Skip to content

Unable to pull with fcgi+unix, gitea serve passing bearer token gets 403 #9474

New issue
New issue
Closed
Closed
Unable to pull with fcgi+unix, gitea serve passing bearer token gets 403#9474
@flipkickmedia

Description

@flipkickmedia
flipkickmedia
opened on Dec 23, 2019
APP_NAME       = giteatest
RUN_USER       = git
RUN_MODE       = prod
GITEA_WORK_DIR = /var/lib/gitea/workdir

[oauth2]
JWT_SECRET = <some secret>

[security]
INTERNAL_TOKEN = <some token>
INSTALL_LOCK   = true
SECRET_KEY     = <some secret>
[database]
DB_TYPE  = sqlite3
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = 
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db

[repository]
ROOT             = /home/git
DISABLE_HTTP_GIT = false

[server]
PROTOCOL         = fcgi+unix
SSH_DOMAIN       = git.domain.com
DOMAIN           = git.domain.com
HTTP_ADDR        = /run/gitea/gitea.sock
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET   = <some secret>
OFFLINE_MODE     = true
HTTP_PORT        = 3000
ROOT_URL         = https://git.domain.com

[mailer]
ENABLED = true
HOST    = smtp.domain.com
FROM    = [email protected]
USER    = [email protected]
PASSWD  = 

[service]
REGISTER_EMAIL_CONFIRM            = true
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = true
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = domain.com

[picture]
DISABLE_GRAVATAR        = true
ENABLE_FEDERATED_AVATAR = false

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE = file
LEVEL = debug
redirect_macaron_log=false
router=,
macaron=,
ENABLE_ACCESS_LOG = true
ENABLE_XORM_LOG = true

[log.node.file]
LEVEL = debug

[other]
; Show template execution time in the footer
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

[indexer]
ISSUE_INDEXER_PATH      = /var/lib/gitea/indexer/issues.bleve
ISSUE_INDEXER_QUEUE_DIR = /var/lib/gitea/indexer/issues.queue

logs generated from above config:

2019/12/23 13:06:28 ...s/context/context.go:329:func1() [D] Session ID: b405f0f486ba6edf
2019/12/23 13:06:28 ...s/context/context.go:330:func1() [D] CSRF Token: 1J2TQZ8h7MN8Cvuqq_RwTF-x0C06MTU3NzEwNjM4ODI2OTA4NDg1Mw

==> /var/lib/gitea/workdir/log/access.log <==

<my server ip> - - [23/Dec/2019:13:06:28 +0000] "GET  HTTP/1.1" 403 0 "\" \"GiteaServer"

audit log from ssh: https://pastebin.com/Skw6DKLx

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions