sslraspberry-pissl-certificatereverse-proxygitea

fatal: unable to access 'https://URL.git': server certificate verification failed. CAfile: none CRLfile: none

I have a Raspberry Pi with Apache2 and multiple Virtualhosts and a config like this:

ServerSignature Off
ServerTokens Prod

Protocols h2 h2c http/1.1

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

CacheQuickHandler on
CacheEnable disk /
CacheHeader on
CacheDefaultExpire 8000
CacheMaxExpire 640000
CacheIgnoreNoLastMod On
ExpiresActive on
ExpiresDefault "access plus 1 year"
CacheDirLevels 5
CacheDirLength 3

Header set Cache-Control "max-age=31536000, public"
Header unset Last-Modified
Header unset ETag

ErrorDocument 404 *ERROR_URL*

SSLCertificateFile /home/pi/server/Certificates/cert.pem
SSLCertificateKeyFile /home/pi/server/Certificates/privkey.pem
SSLCertificateChainFile /home/pi/server/Certificates/fullchain.pem

...

<VirtualHost *:3000>
    SSLEngine on
    ServerAlias *GITEA_URL*

    ErrorLog ${APACHE_LOG_DIR}/gitea_error.log
    CustomLog  ${APACHE_LOG_DIR}/gitea_access.log combined

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyVia Full

    <Proxy *>
        Require all granted
    </Proxy>

    SSLProxyEngine On

    <Location "/" >
        ProxyPass http://192.168.178.64:3333/
        ProxyPassReverse http://192.168.178.64:3333/
    </Location>
</VirtualHost>

the gitea server is in a docker on my NAS and gitea is working for everything except

git clone *GITEA_URL*/*username*/*repo*.git

there is always this error

fatal: unable to access '*GITEA_URL*/*username*/*repo*.git': server certificate verification failed. CAfile: none CRLfile: none

if you need app.ini

APP_NAME = Zokki's Gitea
RUN_MODE = prod
RUN_USER = git

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH    = /data/gitea
DOMAIN           = localhost
SSH_DOMAIN       = localhost
HTTP_PORT        = 3000
ROOT_URL         = *GITEA_URL*
DISABLE_SSH      = false
SSH_PORT         = 22
SSH_LISTEN_PORT  = 22
LFS_START_SERVER = true
LFS_JWT_SECRET   = pw
OFFLINE_MODE     = false

[database]
PATH     = /data/gitea/gitea.db
DB_TYPE  = mysql
HOST     = 192.168.178.64:3307
NAME     = gitea
USER     = gitea
PASSWD   = pw
LOG_SQL  = false
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8

How can I clone this repo with ssl and dont have to disable ssl-verify in my local git?

Solution

  • I "fixed" it by changing to nginx

    It worked perfectly on first try