[Bug] SKIP_TLS_VERIFY=true not working on webhook #4224

New Issue

GiteaMirror · 2025-11-02T05:43:02-06:00

GiteaMirror commented

2025-11-02 05:43:02 -06:00

Originally created by @toni-moreno on GitHub (Nov 2, 2019).

Gitea version (or commit ref):
Git version:
Gitea version 1.11.0+dev-146-g232340f5e built with GNU Make 4.2.1, go1.13.4 : bindata, sqlite, sqlite_unlock_notify
Operating system:
Docker
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

Gitea is not able to launch remote webhook, even when SKIP_TLS_VERIFY=true environment variable is set.

2019/11/02 11:12:51 ...s/graceful/server.go:87:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 18
2019/11/02 11:13:38 ...s/webhook/deliver.go:179:DeliverHooks() [E] deliver: Post https://drone.myserver.io/hook?secret=5Bq2GZ8BWY9yHiG3KPpFud5Gqu56tj8m: x509: certificate is valid for 2a22c8a50bcf6fe0a18245ddbd8979b3.1c13c9704e69fcdb724d9de94cf8e6ae.traefik.default, not drone.myserver.io

This is my service config.

version: "3.3"
services:
  git:
    image: gitea/gitea:latest 
    environment:
      - USER_UID=1001
      - USER_GID=1001
      - DB_TYPE=postgres
      - DB_HOST=git-db:5432
      - DB_NAME=gitea
      - DB_USER=${WEB_ADMIN_USERNAME}
      - DB_PASSWD=${WEB_ADMIN_PASSWORD}
      - SSH_DOMAIN=git.${WEB_DOMAIN}
      - SKIP_TLS_VERIFY=true
    networks:
      - net-public
    volumes:
      - gitea-data:/data
    ports:
      - "3000:3000"
      - "2222:22"
    deploy:
      placement:
        constraints:
          - node.labels.role.git == true
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:git.${WEB_DOMAIN}
        - traefik.docker.network=net-public
        - traefik.port=3000
        - traefik.tags=net-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https

Originally created by @toni-moreno on GitHub (Nov 2, 2019).   - Gitea version (or commit ref): - Git version: Gitea version 1.11.0+dev-146-g232340f5e built with GNU Make 4.2.1, go1.13.4 : bindata, sqlite, sqlite_unlock_notify - Operating system: Docker - Database (use `[x]`): - [X] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [X] Not relevant - Log gist: ## Description Gitea is not able to launch remote webhook, even when SKIP_TLS_VERIFY=true environment variable is set. ``` 2019/11/02 11:12:51 ...s/graceful/server.go:87:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 18 2019/11/02 11:13:38 ...s/webhook/deliver.go:179:DeliverHooks() [E] deliver: Post https://drone.myserver.io/hook?secret=5Bq2GZ8BWY9yHiG3KPpFud5Gqu56tj8m: x509: certificate is valid for 2a22c8a50bcf6fe0a18245ddbd8979b3.1c13c9704e69fcdb724d9de94cf8e6ae.traefik.default, not drone.myserver.io ``` This is my service config. ```yaml version: "3.3" services: git: image: gitea/gitea:latest environment: - USER_UID=1001 - USER_GID=1001 - DB_TYPE=postgres - DB_HOST=git-db:5432 - DB_NAME=gitea - DB_USER=${WEB_ADMIN_USERNAME} - DB_PASSWD=${WEB_ADMIN_PASSWORD} - SSH_DOMAIN=git.${WEB_DOMAIN} - SKIP_TLS_VERIFY=true networks: - net-public volumes: - gitea-data:/data ports: - "3000:3000" - "2222:22" deploy: placement: constraints: - node.labels.role.git == true labels: - traefik.enable=true - traefik.frontend.rule=Host:git.${WEB_DOMAIN} - traefik.docker.network=net-public - traefik.port=3000 - traefik.tags=net-public - traefik.redirectorservice.frontend.entryPoints=http - traefik.redirectorservice.frontend.redirect.entryPoint=https - traefik.webservice.frontend.entryPoints=https ```

GiteaMirror added the type/question issue/stale labels 2025-11-02 05:43:02 -06:00

GiteaMirror closed this issue

2025-11-02 05:43:02 -06:00

GiteaMirror commented

2025-11-02 05:43:03 -06:00

@lunny commented on GitHub (Nov 2, 2019):

We haven't support SKIP_TLS_VERIFY environment, you have to set that via app.ini.

