I have a gitea server (with sub-path) working fine and installed with docker-compose behind an Apache reverse proxy.
I am trying to enable repo cloning with SSH, the problem is that the server keeps asking for the git user password and it seems that the server does not save the ssh public keys I enter in an authorized_keys
file as it should.
Here is the configuration files I have:
docker-compose.yaml
:
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
environment:
- ROOT_URL=https://myserver.fr/git/
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__DB_HOST=db:3306
- GITEA__database__DB_NAME=gitea
- GITEA__database__DB_USER=gitea
- GITEA__database__DB_PASSWD=gitea
restart: always
networks:
- gitea
volumes:
- /home/www/www-gitea/gitea_on_glaciere/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:2222"
depends_on:
- db
db:
image: mysql:5.7
restart: always
environment:
- MYSQL_ROOT_PASSWORD=gitea
- MYSQL_USER=gitea
- MYSQL_PASSWORD=gitea
- MYSQL_DATABASE=gitea
networks:
- gitea
volumes:
- ./mysql:/var/lib/mysql
app.ini
(with relevant parts):
[...]
[repository]
ROOT = /data/git/repositories
[...]
[server]
APP_DATA_PATH = /data/gitea
HTTP_PORT = 3000
ROOT_URL = https://myserver.fr/git/
DISABLE_SSH = false
SSH_DOMAIN = myserver.fr/git
START_SSH_SERVER = true
SSH_PORT = 2222
SSH_LISTEN_PORT = 2222
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/git/lfs
Apache reverse proxy (relevant part only):
[...]
AllowEncodedSlashes NoDecode
# Note: no trailing slash after either /git or port
ProxyPass /git http://localhost:3000 nocanon
ProxyPassReverse /git http://localhost:3000
[...]
If I enter in the running docker container, I see that the home directory of git
user is at /data/git
and the file /data/git/.ssh/authorized_keys
exists but is empty although I added my key online.
When I try to clone it look like:
git clone ssh://git@myserver.fr/git:2222/me/myrepo.git
I get the server’s git user password asked. I changed the webserver git user password to see which git user it was, and it appears that it is not the one in the docker container, but the one on the webserver…
What configuration did I miss ?