[Bug] SKIP_TLS_VERIFY=true not working on webhook

[toni-moreno]

• Gitea version (or commit ref):
• Git version:
  Gitea version 1.11.0+dev-146-g232340f5e built with GNU Make 4.2.1, go1.13.4 : bindata, sqlite, sqlite_unlock_notify
• Operating system:
  Docker
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

Gitea is not able to launch remote webhook, even when SKIP_TLS_VERIFY=true environment variable is set.

2019/11/02 11:12:51 ...s/graceful/server.go:87:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 18
2019/11/02 11:13:38 ...s/webhook/deliver.go:179:DeliverHooks() [E] deliver: Post https://drone.myserver.io/hook?secret=5Bq2GZ8BWY9yHiG3KPpFud5Gqu56tj8m: x509: certificate is valid for 2a22c8a50bcf6fe0a18245ddbd8979b3.1c13c9704e69fcdb724d9de94cf8e6ae.traefik.default, not drone.myserver.io

This is my service config.

version: "3.3"
services:
  git:
    image: gitea/gitea:latest 
    environment:
      - USER_UID=1001
      - USER_GID=1001
      - DB_TYPE=postgres
      - DB_HOST=git-db:5432
      - DB_NAME=gitea
      - DB_USER=${WEB_ADMIN_USERNAME}
      - DB_PASSWD=${WEB_ADMIN_PASSWORD}
      - SSH_DOMAIN=git.${WEB_DOMAIN}
      - SKIP_TLS_VERIFY=true
    networks:
      - net-public
    volumes:
      - gitea-data:/data
    ports:
      - "3000:3000"
      - "2222:22"
    deploy:
      placement:
        constraints:
          - node.labels.role.git == true
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:git.${WEB_DOMAIN}
        - traefik.docker.network=net-public
        - traefik.port=3000
        - traefik.tags=net-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https

[lunny]

We haven't support SKIP_TLS_VERIFY environment, you have to set that via app.ini.

[toni-moreno]

@lunny I've seen that Dockerimage doesn't contain the app.ini file , so I suspect Dockerfile generates by itself on container start with environment variables, so I have a question.

Could I mount only with this option and with the environment variables?

/my_app.ini:/data/gitea/conf/app.ini

with only this option in my_app.ini ?

[webhook]

SKIP_TLS_VERIFY = true

[toni-moreno]

Hi @lunny I've tested , and remembered that app.ini is created in the setup phase, so previous solution doesn't work.

Could be good if addedSKIP_TLS_VERIFY as environment var.

Thank you for your attention.

[zeripath]

This is yet another example of a thing that #7287 would fix... The environment variable would be GITEA__WEBHOOK__SKIP_TLS_VERIFY

[toni-moreno]

After doing a new installation with docker , I realized that is not a good idea to map an app.ini file if you can not create the admin user , and I can 't (#8763) , so is needed this variable as @zeripath suggested or fix the admin creation tool.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[stale]

This issue has been automatically closed because of inactivity. You can re-open it if needed.