# Gitea-Coolify Webhook Fix

**Date:** 2026-02-01 14:30
**Context:** Fixing auto-deploy webhooks from Gitea to Coolify

## Problem

Gitea webhooks to Coolify were failing with two different errors:

### Error 1: ALLOWED_HOST_LIST
```
dial tcp 10.0.1.5:8000: webhook can only call allowed HTTP servers
(check your webhook.ALLOWED_HOST_LIST setting), deny 'coolify(10.0.1.5:8000)'
```

### Error 2: Connection Refused
```
dial tcp 10.0.1.5:8000: connection refused
```

## Root Causes

### 1. Gitea Blocks Internal Webhooks by Default
Gitea has a security feature that prevents webhooks to internal/private IP addresses unless explicitly allowed.

**Fix:** Add `[webhook]` section to Gitea's `app.ini`:
```ini
[webhook]
ALLOWED_HOST_LIST = coolify,10.0.1.5,192.168.1.3,localhost,host.docker.internal,external
```

### 2. Wrong Port (Critical Discovery!)

| Port | Usage |
|------|-------|
| **8000** | External Docker port mapping (for browser access from `192.168.1.3:8000`) |
| **8080** | Internal container port (what nginx actually listens on inside the container) |

When Gitea (running in Docker) calls Coolify (also in Docker), it uses the Docker network. From within the network, Coolify's nginx listens on **port 8080**, not 8000.

**Wrong:** `http://coolify:8000/webhooks/...` → Connection refused
**Correct:** `http://coolify:8080/webhooks/...` → HTTP 200 OK

## Solution Applied

1. Added `[webhook]` section to Gitea's app.ini:
   ```bash
   ssh nuc "docker exec gitea-ho0cwgcwos88cwc48g84c0g8 sh -c 'echo \"\" >> /data/gitea/conf/app.ini && echo \"[webhook]\" >> /data/gitea/conf/app.ini && echo \"ALLOWED_HOST_LIST = coolify,10.0.1.5,192.168.1.3,localhost,host.docker.internal,external\" >> /data/gitea/conf/app.ini'"
   ssh nuc "docker restart gitea-ho0cwgcwos88cwc48g84c0g8"
   ```

2. Updated webhook URL from port 8000 to 8080:
   ```
   http://coolify:8080/webhooks/source/gitea/events/manual?uuid=t80w0cw0oooc4g0soswos4so
   ```

## Verification

- Webhook test delivery returned **HTTP 200**
- Green checkmark in Gitea webhook delivery history

## Key Learnings

1. **Always check internal vs external ports** when Docker containers communicate
2. **Gitea has webhook security** - must explicitly allow internal hosts
3. **The `?uuid=` parameter is required** - without it, Coolify doesn't know which app to deploy
4. **Test deliveries may not trigger actual deployments** but confirm connectivity

## Files Updated

- `docs/gitea-coolify-auto-deploy.md` - All port references updated to 8080
- `CLAUDE.md` - Webhook URL format and checklist added

## Related

- Coolify container: `coolify` (IP: 10.0.1.5 on coolify network)
- Gitea container: `gitea-ho0cwgcwos88cwc48g84c0g8`
- Both must be on the `coolify` Docker network