i’ve nginx
/usr/local/nginx/sbin/nginx -v
nginx version: nginx/1.21.4 (local build)
as reverse proxy in front of
gitea -v
Gitea version 1.15.8 built with GNU Make 4.1, go1.16.12 : bindata, sqlite, sqlite_unlock_notify
gitea listens on a unix: socket,
...
[repository]
ROOT = /data/gitea/repos
[server]
PROTOCOL = unix
HTTP_ADDR = /run/gitea/gitea.sock
UNIX_SOCKET_PERMISSION = 666
ROOT_URL = https://gitea.example.com/
DISABLE_HTTP_GIT = false
DISABLE_SSH = true
SSH_PORT = 22
SSH_EXPOSE_ANONYMOUS = false
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/gitea/lfs
LFS_JWT_SECRET = g...
OFFLINE_MODE = true
...
nginx is config’d as an SSL terminator, lintening only on :443,
upstream GITEAproxy { server unix:/run/gitea/gitea.sock; }
server {
listen 192.168.1.10:443 ssl http2;
server_name gitea.example.com ;
ssl_client_certificate "/svr/etc/ssl/my_CA.CHAIN.crt.pem";
ssl_verify_client on;
ssl_verify_depth 2;
ssl_certificate "/svr/etc/ssl/gitea.example.com.server.EC.crt.pem";
ssl_certificate_key "/svr/etc/ssl/gitea.example.com.server.EC.key.pem";
location / {proxy_pass http://GITEAproxy;}
...
}
passing un-encrypted http://
traffic to the backend
NO issues accessing the WebUI in browser.
Logged-in as “myAdmin”, I create a repo, ‘test’
@ nav to,
https ://gitea.example.com/myAdmin/test
I see:
Quick Guide
Clone this repository Need help cloning? Visit Help.
[HTTPS] https://gitea.example.com/myAdmin/test.git
so, at my shell,
git clone https://gitea.example.com/myAdmin/test.git
Cloning into 'test'...
fatal: unable to access 'https://gitea.example.com/myAdmin/test.git/': SSL certificate problem: unable to get local issuer certificate
Iiuc, that’s gitea
complaining about the cert.
In my config, gitea should be seeing only unencrypted traffic. Running the app server on a socket listener, I’m fine with a non-SSL gitea backend.
I’ve miconfigured something.
Is a different ROOT_URL needed? Or other/add’l config?