Private GitLab Runner: 403 Forbidden

Question

When running my CI-Pipeline, my GitLab runner shows that the access to the repository is denied (although it is internal and all users of the server are maintainers - including the admin)!

remote: You are not allowed to download code.
fatal: unable to access 'https://gitlab.<omitted>.me/S0urC10ud/eaglesheetmusicbackend.git/': The requested URL returned error: 403

I noticed that there is no token in the URL above, although there is one in the requests before:

21:29:18.702836 git.c:439               trace: built-in: git fetch origin +38682fb8a487f8dca7baa5107a5a021b6f8391c7:refs/pipelines/12 +refs/heads/master:refs/remotes/origin/master --depth 50 --prune --quiet
21:29:18.702963 run-command.c:663       trace: run_command: GIT_DIR=.git git-remote-https origin https://gitlab-ci-token:<omitted>@gitlab.<omitted>.me/S0urC10ud/eaglesheetmusicbackend.git

Is any special configuration needed for the Auth to be set? My runner config looks like the following:

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "shared-runner"
  url = "https://gitlab.<omitted>.me"
  token = "<omitted>"
  executor = "docker"
  clone_url = "https://gitlab.<omitted>.me"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    network_mode = "br0"
    tls_verify = false
    image = "ruby:2.6"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
    dns = ["192.168.1.251"]

Before you ask: Yes, I am accessing the GitLab-Backend via a NGINX reverse-proxy - but my config should not yield 403

Answer 1

i ended up needing to create a loopback in our firewall/DNS and that resolved the issue