VCS integration - Gitlab webhook gets 401

Hi, I am running a website hosted on my local machine which uses an nginx server as a reverse proxy.

Youtrack is served through a docker container living at http://localhost:8080. The nginx config forwards any requests to https://mydomain.com/track on to the youtrack server. All seems to be working fine.

I'm now trying to set up VCS integration with an external Gitlab account. I've created the app password as per documentation and it says the connection is working. If I click the little button in the VCS integration settings screen to "Import commits and open pull requests", then I get the commit/PR updates displayed on the issue.

However it appears the webhook is not working in Gitlab. When I push commits, I can see no updates to the ticket and requests being rejected in my nginx logs:

[08/Dec/2021:22:35:02 +0000] "POST /track/api/vcsHooksReceiver/gitlab/142-4 HTTP/1.1" 401 68 "-" "GitLab/14.6.0-pre"
[08/Dec/2021:22:35:02 +0000] "POST /track/api/vcsHooksReceiver/gitlab/142-4 HTTP/1.1" 401 68 "-" "GitLab/14.6.0-pre"
[08/Dec/2021:22:35:02 +0000] "POST /track/api/vcsHooksReceiver/gitlab/142-4 HTTP/1.1" 401 68 "-" "GitLab/14.6.0-pre"
[08/Dec/2021:22:35:02 +0000] "POST /track/api/vcsHooksReceiver/gitlab/142-4 HTTP/1.1" 401 68 "-" "GitLab/14.6.0-pre"

This is confirmed when I manually test the webhook in gitlab:

What authorization does this require?

0
5 comments

Gitlab gives the following breakdown:

POST https://mydomain.com/track/api/vcsHooksReceiver/gitlab/142-4

 Push Hook  

Completed in 0.54 seconds ()


Response

 401 
{"error":"Unauthorized","error_description":"HTTP 401 Unauthorized"}
Headers
Server: nginx
Date: Wed, 08 Dec 2021 22:47:43 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 68
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cache-Control: no-cache, no-store, no-transform, must-revalidate

Request

{
  "object_kind": "push",
  "event_name": "push",
  "before": "6af85dc897b6a59c20acaf6daf2cbf56b9291d5b",
  "after": "40180590dcb0f8de6e77eec8166921807a8ab8d0",
  "ref": "refs/heads/ISSUE-1",
  "checkout_sha": "40180590dcb0f8de6e77eec8166921807a8ab8d0",
  "message": null,
  "user_id": 1772994,
  "user_name": "user",
  "user_username": "user
  "user_email": "user@email.com",
  "user_avatar": null,
  "project_id": 123456,
  "project": {
    "id": 123456,
    "name": "project",
    "description": "",
    "web_url": "https://gitlab.com/my/repo",
    "avatar_url": null,
    "git_ssh_url": "git@gitlab.com:my/repo.git",
    "git_http_url": "https://gitlab.com/my/repo.git",
    "namespace": "user",
    "visibility_level": 0,
    "path_with_namespace": "my/repo",
    "default_branch": "master",
    "ci_config_path": null,
    "homepage": "https://gitlab.com/my/repo",
    "url": "git@gitlab.com:my/repo.git",
    "ssh_url": "git@gitlab.com:my/repo.git",
    "http_url": "https://gitlab.com/my/repo.git"
  },
  "commits": [
    {
      "id": "40180590dcb0f8de6e77eec8166921807a8ab8d0",
      "message": "ISSUE-1 commit message",
      "title": "ISSUE-1 commit message",
      "timestamp": "2021-12-08T22:47:36+00:00",
      "url": "https://gitlab.com/my/repo/-/commit/40180590dcb0f8de6e77eec8166921807a8ab8d0",
      "author": {
        "name": "user",
        "email": "user@emailcom"
      },
      "added": [

      ],
      "modified": [
        "docker-compose.yml"
      ],
      "removed": [

      ]
    }
  ],
  "total_commits_count": 1,
  "push_options": {
  },
  "repository": {
    "name": "repo",
    "url": "git@gitlab.com:my/repo.git",
    "description": "",
    "homepage": "https://gitlab.com/my/repo",
    "git_http_url": "https://gitlab.com/my/repo.git",
    "git_ssh_url": "git@gitlab.com:my/repo.git",
    "visibility_level": 0
  }
}
Headers
Content-Type: application/json
User-Agent: GitLab/14.6.0-pre
X-Gitlab-Event: Push Hook
0

Hi! 

If you didn't omit it intentionally, then there should also be an 'X-Gitlab-Token'  header that would serve an authentication purpose, which seems to be the main problem here. 

I suggest that you do the following: 

  • make sure that you configured your reverse proxy in accordance with the documentation
  • try to disable → enable the VCS integration in the YouTrack settings. It should recreate a webhook, which might fix the issue 

If it doesn't help, then please reach out to our support and share the following details: 

We'll inspect the data and get back to you with further details. Thanks. 

0

Hi Sergey, thanks for the help disabling and re-enabling added the auth token and now it works!

Strange as I'd deleted and re-made the integration several times, but never disabled/re-enabled.
I've confirmed by resetting all back to normal, creating the integration does not add the auth token. After disabling and re-enabling the auth token is added. A bug?

0

Hi! 

Sorry for the late reply. We've been testing this case and have not reproduced this behavior yet. Creating a new GitLab integration has added a secret token in all the cases. So it might be related to specifics in your GitLab account, which we have no means to verify. 

As of now, we added additional logging for hook creation that will be included in one of the upcoming YouTrack releases. After that, we'll keep an eye on related errors to see if we'll be able to identify why such a case may occur. Thanks for bringing it to our attention. 

0

Hi! 

Had the exact same problem with Youtrack's in-cloud service as well; testing webhooks on Gitlab also returned 401. 

Disabling and re-enabling also fixed the issue. 

 

Some keywords for people to find this:

Cannot see commits in Youtrack VCS changes

VCS Integration does not work

Gitlab CI/CD integration does not work

0

Please sign in to leave a comment.