cup of tea RUN_USER = gitea RUN_MODE = prod [security] INTERNAL_TOKEN = ***** INSTALL_LOCK = true SECRET_KEY = ***** [database] DB_TYPE = mysql HOST = 127.0.0.1:3306 NAME = gitea USER = gitea PASSWD = ***** SSL_MODE = disable PATH = data/gitea.db [repository] ROOT = /media/usb1/gitea-repositories [server] PROTOCOL = https SSH_DOMAIN = 192.168.1.41 # DOMAIN = 192.168.1.41 DOMAIN = git.pm2.dk HTTP_PORT = 3000 # ROOT_URL = https://192.168.1.41:3000/ DISABLE_SSH = false SSH_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /home/gitea/gitea/data/lfs LFS_JWT_SECRET = ***** OFFLINE_MODE = false CERT_FILE = /home/gitea/gitea/custom/conf/cert.pem KEY_FILE = /home/gitea/gitea/custom/conf/key.pem REDIRECT_OTHER_PORT = true #PORT_TO_REDIRECT = 1025 [mailer] ENABLED = false [service] REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false DISABLE_REGISTRATION = true ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.example.org [picture] DISABLE_GRAVATAR = false ENABLE_FEDERATED_AVATAR = true [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [session] PROVIDER = file [log] MODE = file #LEVEL = Info LEVEL = Trace ROOT_PATH = /home/gitea/gitea/log [oauth2] JWT_SECRET = ***** ``` and the following unit file ``` [Unit] Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target [Service] # Modify these two values ​​and uncomment them if you have # repos with lots of files and get to HTTP error 500 because of that ### # LimitMEMLOCK=infinity # LimitNOFILE=65535 RestartSec=2s Type=simple User=gitea Group=git WorkingDirectory=/home/gitea/gitea ExecStart=/home/gitea/gitea/gitea web Restart=no Environment=USER=gitea Environment=USER=gitea HOME=/home/gitea GIITEA_WORK_DIR=/home/gitea/gitea NonBlocking=true CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target ``` I'm still getting this ``` [.......] 2019/05/29 11:17:23 [I] Listen: https://0.0.0.0:3000 2019/05/29 11:17:23 [I] LFS server enabled 2019/05/29 11:17:23 [I] Redirecting: 0.0.0.0:80 to https://git.pm2.dk:3000 2019/05/29 11:17:23 [....io/gitea/cmd/web.go:220 runWeb()] [E] Failed to start server: error inheriting socket fd 3: file file+net listener: fcntl: bad file descriptor ``` From googling around, it seems other people, who are having trouble using privileged ports, usually get a message that hints at a permission issue. I'm getting a `bad file descriptor` though. Any thoughts?
GiteaMirror commented 2025-11-02 05:11:18 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (May 29, 2019):

Sorry I wasn't clear drop the redirect other port line

@zeripath commented on GitHub (May 29, 2019): Sorry I wasn't clear drop the redirect other port line
GiteaMirror commented 2025-11-02 05:11:19 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (May 29, 2019):

Oh, right. If i disable that line, the server starts.
But then i need to access the server specifically with https://[ip-address]:3000

@esbennn commented on GitHub (May 29, 2019): Oh, right. If i disable that line, the server starts. But then i need to access the server specifically with `https://[ip-address]:3000`
GiteaMirror commented 2025-11-02 05:11:19 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jun 15, 2019):

@esbennn sorry I must have missed your comment.

OK, so I think you're saying that you don't want to run Gitea behind a proxy server like Nginx - but rather would like Gitea to be run as git.pm2.dk on port 80? Have you tried:

  • Ensure that nothing else is running on port 80. Ensure that Apache and Nginx are not running.
  • Ensure that you have the correct capability lines in your systemd config. (I assume our advice is correct but you need to check those yourself.) Please note you must uncomment the CapabilityBoundingSet=CAP_NET_BIND_SERVICE and AmbientCapabilities=CAP_NET_BIND_SERVICE lines.
  • Set app.ini as follows:
[server] 
HTTP_PORT=80
SSH_DOMAIN=git.pm2.dk
DOMAIN=git.pm2.dk
ROOT_URL=http://git.pm2.dk/
...
@zeripath commented on GitHub (Jun 15, 2019): @esbennn sorry I must have missed your comment. OK, so I think you're saying that you don't want to run Gitea behind a proxy server like Nginx - but rather would like Gitea to be run as git.pm2.dk on port 80? Have you tried: * Ensure that nothing else is running on port 80. Ensure that Apache and Nginx are not running. * Ensure that you have the correct capability lines in your systemd config. (I assume our advice is correct but you need to check those yourself.) Please note you must uncomment the `CapabilityBoundingSet=CAP_NET_BIND_SERVICE ` and `AmbientCapabilities=CAP_NET_BIND_SERVICE` lines. * Set app.ini as follows: ```ini [server] HTTP_PORT=80 SSH_DOMAIN=git.pm2.dk DOMAIN=git.pm2.dk ROOT_URL=http://git.pm2.dk/ ... ```
GiteaMirror commented 2025-11-02 05:11:19 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (Jun 17, 2019):

Ok - it's working now! Thank you!
This is really nice. For now, I'm using a slef-signed cert. I would like to move to Lets Encrypt, though.
Trouble is that it isn't really accessible on port 80, as i have our cloud on that port.
I guess i'll have to use some sort of proxy on our network for that to work :)

@esbennn commented on GitHub (Jun 17, 2019): Ok - it's working now! Thank you! This is really nice. For now, I'm using a slef-signed cert. I would like to move to Lets Encrypt, though. Trouble is that it isn't really accessible on port 80, as i have our cloud on that port. I guess i'll have to use some sort of proxy on our network for that to work :)
GiteaMirror commented 2025-11-02 05:11:19 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jun 17, 2019):

Ah now I understand why certmanager wants us to just use their TLSConfig and what tls-alpn-01 is... #7229 will allow you to just run on https with tls-alpn-01. I'll see if it can be backported.

@zeripath commented on GitHub (Jun 17, 2019): Ah now I understand why certmanager wants us to just use their TLSConfig and what tls-alpn-01 is... #7229 will allow you to just run on https with tls-alpn-01. I'll see if it can be backported.
GiteaMirror commented 2025-11-02 05:11:19 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (Jun 25, 2019):

Thanks for the build! Haven't had time to test it yet, and I'm going on vacation tomorrow, so it'll be another couple of weeks. Looking forward to try it out!

@esbennn commented on GitHub (Jun 25, 2019): Thanks for the build! Haven't had time to test it yet, and I'm going on vacation tomorrow, so it'll be another couple of weeks. Looking forward to try it out!
GiteaMirror commented 2025-11-02 05:11:20 -06:00
Author
Owner
Copy Link

@esbennn commented on GitHub (Jul 29, 2019):

Alright - Using the v1.9, I was still unable to use the built in Letsencrypt functionality.
Using Letsencrypt certbot and pointing to certificate files, however, works perfectly!

@esbennn commented on GitHub (Jul 29, 2019): Alright - Using the v1.9, I was still unable to use the built in Letsencrypt functionality. Using Letsencrypt certbot and pointing to certificate files, however, works perfectly!
GiteaMirror commented 2025-11-02 05:11:20 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Sep 27, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Sep 27, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
GiteaMirror commented 2025-11-02 05:11:20 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Oct 11, 2019):

This issue has been automatically closed because of inactivity. You can re-open it if needed.

@stale[bot] commented on GitHub (Oct 11, 2019): This issue has been automatically closed because of inactivity. You can re-open it if needed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback issue/stale
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3387
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?