I’ve been running gitweb on my FB for a while now successfully with no issues. My setup is as follows:
FB exposed on the internet with a DNS name and LetsEncrypt certificate, managed by FB, say “box.example.com”
FB is also reachable in my internal network with a fixed IP 192.168.178.27.
I use both external and internal Git clients, so I disable certificate validation when using the internal IP.
I have a dedicated user account on my FB who has access to Git repos, “kopfkind”
This has been working perfectly until last week. I’ve discovered today that I now cannot clone/push/pull anymore. I get an error message:
GnuTLS recv error (-110): The TLS connection was non-properly terminated.
I’ve been trying different clients (git 2.30.2 from a Debian stable box, WorkingCopy on an iPad). The gitweb UI is available when logging into my FB, I can see and browse my repos there.
Retrying today showed that it is now working with all my clients. I do not see any FB update logs in the meantime, so I am still puzzled as to the root cause of yesterday’s issues. But I am not able to reproduce it anymore.
I will keep an eye on it. Thanks for everybody who’s read my question and put some thought to it.
I’ve removed the “[solved]” tag from the title again, since the issue has reappeared. I am clueless as to what the root cause it. There are no indications in dpkg.log, unattended-upgrades.log, apache logs, auth logs etc.
If anybody has an idea what could cause these issues, please do let me know. I’ll need to move my git repos off my FB due to this
I think the relevant Debian package in FreedomBox that could possibly throw this error is libcurl3-gnutls. You can run apt search libcurl3-gnutls on your FreedomBox to find the installed version.
Joseph, thanks for picking up this thread. I am not aware of any proxies in use, my connection is laptop => freedombox directly with both on the same local wifi. However I do see that libntlm0 is installed, I assume FB uses it internally somewhere.
That being said your suggestion pointed me in the right direction. Most results I could find onthe web would suggest recompiling git with libssl instead of libgnutls. This would be possible on my laptop (also running Debian), but not for my iPad client - I am using “WorkingCopy” there, a closed product.
What I did in the end was upgrading git and gitweb from debian backports on my freemdombox, now it seems to work on all clients (fingers crossed!).
kopfkind@box:~$ dpkg -l gitweb
[..]
ii gitweb 1:2.34.1-1~bpo11+1 all fast, scalable, distributed revision control system (web interface)
Administration through plinth / the web interface is still possible. I can access the section and create new repos as before. Thanks for the nudge in the right direction!
Update: I got a minor package update of libtiff this morning which somehow broke the setup again, same error as before. I’ve checked /var/log/dpkg.log and saw that there has been an additional update to libcurl3-gnutls on Jan 28. Maybe the package updates today have triggered a reload of apache2 so that the new version of the library got loaded - I would not expect libtiff to break git-web.
However, fixing it was easy. I just had to upgrade the gitweb package from backports again: