github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

CI communication behind reverse proxy #1018

New Issue
Closed
opened 2025-11-02 03:45:27 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 03:45:27 -06:00
Owner
Copy Link

Originally created by @w9n on GitHub (Aug 30, 2017).

I use gitea behind an oauth reverse proxy with ssl termination and need the AppURL as seen from outside. When using DroneCI i dont want to communicate through the proxy with oauth but through a local bridge. The URL of the drone pulls come from ComposeHTTPSCloneURL.

I have created a little fix for me but im not sure if this should be handled here, the gitea sdk or in Drone

Originally created by @w9n on GitHub (Aug 30, 2017). I use gitea behind an oauth reverse proxy with ssl termination and need the `AppURL` as seen from outside. When using DroneCI i dont want to communicate through the proxy with oauth but through a local bridge. The URL of the drone pulls come from ComposeHTTPSCloneURL. I have created a little fix for me but im not sure if this should be handled here, the gitea sdk or in Drone
GiteaMirror commented 2025-11-02 03:45:28 -06:00
Author
Owner
Copy Link

@BlackVoid commented on GitHub (Sep 10, 2017):

You can use the following if you use auth_request:

satisfy  any;
auth_request /XXX/oauth2/auth;
allow  127.0.0.1;
deny   all;
@BlackVoid commented on GitHub (Sep 10, 2017): You can use the following if you use auth_request: satisfy any; auth_request /XXX/oauth2/auth; allow 127.0.0.1; deny all;
GiteaMirror commented 2025-11-02 03:45:28 -06:00
Author
Owner
Copy Link

@w9n commented on GitHub (Sep 17, 2017):

Im currently usinglua-resty-openidc not the auth_request module. Not sure how allow 127.0.0.1 would satisfy the internal ip of the nginx container, but could be a possibility to allow the subnet of the backend.

@w9n commented on GitHub (Sep 17, 2017): Im currently using[lua-resty-openidc]( https://github.com/pingidentity/lua-resty-openidc) not the auth_request module. Not sure how `allow 127.0.0.1` would satisfy the internal ip of the nginx container, but could be a possibility to allow the subnet of the backend.
GiteaMirror commented 2025-11-02 03:45:28 -06:00
Author
Owner
Copy Link

@BlackVoid commented on GitHub (Sep 17, 2017):

You can enter a subnet ex. 192.168.1.0/24. I hosted everything on the same machine without containers so ip depends on your setup.

On 17 September 2017 14:41:08 GMT+02:00, w9n notifications@github.com wrote:

Im currently usinglua-resty-openidc not the auth_request
module. Not sure how allow 127.0.0.1 would satisfy the internal ip of
the nginx container, but could be a possibility to allow the subnet of
the backend.

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/go-gitea/gitea/issues/2428#issuecomment-330041068

@BlackVoid commented on GitHub (Sep 17, 2017): You can enter a subnet ex. 192.168.1.0/24. I hosted everything on the same machine without containers so ip depends on your setup. On 17 September 2017 14:41:08 GMT+02:00, w9n <notifications@github.com> wrote: >Im currently using[lua-resty-openidc]( >https://github.com/pingidentity/lua-resty-openidc) not the auth_request >module. Not sure how `allow 127.0.0.1` would satisfy the internal ip of >the nginx container, but could be a possibility to allow the subnet of >the backend. > >-- >You are receiving this because you commented. >Reply to this email directly or view it on GitHub: >https://github.com/go-gitea/gitea/issues/2428#issuecomment-330041068
GiteaMirror commented 2025-11-02 03:45:28 -06:00
Author
Owner
Copy Link

@w9n commented on GitHub (Sep 18, 2017):

This way might be a little bit of a security drawback/configuration overhead compared to direct communication through a bridge, but it keeps the app much simpler. Thank you for your help!

@w9n commented on GitHub (Sep 18, 2017): This way might be a little bit of a security drawback/configuration overhead compared to direct communication through a bridge, but it keeps the app much simpler. Thank you for your help!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1018
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?