Hello,
I have successfully setup gitea on a virtual server.
The current use case is to install etckeeper on any server in my lab and distribute any file in /etc to a remote server “gitea” on a daily basis.
My intention is to create an organisation “etckeeper” with multiple repositories; each repository represents one hostname (or FQDN).
Now there are 2 challenges:
- gitea server uses self-signed certificates, and when I try to push a repo I get this error:
fatal: unable to access 'https://gitea.example.com/etckeeper/hostname.example.com.git/': SSL certificate problem: self signed certificate
- Using workaround with option
-c http.sslVerify=false solves issue 1, but I need to enter username and password for authentication.
Can you please advise how to resolve problem 1?
And what is a potential solution for problem 2 for automated procedure in non-interactive mode pushing data to gitea?
THX
either add your self-signed CA to your local certs, or use a valid SSL cert (letsencrypt provides free ones,but if you can’t use the HTTP-01 validation built in, then caddy reverse proxy uses DNS based validation if you are behind a firewall and cant open ports)
This is more of a git question than Gitea, but scripting - Pass username and password for git pull - Stack Overflow is an answer for pushing via HTTPS
But something that would solve your issue without having to change any configuration is to use git via SSH and then your SSH key would be the credential to access gitea.
Thanks for your reply.
With regards to the issue “self-signed certificates”, if I add my self-signed CA to each host’s local certs, where should I put it and how do I tell git client to use it?
With regards to issue “authentication” I cannot store sensitive data in cleartext anywhere, therefore my understanding is to use SSH key. And this means to create a technical user and its SSH key pair for usage on any client that wants to connect to gitea server, right?
I put the self-signed CA on the client in directory /etc/ssl.
Then I modified git global config with this command:
git config --global http."https://<gitea-fqdn>:3030/".sslCAInfo /etc/ssl/<gitea-fqdn>.pem
However, when I try to push the repository to gitea server with git push -u origin master, I get this error:
fatal: unable to access 'https://<gitea-fqdn>/etckeeper/<repo>.git/': SSL certificate problem: self signed certificate
What if instead of for global for a specific URL, you add it to the repo config instead (that way you don’t need to worry if your selector is working.
eg.
cd repository
git config http.sslCAInfo /path/to/certificate.pem
Although this is rather fragile using self-signed certs in such a way, and I strongly urge you to consider getting a trusted cert (they are offered for free from letsencrypt).
Unrelated to the debugging, I’m wondering if you are unable to store any sensitive data in plaintext, then how are the user/pass being stored, I’d imaging you could store the SSH key in a similar way (SSH keys can also be protected by a password).
I fixed the issue with the git global config.
The correct command is:
git config --global http."https://<gitea-fqdn>/".sslCAInfo /etc/ssl/<gitea-fqdn>.pem
1 Like