skip to Main Content

Disclaimer up front: I’m very new to Linux/Ubuntu as a whole and system administration as well only having dabbled with it in my free time so please be patient and thorough with your answers.

I installed Gitea on my Ubuntu 20.04 server with git-lfs.
I have Apache running a reverse proxy to use my subdomain with gitea. I also have it configured for SSH using certbot.

Every time I try to push a large file (~>1Gb) I get an LFS: Client error from HTTP 413.

What I’ve tried so far:

  • disable UFW
  • Increase all relevant file and file size options in the gitea config

Here is my app.ini:

APP_NAME = Tali Git
RUN_USER = git
RUN_MODE = prod

[security]
INTERNAL_TOKEN     = XXXXX
INSTALL_LOCK       = true
SECRET_KEY         = XXXXXXX
PASSWORD_HASH_ALGO = pbkdf2

[database]
DB_TYPE  = sqlite3
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = 
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db
LOG_SQL  = false

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories

[repository.upload]
FILE_MAX_SIZE = 999999999999
MAX_FILES = 999999999999

[server]
SSH_DOMAIN       = git.example.com
DOMAIN           = git.example.com
HTTP_PORT        = 3000
ROOT_URL         = https://git.example.com/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET   = XXXXXXXXXXXX
LFS_MAX_FILE_SIZE = 999999999999999999999999
OFFLINE_MODE     = false
LFS_HTTP_AUTH_EXPIRY = 999999m

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE      = console
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log
ROUTER    = console

[ui]
DEFAULT_THEME = arc-green
THEMES = gitea,arc-green

The apache HTTP proxy:

<VirtualHost *:80>
    ServerName git.example.com
    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
LimitRequestBody 0
RewriteEngine on
RewriteCond %{SERVER_NAME} =git.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The apache SSH proxy:

<IfModule mod_ssl.c>
<VirtualHost *:443>
<Directory />
    SSLRenegBufferSize 2147483647
</Directory>
    ServerName git.example.com
    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/

SSLCertificateFile /etc/letsencrypt/live/git.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

There was nothing that stood out in the Apache access or error log.

The relevant Gitea log with log level trace can be found here: https://pastebin.com/XgbQaZn0

Any tips, ideas or shared experiences would be highly appreciated. I’m at a total loss here.

3

Answers


  1. Chosen as BEST ANSWER

    Okay I figured it out and posting it here for anyone to come across in the future:

    I consolidated my apache config into a single file since certbots auto configurator actually creates a dedicated 443 one. My site config file looks like this:

    <VirtualHost *:80>
    
                   ServerName git.example.com
                   ServerAdmin [email protected]
    
                   ProxyPass / http://localhost:3000/
                   ProxyPassReverse / http://localhost:3000/
    </VirtualHost>
     
    <VirtualHost *:443>
    
                   ServerName git.example.com
                   ServerAdmin [email protected]
    
                   SSLEngine on
                   SSLCertificateFile /etc/letsencrypt/live/git.example.com/cert.pem
                   SSLCertificateKeyFile /etc/letsencrypt/live/git.example.com/privkey.pem
                   SSLCertificateChainFile /etc/letsencrypt/live/git.example.com/fullchain.pem
    
                   ProxyPass / http://localhost:3000/
                   ProxyPassReverse / http://localhost:3000/
    </VirtualHost>
    

    Previously, I ran certbot certonly to generate these certificate files that I'm pointing Apache to here.

    Additionally—and I haven't tested if this actually affects it—this time I used http:// in the gitea root URL in its app.ini configuration instead of https://.

    Either way, it works!


  2. Have you tried adding

    git config http.version HTTP/1.1
    

    in your git configuration?

    Login or Signup to reply.
  3. Cloudflare will cause HTTP 413 errors when pusing larger files to LFS. Be sure to run Gitea without Cloudflare as a proxy.

    LFS: Client error: https://example.com/user/test.git/... from HTTP 413
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search