github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

SSH Authentication Failure Logs Display 127.0.0.1 Due to FRP Proxy #10797

New Issue
Closed
opened 2025-11-02 09:18:24 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 09:18:24 -06:00
Owner
Copy Link

Originally created by @zsio on GitHub (May 7, 2023).

Description

Hello Gitea team,

I have been using Gitea to create a self-hosted Git platform on my private network. I am also using FRP (Fast Reverse Proxy) to map the SSH port of my internal network to the public server's port 22. However, I am encountering an issue with the logging of SSH authentication failures.

Since the SSH connection is going through the FRP proxy, all the authentication failure logs are showing the IP address as 127.0.0.1, which is not helpful for identifying the actual source of the failed attempts. I tried enabling the access.log feature in hopes of obtaining more information about the failed SSH authentication attempts, but it appears that these records are not present in the access.log either.

I would like to kindly request assistance in resolving this issue. Ideally, I would like to have the logs show the actual IP addresses of the devices attempting to authenticate, rather than the local loopback address. This would greatly help in identifying and mitigating any potential security risks associated with unauthorized access attempts.

Thank you for your time and support. I look forward to your response and any suggestions on how to address this issue.

Best regards

Gitea Version

1.19.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

image

Git Version

No response

Operating System

No response

How are you running Gitea?

I use binary for installation

Database

SQLite

Originally created by @zsio on GitHub (May 7, 2023). ### Description Hello Gitea team, I have been using Gitea to create a self-hosted Git platform on my private network. I am also using FRP (Fast Reverse Proxy) to map the SSH port of my internal network to the public server's port 22. However, I am encountering an issue with the logging of SSH authentication failures. Since the SSH connection is going through the FRP proxy, all the authentication failure logs are showing the IP address as 127.0.0.1, which is not helpful for identifying the actual source of the failed attempts. I tried enabling the access.log feature in hopes of obtaining more information about the failed SSH authentication attempts, but it appears that these records are not present in the access.log either. I would like to kindly request assistance in resolving this issue. Ideally, I would like to have the logs show the actual IP addresses of the devices attempting to authenticate, rather than the local loopback address. This would greatly help in identifying and mitigating any potential security risks associated with unauthorized access attempts. Thank you for your time and support. I look forward to your response and any suggestions on how to address this issue. Best regards ### Gitea Version 1.19.2 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots ![image](https://user-images.githubusercontent.com/16083606/236661379-1e859cf2-bdfa-4171-a729-f277ce704901.png) ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? I use binary for installation ### Database SQLite
GiteaMirror added the type/questionissue/needs-feedback labels 2025-11-02 09:18:24 -06:00
GiteaMirror commented 2025-11-02 09:18:25 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (May 7, 2023):

https://github.com/go-gitea/gitea/blob/release/v1.19/custom/conf/app.example.ini#L137

Make your proxy use PROXY protocol to send real client IP.

@wxiaoguang commented on GitHub (May 7, 2023): https://github.com/go-gitea/gitea/blob/release/v1.19/custom/conf/app.example.ini#L137 Make your proxy use PROXY protocol to send real client IP.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#10797
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?