Drone with gitea gives 404 on login

Anton_Chichkov · November 22, 2022, 2:21am

Hello! I found this topic about the same error. I double-checked all tokens in docker-compose, and they all are fine. But still I see 404 when trying to login to drone with gitea. Maybe I’m missing something?

My gitea instance is running behind reverse proxy with https. It is available at https://sc.lers.ru

Drone is configured to run behind the same reverse proxy, and is available at https://support.lers.ru

I logged in to gitea as admin and created oauth application with https://support.lers.ru/login as redirect URI.

Drone is started with the compose file:

version: "3.9"
services:
  drone:
    image: drone/drone:2
    restart: always
    ports:
      - "8088:80"
    environment:
      DRONE_GITEA_SERVER: https://sc.lers.ru
      DRONE_GITEA_CLIENT_ID: 543baaab-5db5-40f1-888c-4b0e1a6d3390
      DRONE_GITEA_CLIENT_SECRET: gto_6uvee43m3p5ygnz3lmqk5kdco4l6nmqr44blgxdk4mqpz3hdd42q
      DRONE_GITEA_SKIP_VERIFY: true
      DRONE_RPC_SECRET: 47a737e61c4b525103d8ac4854fa2382
      DRONE_SERVER_HOST: https://support.lers.ru
      DRONE_SERVER_PROTO: https
      DRONE_LOGS_DEBUG: true

Now when I try to login, I get redirected to
https://support.lers.ru/login/oauth/authorize?client_id=543baaab-5db5-40f1-888c-4b0e1a6d3390&redirect_uri=https%3A%2F%2Fsupport.lers.ru%2Flogin&response_type=code&state=8866cb397916001e

Here is my drone’s log excrept:

drone-drone-1  | {"fields.time":"2022-11-22T02:07:11Z","latency":81600,"level":"debug","method":"GET","msg":"","remote":"192.168.1.10:56265","request":"/login","request-id":"2HsnoIi0Bbup5f4LwdLjPdtfMXF","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"fields.time":"2022-11-22T02:07:11Z","latency":48500,"level":"debug","method":"GET","msg":"","remote":"192.168.1.10:56265","request":"/login/oauth/authorize?client_id=543baaab-5db5-40f1-888c-4b0e1a6d3390\u0026redirect_uri=https%3A%2F%2Fsupport.lers.ru%2Flogin\u0026response_type=code\u0026state=b80704bb7b4d7c03","request-id":"2HsnoIUPnmOntUGL9hK5kr24ws2","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"level":"debug","msg":"api: authentication required","request-id":"2HsnoF8b5gXBlWiPIMKdScnNMmu","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"level":"debug","msg":"api: guest access","request-id":"2HsnoF8b5gXBlWiPIMKdScnNMmu","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"fields.time":"2022-11-22T02:07:11Z","latency":1196213,"level":"debug","method":"GET","msg":"","remote":"192.168.1.10:56265","request":"/api/user","request-id":"2HsnoF8b5gXBlWiPIMKdScnNMmu","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"level":"debug","msg":"events: stream opened","request-id":"2HsnoJZRd010rmHtRhGbETo5T62","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"error":"sql: no rows in result set","level":"debug","msg":"api: repository not found","name":"oauth","namespace":"login","request-id":"2HsnoEhS8Uy0qHSlCoWrugwOpXV","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"level":"debug","msg":"api: guest access","request-id":"2HsnoEhS8Uy0qHSlCoWrugwOpXV","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"fields.time":"2022-11-22T02:07:11Z","latency":523706,"level":"debug","method":"GET","msg":"","remote":"192.168.1.10:56265","request":"/api/repos/login/oauth","request-id":"2HsnoEhS8Uy0qHSlCoWrugwOpXV","time":"2022-11-22T02:07:11Z"}
drone-drone-1  | {"level":"debug","msg":"events: stream error","request-id":"2HsnOtBm4JOFMPuK3TuXaQOJAiv","time":"2022-11-22T02:07:19Z"}
drone-drone-1  | {"level":"debug","msg":"events: stream closed","request-id":"2HsnOtBm4JOFMPuK3TuXaQOJAiv","time":"2022-11-22T02:07:19Z"}
drone-drone-1  | {"level":"debug","msg":"api: guest access","request-id":"2HsnOtBm4JOFMPuK3TuXaQOJAiv","time":"2022-11-22T02:07:19Z"}
drone-drone-1  | {"fields.time":"2022-11-22T02:07:19Z","latency":210013839323,"level":"debug","method":"GET","msg":"","remote":"192.168.1.10:56104","request":"/api/stream","request-id":"2HsnOtBm4JOFMPuK3TuXaQOJAiv","time":"2022-11-22T02:07:19Z"}

I don’t see any request to gitea in proxy’s or gitea logs. Is there anything I missed in configuration?

d1wilko · November 22, 2022, 9:51am

can you try changing this to DRONE_SERVER_HOST: support.lers.ru - the https piece should be provided by the DRONE_SERVER_PROTO value

Anton_Chichkov · November 22, 2022, 12:30pm

Thanks for your reply!

I changed host as you proposed, pruned all volumes and restarted drone container. Unfortunately with the same 404 result.

Please, fell free to see it in https://support.lers.ru
Any ideas where should i start digging? My devops skills are not that good

If it’s important, proxy is IIS with ARR. http_x_forwarded_for and http_x_forwarded_proto headers are passed to backend.

d1wilko · November 22, 2022, 1:48pm

From what I’m seeing, it is behaving like you have set DRONE_GITEA_SERVER as https://support.lers.ru.

Can you delete the docker container completely and rerun? - perhaps you had that value set previously and the docker image has maintained the value?

Anton_Chichkov · November 22, 2022, 1:59pm

Hmmm… Yes, I see that login url should be sc instead of support. I definitely removed all containers and recreated again.

Maybe the problem is that sc and support both resolve to the same IP address belonging to reverse proxy?

d1wilko · November 22, 2022, 3:15pm

That may be the case - based on the info you have provided it looks like you have set up drone correctly

I’m afraid when it comes to proxies it’s more often a problem on that end that we can’t really fix - I think its best to dig into the proxy!

Anton_Chichkov · November 22, 2022, 11:37pm

Dan, than’s for your help. I managed to configure gitea + drone behind IIS as reverse proxy.

The problem is that ARR in IIS rewrites host header. See this discussion at gitea’s github.

After I disabled this ARR setting authentication worked just fine.

Thank you!