@lunny commented on GitHub (Nov 2, 2019): We haven't support `SKIP_TLS_VERIFY` environment, you have to set that via `app.ini`.

GiteaMirror commented

2025-11-02 05:43:03 -06:00

@toni-moreno commented on GitHub (Nov 2, 2019):

@lunny I've seen that Dockerimage doesn't contain the app.ini file , so I suspect Dockerfile generates by itself on container start with environment variables, so I have a question.

Could I mount only with this option and with the environment variables?

/my_app.ini:/data/gitea/conf/app.ini

with only this option in my_app.ini ?

[webhook]

SKIP_TLS_VERIFY = true

@toni-moreno commented on GitHub (Nov 2, 2019): @lunny I've seen that Dockerimage doesn't contain the app.ini file , so I suspect Dockerfile generates by itself on container start with environment variables, so I have a question. Could I mount only with this option and with the environment variables? ```` /my_app.ini:/data/gitea/conf/app.ini ```` with only this option in my_app.ini ? ```ini [webhook] SKIP_TLS_VERIFY = true ```

GiteaMirror commented

2025-11-02 05:43:03 -06:00

@toni-moreno commented on GitHub (Nov 2, 2019):

Hi @lunny I've tested , and remembered that app.ini is created in the setup phase, so previous solution doesn't work.

Could be good if addedSKIP_TLS_VERIFY as environment var.

Thank you for your attention.

@toni-moreno commented on GitHub (Nov 2, 2019): Hi @lunny I've tested , and remembered that app.ini is created in the setup phase, so previous solution doesn't work. Could be good if addedSKIP_TLS_VERIFY as environment var. Thank you for your attention.

GiteaMirror commented

2025-11-02 05:43:03 -06:00

@zeripath commented on GitHub (Nov 3, 2019):

This is yet another example of a thing that #7287 would fix... The environment variable would be GITEA__WEBHOOK__SKIP_TLS_VERIFY

@zeripath commented on GitHub (Nov 3, 2019): This is yet another example of a thing that #7287 would fix... The environment variable would be GITEA__WEBHOOK__SKIP_TLS_VERIFY

GiteaMirror commented

2025-11-02 05:43:03 -06:00

@toni-moreno commented on GitHub (Nov 5, 2019):

After doing a new installation with docker , I realized that is not a good idea to map an app.ini file if you can not create the admin user , and I can 't (https://github.com/go-gitea/gitea/issues/8763) , so is needed this variable as @zeripath suggested or fix the admin creation tool.

@toni-moreno commented on GitHub (Nov 5, 2019): After doing a new installation with docker , I realized that is not a good idea to map an app.ini file if you can not create the admin user , and I can 't (https://github.com/go-gitea/gitea/issues/8763) , so is needed this variable as @zeripath suggested or fix the admin creation tool.

GiteaMirror commented

2025-11-02 05:43:04 -06:00

@stale[bot] commented on GitHub (Jan 4, 2020):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Jan 4, 2020): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented

2025-11-02 05:43:04 -06:00

@stale[bot] commented on GitHub (Jan 19, 2020):

This issue has been automatically closed because of inactivity. You can re-open it if needed.

@stale[bot] commented on GitHub (Jan 19, 2020): This issue has been automatically closed because of inactivity. You can re-open it if needed.

GiteaMirror referenced this issue

2025-11-02 12:31:50 -06:00

[PR #4224] [CLOSED] fix issues #4223 #17291

Sign in to join this conversation.