--- # Fix Gitea SSL and Routing Issues # Prüft SSL-Zertifikat, Service Discovery und behebt Routing-Probleme - name: Fix Gitea SSL and Routing hosts: production gather_facts: yes become: no vars: gitea_stack_path: "{{ stacks_base_path }}/gitea" traefik_stack_path: "{{ stacks_base_path }}/traefik" gitea_url: "https://{{ gitea_domain }}" gitea_url_http: "http://{{ gitea_domain }}" tasks: - name: Check Gitea container status ansible.builtin.shell: | cd {{ gitea_stack_path }} docker compose ps gitea register: gitea_status changed_when: false - name: Check Traefik container status ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose ps traefik register: traefik_status changed_when: false - name: Check if Gitea is in traefik-public network ansible.builtin.shell: | docker network inspect traefik-public --format '{{ '{{' }}range .Containers{{ '}}' }}{{ '{{' }}.Name{{ '}}' }} {{ '{{' }}end{{ '}}' }}' 2>/dev/null | grep -q gitea && echo "YES" || echo "NO" register: gitea_in_network changed_when: false - name: Test direct connection from Traefik to Gitea (by service name) ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose exec -T traefik wget -qO- --timeout=5 http://gitea:3000/api/healthz 2>&1 || echo "CONNECTION_FAILED" register: traefik_gitea_direct changed_when: false failed_when: false - name: Check Traefik logs for SSL/ACME errors ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose logs traefik --tail=100 2>&1 | grep -iE "acme|certificate|git\.michaelschiemer\.de|ssl|tls" | tail -20 || echo "No SSL/ACME errors found" register: traefik_ssl_errors changed_when: false failed_when: false - name: Check if SSL certificate exists for git.michaelschiemer.de ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose exec -T traefik cat /acme.json 2>/dev/null | grep -q "git.michaelschiemer.de" && echo "YES" || echo "NO" register: ssl_cert_exists changed_when: false failed_when: false - name: Test Gitea via HTTP (port 80, should redirect or show error) ansible.builtin.uri: url: "{{ gitea_url_http }}/api/healthz" method: GET status_code: [200, 301, 302, 404, 502, 503, 504] validate_certs: false timeout: 10 register: gitea_http_test changed_when: false failed_when: false - name: Test Gitea via HTTPS ansible.builtin.uri: url: "{{ gitea_url }}/api/healthz" method: GET status_code: [200, 301, 302, 404, 502, 503, 504] validate_certs: false timeout: 10 register: gitea_https_test changed_when: false failed_when: false - name: Display diagnostic information ansible.builtin.debug: msg: | ================================================================================ GITEA SSL/ROUTING DIAGNOSE: ================================================================================ Container Status: - Gitea: {{ gitea_status.stdout | regex_replace('.*(Up|Down|Restarting).*', '\\1') | default('UNKNOWN') }} - Traefik: {{ traefik_status.stdout | regex_replace('.*(Up|Down|Restarting).*', '\\1') | default('UNKNOWN') }} Network: - Gitea in traefik-public: {% if gitea_in_network.stdout == 'YES' %}✅{% else %}❌{% endif %} - Traefik → Gitea (direct): {% if 'CONNECTION_FAILED' not in traefik_gitea_direct.stdout %}✅{% else %}❌{% endif %} SSL/Certificate: - Certificate in acme.json: {% if ssl_cert_exists.stdout == 'YES' %}✅{% else %}❌{% endif %} Connectivity: - HTTP (port 80): Status {{ gitea_http_test.status | default('TIMEOUT') }} - HTTPS (port 443): Status {{ gitea_https_test.status | default('TIMEOUT') }} Traefik SSL/ACME Errors: {{ traefik_ssl_errors.stdout }} ================================================================================ - name: Restart Gitea if not in network or connection failed ansible.builtin.shell: | cd {{ gitea_stack_path }} docker compose restart gitea register: gitea_restart changed_when: gitea_restart.rc == 0 when: gitea_in_network.stdout != 'YES' or 'CONNECTION_FAILED' in traefik_gitea_direct.stdout - name: Wait for Gitea to be ready after restart ansible.builtin.pause: seconds: 30 when: gitea_restart.changed | default(false) - name: Restart Traefik to refresh service discovery and SSL ansible.builtin.shell: | cd {{ traefik_stack_path }} docker compose restart traefik register: traefik_restart changed_when: traefik_restart.rc == 0 when: > (traefik_auto_restart | default(false) | bool) and (gitea_restart.changed | default(false) or gitea_https_test.status | default(0) != 200) - name: Wait for Traefik to be ready after restart ansible.builtin.pause: seconds: 15 when: traefik_restart.changed | default(false) - name: Wait for Gitea to be reachable via HTTPS (with retries) ansible.builtin.uri: url: "{{ gitea_url }}/api/healthz" method: GET status_code: [200] validate_certs: false timeout: 10 register: final_gitea_test until: final_gitea_test.status == 200 retries: 20 delay: 3 changed_when: false failed_when: false when: traefik_restart.changed | default(false) or gitea_restart.changed | default(false) - name: Final status check ansible.builtin.uri: url: "{{ gitea_url }}/api/healthz" method: GET status_code: [200] validate_certs: false timeout: 10 register: final_status changed_when: false failed_when: false - name: Summary ansible.builtin.debug: msg: | ================================================================================ ZUSAMMENFASSUNG - Gitea SSL/Routing Fix: ================================================================================ Aktionen: - Gitea Restart: {% if gitea_restart.changed | default(false) %}✅ Durchgeführt{% else %}ℹ️ Nicht nötig{% endif %} - Traefik Restart: {% if traefik_restart.changed | default(false) %}✅ Durchgeführt{% else %}ℹ️ Nicht nötig{% endif %} Final Status: - Gitea via HTTPS: {% if final_status.status == 200 %}✅ Erreichbar{% else %}❌ Nicht erreichbar (Status: {{ final_status.status | default('TIMEOUT') }}){% endif %} {% if final_status.status == 200 %} ✅ Gitea ist jetzt über Traefik erreichbar! URL: {{ gitea_url }} {% else %} ⚠️ Gitea ist noch nicht erreichbar Mögliche Ursachen: 1. SSL-Zertifikat wird noch generiert (ACME Challenge läuft) 2. Traefik Service Discovery braucht mehr Zeit 3. Netzwerk-Problem zwischen Traefik und Gitea Nächste Schritte: 1. Warte 2-5 Minuten und teste erneut: curl -k {{ gitea_url }}/api/healthz 2. Prüfe Traefik-Logs: cd {{ traefik_stack_path }} && docker compose logs traefik --tail=50 3. Prüfe Gitea-Logs: cd {{ gitea_stack_path }} && docker compose logs gitea --tail=50 4. Prüfe Netzwerk: docker network inspect traefik-public | grep -A 5 gitea {% endif %} ================================================================================