Reverse proxy login error on git push/clone #1788

New Issue

GiteaMirror · 2025-11-02T04:13:15-06:00

GiteaMirror commented

2025-11-02 04:13:15 -06:00

Originally created by @brandonocasey on GitHub (May 16, 2018).

Gitea version (or commit ref): 1546458 (listed in the footer)
Git version: git version 2.17.0
Operating system: osx
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

I am trying to push/clone repos in gitea. My previous configuration worked in gogs

Steps

I am proxy passing http://127.0.0.1:3000 to -> https://test.example.com with a valid ssl cert.
Users are authenticated with ldap only
I Create a private repo with the gogs UI. https://test.example.com/test/test.git
I try to push to it with https://test.example.com/test/test.git
I try to push to it as the user https://test@test.example.com/test/test.git

Both 4/5 result in:
remote: reverse proxy login error. authUsername empty

nginx config

location / {
  proxy_pass        http://127.0.0.1:3000;
  proxy_buffering off;
  proxy_set_header  Host $host;
  proxy_set_header  X-Real-IP $remote_addr;
  proxy_set_header  X-Forwarded-Proto $scheme;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Host $server_name;
  fastcgi_param     X-WEBAUTH-USER   $remote_user;
  client_max_body_size 50m;

  # Force https
  if ($scheme = http) {
	  rewrite ^ https://$server_name$request_uri? permanent;
  }
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  more_clear_input_headers 'Accept-Encoding';
}

app.ini

...
[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
...

Originally created by @brandonocasey on GitHub (May 16, 2018).  - Gitea version (or commit ref): `1546458` (listed in the footer) - Git version: `git version 2.17.0` - Operating system: osx - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description I am trying to push/clone repos in gitea. My previous configuration worked in gogs ### Steps 1. I am proxy passing `http://127.0.0.1:3000` to -> `https://test.example.com` with a valid ssl cert. 2. Users are authenticated with ldap only 3. I Create a private repo with the gogs UI. `https://test.example.com/test/test.git` 4. I try to push to it with `https://test.example.com/test/test.git` 5. I try to push to it as the user `https://test@test.example.com/test/test.git` Both 4/5 result in: `remote: reverse proxy login error. authUsername empty` ### nginx config ``` location / { proxy_pass http://127.0.0.1:3000; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; fastcgi_param X-WEBAUTH-USER $remote_user; client_max_body_size 50m; # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; more_clear_input_headers 'Accept-Encoding'; } ``` ### app.ini ``` ... [service] ENABLE_REVERSE_PROXY_AUTHENTICATION = true ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true ... ```

GiteaMirror added the type/enhancement label 2025-11-02 04:13:15 -06:00

GiteaMirror closed this issue

2025-11-02 04:13:16 -06:00

GiteaMirror commented

2025-11-02 04:13:16 -06:00

@jpellegrini commented on GitHub (May 17, 2018):

The same happens to me. I am not using LDAP, and my reverse proxy is Apache (so I suppose this is likely not something specific to either LDAP or Nginx). My Gitea vresion is 1.1.0+1249-g4ceb92f3

@jpellegrini commented on GitHub (May 17, 2018): The same happens to me. I am not using LDAP, and my reverse proxy is Apache (so I suppose this is likely not something specific to either LDAP or Nginx). My Gitea vresion is `1.1.0+1249-g4ceb92f3`

GiteaMirror commented

2025-11-02 04:13:16 -06:00

@jpellegrini commented on GitHub (May 17, 2018):

Updated to 1.1.0+1253-g2aabfc1a (did a git pull, make clean, make generate all, and restarted the server), and the same problem happens.

Cloning/pulling/pushing through ssh works; and I can log in with a browser without problems.

@jpellegrini commented on GitHub (May 17, 2018): Updated to `1.1.0+1253-g2aabfc1a` (did a `git pull`, `make clean`, `make generate all`, and restarted the server), and the same problem happens. Cloning/pulling/pushing through ssh works; and I can log in with a browser without problems.

GiteaMirror commented

2025-11-02 04:13:17 -06:00

@jpellegrini commented on GitHub (May 17, 2018):

Oh, I see what the problem was. Setting these:

ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false

in app.ini fixed the problem for me!

@BrandonOCasey could you try that?

@jpellegrini commented on GitHub (May 17, 2018): Oh, I see what the problem was. Setting these: ``` ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false ``` in `app.ini` fixed the problem for me! @BrandonOCasey could you try that?

GiteaMirror commented

2025-11-02 04:13:17 -06:00

@brandonocasey commented on GitHub (May 17, 2018):

Yeah that fixed if for me as well. It seems like reverse proxy login auth actually works without those settings anyway.

@brandonocasey commented on GitHub (May 17, 2018): Yeah that fixed if for me as well. It seems like reverse proxy login auth actually works without those settings anyway.

GiteaMirror commented

2025-11-02 04:13:17 -06:00

@jpellegrini commented on GitHub (May 17, 2018):

By reverse proxy login auth do you mean "getting authenticated with Gitea, going through a reverse proxy", or "doing HTTP auth in the reverse proxy in order to get to Gitea"?

I believe it's the second, but I'm not sure (this should be documented).

@jpellegrini commented on GitHub (May 17, 2018): By reverse proxy login auth do you mean "getting authenticated with Gitea, going through a reverse proxy", or "doing HTTP auth in the reverse proxy in order to get to Gitea"? I believe it's the second, but I'm not sure (this should be documented).

GiteaMirror commented

2025-11-02 04:13:17 -06:00

@brandonocasey commented on GitHub (May 31, 2018):

Sorry for the very long delay, its the second one as you thought.

@brandonocasey commented on GitHub (May 31, 2018): Sorry for the very long delay, its the second one as you thought.

GiteaMirror referenced this issue

2025-11-02 12:01:16 -06:00

[PR #1788] [MERGED] Improve clarity between is_activated and prohibit_login #16055

Sign in to join this conversation.