Gitea server becomes unavailable after git fetch/pull/push

Hello everybody,

I am running a Gitea server (1.23.8) on my unRAID NAS from a docker. This docker is made available through reverse proxy (swag/nginx) to the outside world. Most of the time though I access Gitea from within my home network but still use its public URL.

I am facing a very strange problem of which I don’t know what is going wrong. I suspect that swag/nginx is the cause.

Every time I fetch, pull or push from/to the server, the server becomes unavailable. The web interface is not reachable and git commands don’t work either. This situation last every time for about 10 to 15 minutes after which the server is reackable again.

It’s always the same symptoms. I fetch/push/pull → server is unavailable for 10 to 15 minutes.
The reason I suspect swag/nginx is that my Jellyfin docker container is also not available anymore in the same time period.

Ever stranger: this situation is only a problem from within my home network. From the outside (for example by using my phone) I can still access Gitea and Jellyfin.

swag/nginx comes with a preconfigured proxy configuration file. This file was modified by me using the Gitea documentation (here).
I had to modify the original file because the preconfigured one caused errors which made the webserver throw an error.

I was hoping somebody would have had a similar issue and/or can spot an configuration error in nginx or Gitea. I tryed to research by myself but couldn’t find real solutions.

My proxy configuration file for Gitea.

## Version 2024/07/16
# make sure that your gitea container is named gitea
# make sure that your dns has a cname set for gitea
# edit the following parameters in /data/gitea/conf/app.ini
# [server]
# SSH_DOMAIN       = gitea.server.com
# ROOT_URL         = https://gitea.server.com/
# DOMAIN           = gitea.server.com

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name gitea.*;

    include /config/nginx/ssl.conf;

    location / {
        #include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;

        client_max_body_size 512M;
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        set $upstream_app gitea;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

    location ~ (/gitea)?/info/lfs {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app gitea;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

Note that the line #include /config/nginx/proxy.conf; is a comment. This is the nginx default configuration that I had to remove otherwise I got an error code each time I accessed the server.

My Gitea app.ini looks as follows (note that I removed private information):

APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = gitea.****.org
SSH_DOMAIN = gitea.****.org
HTTP_PORT = 3000
ROOT_URL = https://gitea.****.org/
DISABLE_SSH = false
SSH_PORT = 3022
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = ****
OFFLINE_MODE = true

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = 192.168.178.3:5432
NAME = giteadb
USER = gitea
PASSWD = gitea
LOG_SQL = false
SCHEMA = gitea
SSL_MODE = disable

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]
PATH = /data/gitea/attachments

[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
SECRET_KEY = 
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = ****
PASSWORD_HASH_ALGO = pbkdf2

[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = true 
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost

[lfs]
PATH = /data/git/lfs

[mailer]
ENABLED = true
SMTP_ADDR = smtp.gmail.com
SMTP_PORT = 587
FROM = ****
USER = ****
PASSWD = ****

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[cron.update_checker]
ENABLED = false

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[oauth2]
JWT_SECRET = ****

Any idea is welcome. Thank you.

This is the error I get from VSCode git command output when the server is not reachable:

> git pull --tags origin main
fatal: unable to access 'https://gitea.****.org/***.git/': Failed to connect to gitea.****.org port 443 after 21031 ms: Couldn't connect to server

Can it be accessed from within the Docker container’s shell?

@lunny no, it cannot. At least not using its public URL.

After the web page becomes available again, the clone command in the screenshot works again.
But as I have mentioned, it doesn’t work within that 15 minute time frame from my local network.

I tryed several commands that use localhost to clone a repository but I’m doing something wrong here. I’m not sure what exactly.

root@unRAID:~# docker exec -it Gitea git clone --verbose git@localhost:****/****.git
Cloning into '****'...
git@localhost: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Above error also comes up while the server is actually reachable.

Can it be accessed from within the Docker container’s shell with locahost url?