Installed gitea but cant access from host browser?

LXD
1

Hi guys!

So I’ve installed gitea the self hosted git repo.

At first I got “gitea.service: Failed to reset devices.list: Operation not permitted” but the noticed that it was related to the ports so after changing it to 9000 it was fine.

The problem is that I cant access it by browser. Based on the ip of ifconfig and port from netstat command. It should’ve being fine on

ip:9000 but browser cant find the page, yet from the ssh connection I could use curl localhost:9000 and it shows the page related stuff.

Any clue why this kind of behaviour occurs? I’ve always thought that from host browser I can easily go to the lxc containers web pages.

2

macvlan

3

Can you elaborate more for how to do change it or how it benefits?

Right now I am using this on laptop and the lxc runs on my laptop. Not going to send this to public.

4

This message is unrelated to changing the listening port. I think it is an error that you can safely ignore.

gitea has several configuration parameters. Can you show us what was changed in the Server section?
See https://docs.gitea.io/en-us/administration/config-cheat-sheet/
Your description suggests that by default, gitea listens (binds) on the loopback network interface.
Which means that either

  1. you create a LXD proxy device to expose the port to the host, How to use the LXD Proxy Device to map ports between the host and the containers – Mi blog lah!
  2. change the gitea configuration to listen to all interfaces, therefore, you can access it from the host using the container IP address and port number.
5

Hi!

Thanks for the reply.

Here is the gitea.ini
https://pastebin.com/i6JHU6td

So the server section has

; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
PROTOCOL         = http
DOMAIN           = localhost
ROOT_URL         = http://localhost:9000
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
HTTP_ADDR        = 127.0.0.1
HTTP_PORT        = 9000
; Disable SSH feature when not available
DISABLE_SSH      = false
; Whether to use the builtin SSH server or not.
START_SSH_SERVER = True
; Domain name to be exposed in clone URL
SSH_DOMAIN       = localhost
; The network interface the builtin SSH server should listen on
SSH_LISTEN_HOST  = 0.0.0.0
; Port number to be exposed in clone URL
SSH_PORT         = 2222
; The port number the builtin SSH server should listen on
SSH_LISTEN_PORT  = %(SSH_PORT)s
; Disable CDN even in "prod" mode
OFFLINE_MODE     = True
; Default path for App data
APP_DATA_PATH    = /var/lib/gitea/data

from lxc list

gitea | RUNNING | 10.62.176.15 (eth0) | fd42:4e49:a163:3b88:216:3eff:fecc:9372 (eth0) | CONTAINER |

from netstat on the lxc server

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      168/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      250/sshd
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      994/gitea
tcp6       0      0 :::2222                 :::*                    LISTEN      994/gitea

Doest it mean that I need to add proxy_protocol=true to make this work?

6

Since you are connected only from the host, you do not need the proxy protocol.
You just need to setup a proxy device, according to the link I gave earlier.

7

I tried
lxc config device add gitea myport80 proxy listen=tcp:0.0.0.0:9000 connect=tcp:127.0.0.1:9000
and
lxc config device add gitea myport80 proxy listen=tcp:0.0.0.0:9000 connect=tcp:10.62.176.15:9000

But I still couldnt connect to the gitea by my host. Maybe I am understanding this wrongly. I’ve heard about proxies a lot but never really gotten grasp of it.

So the macvlan thing doesnt relate to this problem I guess.

8

The macvlan reference has to do with one of the most common issues with the communication between the host and the container; they cannot communicate over the network due to the way macvlan works.

You do not mention macvlan, so I assume there is no such configuration. Also, you somewhat mention that you can ssh from the host to the container, therefore most likely there is no macvlan. If you are using macvlan on this container, please say so.

We haven’t seen the output of netstat from the container. If the gitea configuration is valid, it should say that gitea is listening on port 9000, interface lo (127.0.0.1). Therefore, the first proxy device line is obviously the valid one. You may also change the name, from myport80 to something like mygitea9000.

9

Hi!
Yes I am not using Macvlan and only working with host and container from the host.

root@gitea:~# netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      156/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      258/sshd
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      227/gitea
tcp6       0      0 :::2222                 :::*                    LISTEN      227/gitea
tcp6       0      0 :::22                   :::*                    LISTEN      258/sshd
udp        0      0 127.0.0.53:53           0.0.0.0:*                           156/systemd-resolve
udp        0      0 10.62.176.15:68         0.0.0.0:*                           154/systemd-network
udp6       0      0 fe80::216:3eff:fecc:546 :::*                                154/systemd-network

This was from gitea container. I’ve tried that proxy device command, but

lxc list

+------------+---------+---------------------+-----------------------------------------------+-----------+-----------+
|    NAME    |  STATE  |        IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+------------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| gitea      | RUNNING | 10.62.176.15 (eth0) | fd42:4e49:a163:3b88:216:3eff:fecc:9372 (eth0) | CONTAINER | 0         |

From the browser I cant get gitea to open up.
I tried with this
10.62.176.15:9000
by my browser but no luck.

lxc config device add gitea myport80 proxy listen=tcp:0.0.0.0:9000 connect=tcp:127.0.0.1:9000

Used this command but it didnt change the behaviour.

