gitea: docker https fails with web_graceful [E] Failed to load https cert file 0.0.0.0:3000 : open : no such file or directory
- Gitea version (or commit ref): 8786c15 (docker gitea/gitea:latest)
- Git version: 2.15.2
- Operating system: docker-ce on ubuntu 16.04, not using compose.
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
- Log gist:
2018/06/09 12:46:58 […/cmd/web_graceful.go:37 runHTTPS()] [E] Failed to load https cert file 0.0.0.0:3000: open : no such file or directory
Description
It looks like CERT_FILE and CERT_KEY are not being resolved / loaded properly.
When specifying CERT_FILE/CERT_KEY with absolute container paths, the cert files are not found and no cert file is specified in the error:
2018/06/09 12:46:58 [.../cmd/web_graceful.go:37 runHTTPS()] [E] Failed to load https cert file 0.0.0.0:3000: open : no such file or directory
cert creation done inside docker
docker exec -it gitea /bin/bash
cd /app/gitea
./gitea cert --ca --host 10.10.10.10
mv *.pem /data/gitea/conf
app.ini
[server]
PROTOCOL = https
DOMAIN = 10.10.10.10
ROOT_URL = https://10.10.10.10:10000
CERT_FILE = /data/gitea/conf/cert.pem
CERT_KEY = /data/gitea/conf/key.pem
cert.pem is 0644 key.pem is 0600 both are owned by the docker container and can be read inside the docker container fine:
docker exec -it gitea /bin/bash
ls -l /data/gitea/conf/*.pem
-rw-r--r-- 1 git git 1159 jun 9 12:43 /data/gitea/conf/cert.pem
-rw------ 1 git git 1679 jun 9 12:43 /data/gitea/conf/key.pem
Relative paths expose cert file in error
However, if I use relative paths for the certificate, the log message changes, exposing the actual relative path for the requested cert:
2018/06/09 13:08:18 [.../cmd/web_graceful.go:37 runHTTPS()] [E] Failed to load https cert file 0.0.0.0:3000: open gitea/conf/cert.pem: not a directory
cert creation done inside docker
docker exec -it gitea /bin/bash
cd /app/gitea
./gitea cert --ca --host 10.10.10.10
mv *.pem /data/gitea/conf
app.ini
[server]
PROTOCOL = https
DOMAIN = 10.10.10.10
ROOT_URL = https://10.10.10.10:10000
CERT_FILE = gitea/conf/cert.pem
CERT_KEY = gitea/conf/key.pem
cert.pem is 0644 key.pem is 0600 both are owned by the docker container and can be read inside the docker container fine:
docker exec -it gitea /bin/bash
ls -l /data/gitea/conf/*.pem
-rw-r--r-- 1 git git 1159 jun 9 12:43 /data/gitea/conf/cert.pem
-rw------ 1 git git 1679 jun 9 12:43 /data/gitea/conf/key.pem
Disabling https, gitea works fine.
- Disabling https results in gitea work properly.
- Using the same setup from gogs:latest works fine in gogs.
- Setting unrealistic permissions on certs (0644 for all) does not fix the issue.
Something has changed within gitea which is resulting in these certs not being loaded properly.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 21 (10 by maintainers)
Commits related to this issue
- Make CertFile and KeyFile relative to CustomPath The current code will absolute CertFile and KeyFile against the current working directory. This is quite unexpected for users. This code makes relativ... — committed to zeripath/gitea by zeripath 4 years ago
- Make CertFile and KeyFile relative to CustomPath (#9868) * Make CertFile and KeyFile relative to CustomPath The current code will absolute CertFile and KeyFile against the current working director... — committed to go-gitea/gitea by zeripath 4 years ago
- Make CertFile and KeyFile relative to CustomPath (#9868) * Make CertFile and KeyFile relative to CustomPath The current code will absolute CertFile and KeyFile against the current working director... — committed to zeripath/gitea by zeripath 4 years ago
- Make CertFile and KeyFile relative to CustomPath (#9868) (#9874) * Make CertFile and KeyFile relative to CustomPath The current code will absolute CertFile and KeyFile against the current working ... — committed to go-gitea/gitea by zeripath 4 years ago
Nah it’s not your fault. The error report was just totally unhelpful. I’ve put a PR up to fix this for you.