Let me preface this with the fact that I have searched long and hard to find a solution before coming here for help . With my current setup, I have drone and gogs both running behind a Traefik reverse proxy. Currently, activating repos works fine, however on the clone step of any drone build, it always errors like this:
+ git init Initialized empty Git repository in /drone/src/gogs.example.com/user/repo/.git/ + git remote add origin https://gogs.example.com/user/repo.git + git fetch --no-tags origin +refs/heads/master: remote: User permission denied fatal: unable to access 'https://gogs.example.com/user/repo.git/': The requested URL returned error: 403 exit status 128
(Personal information is redacted for obvious reasons)
Both repos I have tested are private, as this is a private gogs instance, all repos are hidden from the public.
My drone environment settings from the docker-compose.yml are as follows:
- DRONE_OPEN=true - DRONE_ADMIN=Arbyy - DRONE_HOST=https://drone.example.com - DRONE_SERVER_ADDR=:80 - DRONE_GOGS=true - DRONE_GOGS_URL=https://gogs.example.com - DRONE_GOGS_SKIP_VERIFY=true - DRONE_GOGS_PRIVATE_MODE=true - DRONE_GOGS_GIT_USERNAME=drone - DRONE_GOGS_GIT_PASSWORD=redacted - DRONE_SECRET=redacted - DRONE_DATABASE_DRIVER=mysql - DRONE_DATABASE_DATASOURCE=drone:redacted@tcp(220.127.116.11:1234)/drone
I have tested with and without
DRONE_GOGS_GIT_PASSWORD, these seem to have no effect on it.
I have fully deleted drone’s database to start over (and ensure that it recognizes the repos as private and whatnot), and the same thing still happens.
Gogs is running on port 3000 inside its docker container, so I even tried setting the
gogs.example.com:3000 both with and without http/s, and also tried using the docker-compose network name (just
gogs in this case). However all this yields is that now repositories are unable to be activated.
I have fully investigated Traefik’s involvement in this, and have specified all endpoints to Forward Headers, and as far as I can tell from reading, Traefik automatically handles websockets, but in any case here is a copy of my
entryPoints configuration from my
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.http.forwardedHeaders] insecure = false trustedIPs = ["172.17.0.0/16"] # Docker subnet [entryPoints.https] address = ":443" [entryPoints.https.tls] [entryPoints.https.forwardedHeaders] insecure = false trustedIPs = ["172.17.0.0/16"] # Docker subnet
Some other information that may be useful is that both drone and gogs are internally (underneath the reverse proxy) configured to not use HTTPS due to the fact that Traefik handles that.
Please let me know if there is any more information I can provide to get to the bottom of this.