I am using laptop with wifi, not sure if that info is needed tho.

lxc network ls

+---------+----------+---------+-------------+---------+
|  NAME   |   TYPE   | MANAGED | DESCRIPTION | USED BY |
+---------+----------+---------+-------------+---------+
| docker0 | bridge   | NO      |             | 0       |
+---------+----------+---------+-------------+---------+
| enp25s0 | physical | NO      |             | 0       |
+---------+----------+---------+-------------+---------+
| lxdbr0  | bridge   | YES     |             | 4       |
+---------+----------+---------+-------------+---------+
| virbr0  | bridge   | NO      |             | 0       |
+---------+----------+---------+-------------+---------+
| wlan0   | physical | NO      |             | 0       |
+---------+----------+---------+-------------+---------+
10

Okay, so I gave it a go and installed just now gitea. This is the full list of commands, reproducible.

$ lxc launch ubuntu:18.04 gitea
Creating gitea
Starting gitea
$ lxc ubuntu gitea
ubuntu@gitea:~$ wget -O gitea https://dl.gitea.io/gitea/1.11.3/gitea-1.11.3-linux-amd64
--2020-03-20 17:35:54--  https://dl.gitea.io/gitea/1.11.3/gitea-1.11.3-linux-amd64
Resolving dl.gitea.io (dl.gitea.io)... 104.27.142.155, 104.27.143.155, 2606:4700:3031::681b:8e9b, ...
Connecting to dl.gitea.io (dl.gitea.io)|104.27.142.155|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83104520 (79M) [application/octet-stream]
Saving to: ‘gitea’

gitea               100%[===================>]  79.25M  8.43MB/s    in 9s     

2020-03-20 16:36:12 (4.29 MB/s) - ‘gitea’ saved [83104520/83104520]

ubuntu@gitea:~$ chmod +x gitea 
ubuntu@gitea:~$ ./gitea 
2020/03/20 16:36:18 cmd/web.go:107:runWeb() [I] Starting Gitea on PID: 430
2020/03/20 16:36:18 ...s/setting/setting.go:531:NewContext() [W] Custom config '/home/ubuntu/custom/conf/app.ini' not found, ignore this if you're running first time
2020/03/20 16:36:18 ...dules/setting/git.go:91:newGit() [I] Git Version: 2.17.1
2020/03/20 16:36:18 routers/init.go:87:GlobalInit() [T] AppPath: /home/ubuntu/gitea
2020/03/20 16:36:18 routers/init.go:88:GlobalInit() [T] AppWorkPath: /home/ubuntu
2020/03/20 16:36:18 routers/init.go:89:GlobalInit() [T] Custom path: /home/ubuntu/custom
2020/03/20 16:36:18 routers/init.go:90:GlobalInit() [T] Log path: /home/ubuntu/log
2020/03/20 16:36:18 ...dules/setting/log.go:233:newLogService() [I] Gitea v1.11.3 built with GNU Make 4.1, go1.13.8 : bindata, sqlite, sqlite_unlock_notify
2020/03/20 16:36:18 ...dules/setting/log.go:276:newLogService() [I] Gitea Log Mode: Console(Console:info)
2020/03/20 16:36:18 ...les/setting/cache.go:45:newCacheService() [I] Cache Service Enabled
2020/03/20 16:36:18 ...s/setting/session.go:44:newSessionService() [I] Session Service Enabled
2020/03/20 16:36:18 routers/init.go:122:GlobalInit() [I] SQLite3 Supported
2020/03/20 16:36:18 routers/init.go:46:checkRunMode() [I] Run Mode: Development
2020/03/20 16:36:18 cmd/web.go:161:runWeb() [I] Listen: http://0.0.0.0:3000
2020/03/20 16:36:18 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 430

The last line says that gitea is listening to tcp:0.0.0.0:3000. Which means,

  1. I can access gitea from the host using the IP address of the container, i.e. http://10.x.y.z:3000
  2. I can access gitea from the host after setting up a LXD proxy device.

This is the LXD proxy device command that I used.

$ lxc config device add gitea mygitea3000 proxy listen=tcp:0.0.0.0:3000 connect=tcp:127.0.0.1:3000
Device mygitea3000 added to gitea
$

Here is the screenshot,

807×840 57.3 KB

Have you installed a firewall?

1 Like
11

Hi!

Okay it also works on my part if I do it that way. I didnt even need to use

lxc config device add gitea mygitea3000 proxy listen=tcp:0.0.0.0:3000 connect=tcp:127.0.0.1:3000

I used ansible role to install this https://github.com/thomas-maurice/ansible-role-gitea

So I guess the problem is the way how the role installs it and something is not matching with what lxc needs.

But yeh I guess gonna try other git solutions on my lxc.

12

I could have a look if you could provide a working minimal example of setting up gitea to work on localhost.

The starting part is,

$ lxc launch ubuntu:18.04 gitea
Creating gitea
Starting gitea
$ lxc ubuntu gitea
ubuntu@gitea:~$ sudo apt-add-repository --yes --update ppa:ansible/ansible
ubuntu@gitea:~$ sudo apt install ansible
ubuntu@gitea:~$ ansible-galaxy install thomas_maurice.ansible_role_gitea
ubuntu@gitea:~$

What’s the rest?