github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Release attachment links use http:// instead of https:// when behind reverse proxy with custom port #14470

New Issue
Closed
opened 2025-11-02 11:13:45 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 11:13:45 -06:00
Owner
Copy Link

Originally created by @weizhangny on GitHub (May 8, 2025).

Description

No response

Gitea Version

1.23.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

"Client sent an HTTP request to an HTTPS server."

Git Version

No response

Operating System

Windows Docker Desktop

How are you running Gitea?

Environment:
Gitea version: 1.23.7
Deployment: Docker - Windows Docker Desktop
Reverse Proxy: Caddy
Custom HTTPS port: Yes (e.g., 8443)

Relevant app.ini config:
[server]
PROTOCOL = http
DOMAIN = your.domain.com
ROOT_URL = https://your.domain.com:8443/

Reverse Proxy Configuration (Caddy):
reverse_proxy gitea-server:3010 {
header_up X-Forwarded-Proto https
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Port {server_port}
}

Expected behavior:
All URLs generated by Gitea — including release attachment links — should consistently use https://your.domain.com:8443/... as defined by ROOT_URL.

Actual behavior:
Most parts of the UI (e.g., clone URLs, navigation links) use the correct https:// URLs.
Release attachment download links are generated with http://your.domain.com:8443/... instead.
This causes:
Mixed content warnings in browsers
Blocked downloads in strict HTTPS environments
User confusion

Database

PostgreSQL

Originally created by @weizhangny on GitHub (May 8, 2025). ### Description _No response_ ### Gitea Version 1.23.7 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots "Client sent an HTTP request to an HTTPS server." ### Git Version _No response_ ### Operating System Windows Docker Desktop ### How are you running Gitea? **Environment:** Gitea version: 1.23.7 Deployment: Docker - Windows Docker Desktop Reverse Proxy: Caddy Custom HTTPS port: Yes (e.g., 8443) **Relevant app.ini config:** [server] PROTOCOL = http DOMAIN = your.domain.com ROOT_URL = https://your.domain.com:8443/ **Reverse Proxy Configuration (Caddy):** reverse_proxy gitea-server:3010 { header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} header_up X-Forwarded-Port {server_port} } **Expected behavior:** All URLs generated by Gitea — including release attachment links — should consistently use https://your.domain.com:8443/... as defined by ROOT_URL. **Actual behavior**: Most parts of the UI (e.g., clone URLs, navigation links) use the correct https:// URLs. Release attachment download links are generated with http://your.domain.com:8443/... instead. This causes: Mixed content warnings in browsers Blocked downloads in strict HTTPS environments User confusion ### Database PostgreSQL
GiteaMirror added the issue/needs-feedback label 2025-11-02 11:13:45 -06:00
GiteaMirror commented 2025-11-02 11:13:46 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (May 8, 2025):

Most links depend on how you access the Gitea instance. If you’re accessing it via HTTP, the links will use HTTP accordingly.

@lunny commented on GitHub (May 8, 2025): Most links depend on how you access the Gitea instance. If you’re accessing it via HTTP, the links will use HTTP accordingly.
GiteaMirror commented 2025-11-02 11:13:46 -06:00
Author
Owner
Copy Link

@weizhangny commented on GitHub (May 8, 2025):

gitea is behind proxy caddy, and internally it is http, while external caddy use https. so ROOT_URL = https://your.domain.com:8443/ is for external access. I used https to access the gitea web UI and download code files successfully with https links (generated by gitea); but the only place attachment of releases is in http link (generated by gitea). In fact, the link generated for the release attachment doesn't add http or https in the URL, so it is treated as http.
This url error led to browser "Client sent an HTTP request to an HTTPS server." since the server is https only on that port.
the gitea container internal port is 3010. caddy interface gitea on http 3010 port.

@weizhangny commented on GitHub (May 8, 2025): gitea is behind proxy caddy, and internally it is http, while external caddy use https. so ROOT_URL = https://your.domain.com:8443/ is for external access. I used https to access the gitea web UI and download code files successfully with https links (generated by gitea); but the only place attachment of releases is in http link (generated by gitea). In fact, the link generated for the release attachment doesn't add http or https in the URL, so it is treated as http. This url error led to browser "Client sent an HTTP request to an HTTPS server." since the server is https only on that port. the gitea container internal port is 3010. caddy interface gitea on http 3010 port.
GiteaMirror commented 2025-11-02 11:13:47 -06:00
Author
Owner
Copy Link

@weizhangny commented on GitHub (May 8, 2025):

I also generate an attachment in the demo site. its version is 1.25.0. The attachment link has "https". The latest official release 1.23.7 doesn't have "http" or "https" in the attachment link at my own hosting.

@weizhangny commented on GitHub (May 8, 2025): I also generate an attachment in the demo site. its version is 1.25.0. The attachment link has "https". The latest official release 1.23.7 doesn't have "http" or "https" in the attachment link at my own hosting.
GiteaMirror commented 2025-11-02 11:13:47 -06:00
Author
Owner
Copy Link

@weizhangny commented on GitHub (May 8, 2025):

I found it's my own issue. The root_url is not set to https for some reason. The attachment file can be downloaded properly though the attachment file link doesn't include https.

@weizhangny commented on GitHub (May 8, 2025): I found it's my own issue. The root_url is not set to https for some reason. The attachment file can be downloaded properly though the attachment file link doesn't include https.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14470
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?