Using Gitea with runner and WebAuthn #34253
Description
Description
I use
- gitea version
1.23.7, - runner version
0.2.11with - WebAuthn activated and
- traefik as proxy.
Both runner and WebAuthn use root_url.
Since runner should use the local url to access the Gitea instance, root_url must have the value http://gitea:3000/.
WebAuthn only works in https environments and then the value of root_url must be https://gitea.example.com/.
How can I resolve this conflict? As a workaround, I do not log in via WebAuthn.
Thank you for your very good work. I may have made a mistake or runner (local) and WebAuthn (https) cannot be used together.
Understandably, I receive this message on my gitea instance under https://gitea.example.com/:
Your ROOT_URL in app.ini is "http://gitea:3000/", it's unlikely matching the site you are visiting.
Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.
app.ini for gitea
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = gitea.example.com
SSH_DOMAIN = gitea.example.com
HTTP_PORT = 3000
ROOT_URL = http://gitea:3000/
DISABLE_SSH = false
DISABLE_HTTP_GIT = true
SSH_PORT = 43
SSH_LISTEN_PORT = 22
LFS_ALLOW_PURE_SSH = true
LFS_START_SERVER = true
LFS_JWT_SECRET = a-secret
OFFLINE_MODE = trueconfig.yaml for runner
log:
level: info
runner:
file: .runner
capacity: 1
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
env_file: .env
timeout: 3h
shutdown_timeout: 0s
insecure: false
fetch_timeout: 5s
fetch_interval: 2s
labels:
- "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04"
cache:
enabled: true
dir: ""
host: ""
port: 0
external_server: ""
container:
network: "service-gitea"
privileged: false
options:
workdir_parent:
valid_volumes: []
docker_host: ""
force_pull: true
force_rebuild: false
host:
workdir_parent:Gitea Version
1.23.7
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/jonastaedcke/ad84634e169df81d33667986970d9a04
Screenshots
Git Version
2.47.2
Operating System
Synology NAS
How are you running Gitea?
docker-compose.yml
networks:
traefik_proxy:
name: traefik_proxy
external: true
service-gitea:
name: service-gitea
services:
gitea:
image: docker.gitea.com/gitea:latest
container_name: gitea
environment:
- USER_UID=${PUID}
- USER_GID=${PGID}
- TZ=${TZ}
- GITEA__database__[...]
- GITEA__mailer__[...]
- GITEA__openid__[...]
- GITEA__repository__[...]
- GITEA__service__[...]
- GITEA__server__ROOT_URL=http://gitea:3000/
- GITEA__server__DOMAIN=gitea.example.com
- GITEA__server__OFFLINE_MODE=true
- GITEA__server__SSH_PORT=43
- GITEA__server__SSH_LISTEN_PORT=22
- GITEA__server__SSH_DOMAIN=gitea.example.com
restart: always
networks:
- traefik_proxy
- service-gitea
volumes:
- ./service-gitea/gitea/data:/data
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- "traefik.docker.network=traefik_proxy"
- "traefik.tcp.routers.gitea-ssh-router.entrypoints=ssh-gitea"
- "traefik.tcp.routers.gitea-ssh-router.rule=HostSNI(`*`)"
- "traefik.tcp.routers.gitea-ssh-router.service=gitea-ssh-service"
- "traefik.tcp.services.gitea-ssh-service.loadbalancer.server.port=22"
gitea-postgres: [...]
gitea-runner:
container_name: gitea-runner
image: docker.io/gitea/act_runner:latest
environment:
- CONFIG_FILE=/config.yaml
- GITEA_INSTANCE_URL=gitea:3000
- GITEA_RUNNER_REGISTRATION_TOKEN=my-secret
- GITEA_RUNNER_NAME=Gitea Runner
networks:
- service-gitea
depends_on:
- gitea
volumes:
- ./service-gitea/gitea-runner/config.yaml:/config.yaml:ro
- ./service-gitea/gitea-runner/data:/data
- /var/run/docker.sock:/var/run/docker.sockDatabase
PostgreSQL