Error while authenticating against OAuth provider

[TarumK]

1. В дополнение к нашей переписке в формате email. По поводу проблемы авторизации woodpecker ci через gitea при разворачивании dcape v.3 (Локальный сервер. Вариант без поддержки SSL, но с установкой gitea.) Поменял версию woodpecker с 2.0.х до 2.7.3. Теперь картинка такая.

[LeKovr]

"Вариант без поддержки SSL" вообще не факт, что заработает. Я бы рекомендовал использовать LetsEncrypt или, если это не подходит, развернуть Step CA. В 2024м у многих приложений могут возникнуть проблемы при попытке работать по HTTP.

По существу вопроса, было бы полезно увидеть логи контейнеров dcape-vcs-1 и dcape-cicd-1 на момент попытки авторизации

[TarumK]

Логи контейнеров при попытке авторизации.

dcape-vcs-1

2024/12/02 08:10:02 ...c/net/http/server.go:2136:ServeHTTP() [I] PING DATABASE postgres
2024/12/02 08:10:02 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/healthz for 127.0.0.1:33698, 200 OK in 4.3ms @ healthcheck/check.go:67(healthcheck.Check)
Unable to negotiate with 198.199.82.57 port 39330: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
2024/12/02 08:10:13 ...c/net/http/server.go:2136:ServeHTTP() [I] PING DATABASE postgres
2024/12/02 08:10:13 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/healthz for 127.0.0.1:58318, 200 OK in 1.6ms @ healthcheck/check.go:67(healthcheck.Check)
Unable to negotiate with 198.199.82.57 port 39954: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
2024/12/02 08:10:23 ...c/net/http/server.go:2136:ServeHTTP() [I] PING DATABASE postgres
2024/12/02 08:10:23 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/healthz for 127.0.0.1:46546, 200 OK in 1.5ms @ healthcheck/check.go:67(healthcheck.Check)
2024/12/02 08:10:23 ...eb/routing/logger.go:102:func1() [I] router: completed GET /login/oauth/authorize?client_id=1c559e49-ce92-4f4d-921e-217e993332f5&redirect_uri=http%3A%2F%2Fcicd.46217.ip-ptr.tech%2Fauthorize&response_type=code&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzMxMTY1MjMsImZvcmdlLWlkIjoiMSIsInR5cGUiOiJvYXV0aC1zdGF0ZSJ9.aWjtBjMBlUUnwAg0U-vUYJcQG92aJY46RuYozvi3rx8 for 194.85.27.129:0, 303 See Other in 2.0ms @ web/web.go:124(web.registerRoutes.verifyAuthWithOptions)
2024/12/02 08:10:23 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for 194.85.27.129:0, 200 OK in 24.6ms @ auth/auth.go:141(auth.SignIn)
2024/12/02 08:10:26 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for 194.85.27.129:0, 303 See Other in 286.3ms @ auth/auth.go:170(auth.SignInPost)
2024/12/02 08:10:26 ...eb/routing/logger.go:102:func1() [I] router: completed GET /login/oauth/authorize?client_id=1c559e49-ce92-4f4d-921e-217e993332f5&redirect_uri=http%3A%2F%2Fcicd.46217.ip-ptr.tech%2Fauthorize&response_type=code&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzMxMTY1MjMsImZvcmdlLWlkIjoiMSIsInR5cGUiOiJvYXV0aC1zdGF0ZSJ9.aWjtBjMBlUUnwAg0U-vUYJcQG92aJY46RuYozvi3rx8 for 194.85.27.129:0, 303 See Other in 57.3ms @ auth/oauth.go:362(auth.AuthorizeOAuth)
2024/12/02 08:10:33 ...c/net/http/server.go:2136:ServeHTTP() [I] PING DATABASE postgres
2024/12/02 08:10:33 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/healthz for 127.0.0.1:47024, 200 OK in 4.9ms @ healthcheck/check.go:67(healthcheck.Check)
Unable to negotiate with 198.199.82.57 port 56210: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

dcape-cicd-1

{"level":"debug","time":"2024-12-02T08:11:23+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/api/stream.go:82","message":"user feed: connection closed"}
{"level":"debug","ip":"194.85.27.129","latency":62069.578277,"method":"GET","path":"/api/stream/events","status":200,"time":"2024-12-02T05:11:23Z","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36","time":"2024-12-02T08:11:23+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":0.713579,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:11:47Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:11:47+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":0.465735,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:12:17Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:12:17+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":1.490468,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:12:48Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:12:48+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":1.462684,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:13:18Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:13:18+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":0.792397,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:13:48Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:13:48+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":1.199642,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:14:19Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:14:19+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":0.528451,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:14:49Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:14:49+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}
{"level":"debug","ip":"::1","latency":0.997495,"method":"GET","path":"/healthz","status":204,"time":"2024-12-02T05:15:20Z","user-agent":"Go-http-client/1.1","time":"2024-12-02T08:15:20+03:00","caller":"/woodpecker/src/github.com/woodpecker-ci/woodpecker/server/router/middleware/logger.go:59"}

[LeKovr]

Судя по строкам

2024/12/02 08:10:23 ...eb/routing/logger.go:102:func1() [I] router: completed GET /login/oauth/authorize?client_id=1c559e49-ce92-4f4d-921e-217e993332f5&redirect_uri=http%3A%2F%2Fcicd.46217.ip-ptr.tech%2Fauthorize&response_type=code&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzMxMTY1MjMsImZvcmdlLWlkIjoiMSIsInR5cGUiOiJvYXV0aC1zdGF0ZSJ9.aWjtBjMBlUUnwAg0U-vUYJcQG92aJY46RuYozvi3rx8 for 194.85.27.129:0, 303 See Other in 2.0ms @ web/web.go:124(web.registerRoutes.verifyAuthWithOptions)
2024/12/02 08:10:23 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for 194.85.27.129:0, 200 OK in 24.6ms @ auth/auth.go:141(auth.SignIn)
2024/12/02 08:10:26 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for 194.85.27.129:0, 303 See Other in 286.3ms @ auth/auth.go:170(auth.SignInPost)
2024/12/02 08:10:26 ...eb/routing/logger.go:102:func1() [I] router: completed GET /login/oauth/authorize?client_id=1c559e49-ce92-4f4d-921e-217e993332f5&redirect_uri=http%3A%2F%2Fcicd.46217.ip-ptr.tech%2Fauthorize&response_type=code&state=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzMxMTY1MjMsImZvcmdlLWlkIjoiMSIsInR5cGUiOiJvYXV0aC1zdGF0ZSJ9.aWjtBjMBlUUnwAg0U-vUYJcQG92aJY46RuYozvi3rx8 for 194.85.27.129:0, 303 See Other in 57.3ms @ auth/oauth.go:362(auth.AuthorizeOAuth)

я бы предположил, что проблема на стороне дятла. Возможно, это или это сможет помочь