lafriks
commented
1 year ago Is woodpecker server running in container?
Closed grugel-maintro closed 1 year ago
lafriks
commented
1 year ago Is woodpecker server running in container?
xTamasu
commented
1 year ago Same problem for me, as described in my discord post:
Hi, I'm trying to setup a woodpecker + gitea instance to show a Jenkins alternative at my company.
Unfortunately I'm not able to setup woodpecker with gitea sso correctly.
I've hosted everything on docker on ubuntu, but every time I try to authenticate woodpecker against gitea I get the following error message: "Error while authenticating against OAuth provider". Logs in Woodpecker are complaining about the connection being refused.
woodpecker-server_1 | {"level":"error","time":"2023-07-24T15:54:07Z","message":"cannot authenticate user. Post \"http://ubuntu:3000/login/oauth/access_token\": dial tcp 127.0.1.1:3000: connect: connection refused"}
woodpecker-agent_1 | {"level":"error","error":"rpc error: code = Unavailable desc = connection error: desc = \"error reading server preface: http2: frame too large\"","time":"2023-07-24T15:54:07Z","message":"grpc error: done(): code: Unavailable: rpc error: code = Unavailable desc = connection error: desc = \"error reading server preface: http2: frame too large\""}```
When I open up woodpecker it gets correctly redirected to gitea, but it seems like woodpecker can't communicate with gitea.
I also tried to set them both into a docker network, but it didn't help.
Any ideas?
docker-compose & env. is like on https://woodpecker-ci.org/docs/administration/setupAs per OpenID spec code flow woodpecker needs to be able to connect to gitea instance directly, also to call API methods, so if you are running gitea and woodpecker in docker containers each of them has his own localhost that is their container. So when the woodpecker tries to connect to gitea on localhost it actually tries to connect to its own container port 3000 where there is nothing to connect to.
xTamasu
commented
1 year ago @lafriks Yeah, of course. Is there a way to fix it via e. g. environment variables so the server is reachable?
I mean, the setup within docker containers oder k8s isn't rare and should be supported. It would be enough if I could just define the internal gitea url (instead of 127.0.0.1) so it can communicate via docker network?
xTamasu
commented
1 year ago @lafriks @grugel-maintro I've managed to fix it.
It seems like the problems related to the local domain (ubuntu, or OP's localhost.lan) which somehow got resolved to 127.0.0.1 inside of the woodpecker container.
I tried then to setup it with the ip directly, then woodpecker was able to communicate to gitea. Docker is wierd sometimes.
I've now got it setup with following settings (for anyone interested with the same error as me and op):
docker-compose.yml (Woodpecker + Agent)
services:
woodpecker-server:
image: woodpeckerci/woodpecker-server:v1.0
ports:
- 8000:8000
volumes:
- ./woodpecker-server-data:/var/lib/woodpecker/
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_HOST=${WOODPECKER_HOST}
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=${WOODPECKER_GITEA_URL}
- WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
- WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:v1.0
command: agent
restart: always
depends_on:
- woodpecker-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=woodpecker-server:8000
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}.env for Woodpecker
WOODPECKER_HOST=http://<YOUR-IP>:8000
WOODPECKER_AGENT_SECRET=<YOUR-SECRET>
WOODPECKER_GITEA_URL=http://<YOUR-IP>:3000/
WOODPECKER_GITEA_CLIENT=<GITEA-CLIENT>
WOODPECKER_GITEA_SECRET=<GITEA-SECRET>
I run a gitea server on localhost.
Skip TLS Verificationon gitea is enabled as well asALLOWED_HOST_LIST=external,loopback. It is possible to do the first connection over the gitea web interface but after Woodpecker is added and allowed i get this output form Woodpecker-server:outh on gitea seems to do its job: