Only access via nginx proxy #1162

New Issue

GiteaMirror · 2025-11-02T03:50:50-06:00

GiteaMirror commented

2025-11-02 03:50:50 -06:00

Originally created by @mmarif4u on GitHub (Oct 18, 2017).

Gitea version (or commit ref): af4a094
Git version: 1.8.3
Operating system: CentOS 7
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant

I have installed nginx as proxy in front of Gitea with ssl cert, all are working good.
The only thing i want to know to disable is the port access to Gitea. Right now, with nginx it is accessible via port 80/443. But it is also accessible with the Gitea startup port 3000.
./gitea web

[server]
SSH_DOMAIN       = localhost
DOMAIN           = localhost
HTTP_PORT        = 3000
ROOT_URL         = https://domain.com
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /home/git/gitea-data/lfs
LFS_JWT_SECRET   = asdasdasdsd
OFFLINE_MODE     = true

server {
       listen         80;
       server_name    domain.com;
       return         301 https://$server_name$request_uri;
}
server  {
	listen  443;
	server_name  domain.com;
	ssl on;
	ssl_certificate     /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
	add_header X-Frame-Options "DENY";

	location / {
		#resolver 127.0.0.1:3000;
		proxy_set_header  X-Real-IP  $remote_addr;
		proxy_pass http://localhost:3000;
	} 
}

Is there a way to disable access via port directly, only access via nginx(443).

Originally created by @mmarif4u on GitHub (Oct 18, 2017). - Gitea version (or commit ref): af4a094 - Git version: 1.8.3 - Operating system: CentOS 7 - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant I have installed nginx as proxy in front of Gitea with ssl cert, all are working good. The only thing i want to know to disable is the port access to Gitea. Right now, with nginx it is accessible via port 80/443. But it is also accessible with the Gitea startup port 3000. `./gitea web` ```bash [server] SSH_DOMAIN = localhost DOMAIN = localhost HTTP_PORT = 3000 ROOT_URL = https://domain.com DISABLE_SSH = false SSH_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /home/git/gitea-data/lfs LFS_JWT_SECRET = asdasdasdsd OFFLINE_MODE = true ``` ```bash server { listen 80; server_name domain.com; return 301 https://$server_name$request_uri; } server { listen 443; server_name domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; "; add_header X-Frame-Options "DENY"; location / { #resolver 127.0.0.1:3000; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://localhost:3000; } } ``` Is there a way to disable access via port directly, only access via nginx(443).

GiteaMirror added the issue/not-a-bug label 2025-11-02 03:50:50 -06:00

GiteaMirror closed this issue

2025-11-02 03:50:50 -06:00

GiteaMirror commented

2025-11-02 03:50:51 -06:00

@ptman commented on GitHub (Oct 18, 2017):

HTTP_ADDR: HTTP listen address.