Hello everybody,
I am running a Gitea server (1.23.8) on my unRAID NAS from a docker. This docker is made available through reverse proxy (swag/nginx) to the outside world. Most of the time though I access Gitea from within my home network but still use its public URL.
I am facing a very strange problem of which I don’t know what is going wrong. I suspect that swag/nginx is the cause.
Every time I fetch, pull or push from/to the server, the server becomes unavailable. The web interface is not reachable and git commands don’t work either. This situation last every time for about 10 to 15 minutes after which the server is reackable again.
It’s always the same symptoms. I fetch/push/pull → server is unavailable for 10 to 15 minutes.
The reason I suspect swag/nginx is that my Jellyfin docker container is also not available anymore in the same time period.
Ever stranger: this situation is only a problem from within my home network. From the outside (for example by using my phone) I can still access Gitea and Jellyfin.
swag/nginx comes with a preconfigured proxy configuration file. This file was modified by me using the Gitea documentation (here).
I had to modify the original file because the preconfigured one caused errors which made the webserver throw an error.
I was hoping somebody would have had a similar issue and/or can spot an configuration error in nginx or Gitea. I tryed to research by myself but couldn’t find real solutions.
My proxy configuration file for Gitea.
## Version 2024/07/16
# make sure that your gitea container is named gitea
# make sure that your dns has a cname set for gitea
# edit the following parameters in /data/gitea/conf/app.ini
# [server]
# SSH_DOMAIN = gitea.server.com
# ROOT_URL = https://gitea.server.com/
# DOMAIN = gitea.server.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitea.*;
include /config/nginx/ssl.conf;
location / {
#include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
client_max_body_size 512M;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/gitea)?/info/lfs {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Note that the line #include /config/nginx/proxy.conf;
is a comment. This is the nginx default configuration that I had to remove otherwise I got an error code each time I accessed the server.
My Gitea app.ini looks as follows (note that I removed private information):
APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = gitea.****.org
SSH_DOMAIN = gitea.****.org
HTTP_PORT = 3000
ROOT_URL = https://gitea.****.org/
DISABLE_SSH = false
SSH_PORT = 3022
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = ****
OFFLINE_MODE = true
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = 192.168.178.3:5432
NAME = giteadb
USER = gitea
PASSWD = gitea
LOG_SQL = false
SCHEMA = gitea
SSL_MODE = disable
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = ****
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = true
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[lfs]
PATH = /data/git/lfs
[mailer]
ENABLED = true
SMTP_ADDR = smtp.gmail.com
SMTP_PORT = 587
FROM = ****
USER = ****
PASSWD = ****
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[cron.update_checker]
ENABLED = false
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[oauth2]
JWT_SECRET = ****
Any idea is welcome. Thank you.