Gitea server not responding to inbound connections

Install/Maintain/Configure

kcrawford October 18, 2023, 2:05pm 1

Hi all,

My gitea server recently stopped responding to connections from my nginx proxy. I did not make any changes to the proxy configuration or gitea configuration. I am running gitea version 1.21.0+rc1-32-g5b80157aa and go version 1.21.3. What is odd is if I comment ont the domain and root url in the config file and restart gitea, I can access the server using the local IP. Any ideas?

Relevant gitea config below:

[security]
INTERNAL_TOKEN = eyJh
INSTALL_LOCK = true
SECRET_KEY = 5nd
PASSWORD_HASH_ALGO = pbkdf2
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = 192.168.20.6

[server]
SSH_DOMAIN = <removed>
DOMAIN = <removed>
ROOT_URL = <removed>
DISABLE_SSH = false
SSH_PORT = 22
OFFLINE_MODE = false
APP_DATA_PATH = /var/lib/gitea/data
USE_PROXY_PROTOCOL = true

Proxy configuration:

server {
    listen 443 ssl http2;
    server_name <removed>;

    ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/.../privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;

    location / {
        proxy_pass http://192.168.10.118:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Real-IP $remote_addr;
        client_max_body_size 400M;
     }

}

Packet capture:

tcpdump -enni eth0 port 3000
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:58:05.417572 c4:ad:34:17:8e:c2 > 0a:b3:5a:52:6c:29, ethertype IPv4 (0x0800), length 74: 192.168.20.6.52184 > 192.168.10.118.3000: Flags [S], seq 2692335983, win 64240, options [mss 1460,sackOK,TS val 939742285 ecr 0,nop,wscale 7], length 0
13:58:21.541558 c4:ad:34:17:8e:c2 > 0a:b3:5a:52:6c:29, ethertype IPv4 (0x0800), length 74: 192.168.20.6.52184 > 192.168.10.118.3000: Flags [S], seq 2692335983, win 64240, options [mss 1460,sackOK,TS val 939758409 ecr 0,nop,wscale 7], length 0

Server is listening on correct port:

lsof -ni :3000
COMMAND PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
gitea   212  git   12u  IPv6 14008970      0t0  TCP *:3000 (LISTEN)

Last few lines of logs:

2023/10/18 13:51:47 cmd/web.go:304:listen() [I] Listen: http://0.0.0.0:3000
2023/10/18 13:51:47 cmd/web.go:308:listen() [I] AppURL(ROOT_URL): <removed>
2023/10/18 13:51:47 ...s/graceful/server.go:70:NewServer() [I] Starting new Web server: tcp:0.0.0.0:3000 on PID: 212

kcrawford June 23, 2024, 2:51pm 2

So, following up on my own topic. This continues to be an issue for me seemingly at random. I have figured out that a docker network will overlap my local network. If I do an ip addr I see:

200: br-c62ed888c6b9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:7e:03:e7:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.16.1/20 brd 192.168.31.255 scope global br-c62ed888c6b9
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7eff:fe03:e733/64 scope link
       valid_lft forever preferred_lft forever

Doing a docker system prune -a removes this network (as well as everything else that is running).