Trouble Logging In and Cloning Repositories to Self-Hosted onedev Instance Behind Traefik (OD-2017)

Innomatrix opened 1 year ago

I'm having trouble logging in with Docker from the terminal nor cloning repositories from my self-hosted onedev instance that is deployed behind a Traefik reverse proxy.

The onedev server is running in a Docker container with the following Docker Compose configuration:

services:
  app:
    hostname: 'onedev'
    image: '1dev/server:latest'
    container_name: 'onedev-app'
    restart: unless-stopped
    environment:
      - hibernate_dialect=io.onedev.server.persistence.PostgreSQLDialect
      - hibernate_connection_driver_class=org.postgresql.Driver
      - hibernate_connection_url=jdbc:postgresql://onedev-db:5432/onedev
      - hibernate_connection_username=onedev-user
      - hibernate_connection_password=changeMe.aHighlyComplexPasswordToKeepYouSecure
      - initial_user=LocalUser
      - initial_password=Password
      - [email protected]
      - initial_server_url=https://onedev.domain.local
      - initial_ssh_root_url=ssh://onedev.domain.local
    volumes:
      - 'onedev-app-data-vol:/opt/onedev'
      - '/var/run/docker.sock:/var/run/docker.sock'
    networks:
      - 'onedev-network'
    ports:
      - '6610:6610'
    depends_on:
      db:
        condition: service_healthy
  db:
    hostname: 'postgresql'
    image: 'postgres:16-alpine'
    container_name: 'onedev-db'

The host is secured with TLS 1.3 and accessible via a web GUI.

Could you please help me troubleshoot this issue? I'm not sure if there's a problem with the Traefik configuration or the onedev Docker Compose setup.

**docker login onedev.domain.local   ->> throws 401 Unauthorized
git clone ->> throws again remote 401 Unauthorized**

Any help would be greatly appreciated!

Activities

Robin Shen commented 1 year ago

Please check server url of system setting to make sure it is also onedev.domain.local
Innomatrix commented 1 year ago

Thanks for the reply. The domains are the same. I created two other VM instances with Gitea and Forgejo, and I'm experiencing the same issue with them. Therefore, I'm leaning towards this being a Traefik configuration issue.

Traefik community issue
Robin Shen commented 1 year ago

Hmm... You may clone via OneDev's 6610 port directly to see if it works. If works, it should be Traefik configuration issue.
Innomatrix commented 1 year ago

Hmm... You may clone via OneDev's 6610 port directly to see if it works. If works, it should be Traefik configuration issue.

Exactly... it seems it is Traefik :/
Innomatrix commented 1 year ago

@robin does OneDev app facilitate anything similar to REVERSE_PROXY_TRUSTED_PROXIES config setting?
Robin Shen commented 1 year ago

No, OneDev does not make use of that. I have not tested with Traefik, but it works with Nginx, Apache, Caddy, or IIS without any issues.
Innomatrix commented 1 year ago

I identified that the custom Traefik error-catcher middleware was the source of the problem. When first request hit the self-hosted GIT instance and there are no creds provided yet it responds with 401 and this is a moment whern middleware took over.

Thx for your time anyways!
Robin Shen changed state to 'Closed' 1 year ago
Previous Value Current Value
Open

Closed
Robin Shen commented 1 year ago

Thanks for the info. In this case, OneDev will respond wth 401 together with header WWW-Authenticate, which is the standard behavior. Frontend should present a login form instead of just failed.
Innomatrix commented 1 year ago

Thanks for the info. In this case, OneDev will respond wth 401 together with header WWW-Authenticate, which is the standard behavior. Frontend should present a login form instead of just failed.

Indeed and I saw it in logs and finally understood it.... I cloned middleware and excluded 401, it helped! Thank you!
Login to comment

Previous Value	Current Value
Open	Closed

Type	Question
Priority	Normal
Assignee	Cody Robinson
Labels	No labels

Issue Votes (0)

Watchers (2)

Reference

OD-2017