Redirect loop for initial password change, behind nginx SSL reverse-proxy #2803

New Issue

GiteaMirror · 2025-11-02T04:48:59-06:00

GiteaMirror commented

2025-11-02 04:48:59 -06:00

Originally created by @xdch47 on GitHub (Jan 23, 2019).

Gitea version (or commit ref): v1.7.0
Git version: 2.19.2
Operating system: Linux
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

See https://discourse.gitea.io/t/redirect-loop-for-initial-password-change-behind-nginx-ssl-reverse-proxy/684 (Note: I'm not the author of this request, but have the same issue)

Additional: On login the "heatdiagramm" is not generate - looks like website hangs …
Every link redirects to /git/user/settings/change_password

Workaround: Set change_password field in the sql-lite gitea.db to 0

Then everything works fine again…

Originally created by @xdch47 on GitHub (Jan 23, 2019). - Gitea version (or commit ref): v1.7.0 - Git version: 2.19.2 - Operating system: Linux - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x] No - [ ] Not relevant - Log gist: ## Description See https://discourse.gitea.io/t/redirect-loop-for-initial-password-change-behind-nginx-ssl-reverse-proxy/684 (Note: I'm not the author of this request, but have the same issue) Additional: On login the "heatdiagramm" is not generate - looks like website hangs … Every link redirects to `/git/user/settings/change_password` Workaround: Set change_password field in the sql-lite `gitea.db` to 0 - Then everything works fine again…

GiteaMirror added the type/bug label 2025-11-02 04:48:59 -06:00

GiteaMirror closed this issue

2025-11-02 04:48:59 -06:00

GiteaMirror commented

2025-11-02 04:48:59 -06:00

@olymk2 commented on GitHub (Jan 26, 2019):

This also seems to effect the api, just spent some time trying to login and instead of getting json I was getting html for the change_password page.

Hitting this url with a new user, I eventually logged in and saw the change password screen set the password and now get json back this seems like incorrect behaviour for the api endpoint.

url = f"https://{username}:{password}@git.example.com/api/v1/users/{username}/tokens"

@olymk2 commented on GitHub (Jan 26, 2019): This also seems to effect the api, just spent some time trying to login and instead of getting json I was getting html for the change_password page. Hitting this url with a new user, I eventually logged in and saw the change password screen set the password and now get json back this seems like incorrect behaviour for the api endpoint. url = f"https://{username}:{password}@git.example.com/api/v1/users/{username}/tokens"

GiteaMirror commented

2025-11-02 04:48:59 -06:00

@frostieDE commented on GitHub (Jan 31, 2019):

I am running the latest Gitea and it seems to work for me. My gitea is also running behind an nginx reverse proxy with the following configuration:

        location / {
                proxy_set_header    Host                git.example.com;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Proto   $scheme;

                proxy_set_header X-Forwarded-Ssl on;
                proxy_pass http://gitea;
        }

Maybe the added headers fix the infinite redirection?

@frostieDE commented on GitHub (Jan 31, 2019): I am running the latest Gitea and it seems to work for me. My gitea is also running behind an nginx reverse proxy with the following configuration: ``` location / { proxy_set_header Host git.example.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_pass http://gitea; } ``` Maybe the added headers fix the infinite redirection?

GiteaMirror commented

2025-11-02 04:49:00 -06:00

@lafriks commented on GitHub (Jan 31, 2019):

It could be that user has set that his password must be changed. For API most probably error should be returned

@lafriks commented on GitHub (Jan 31, 2019): It could be that user has set that his password must be changed. For API most probably error should be returned

GiteaMirror commented

2025-11-02 04:49:00 -06:00

@xdch47 commented on GitHub (Feb 2, 2019):

Just updated and test with gitea 1.7.1
Problem persists.
nginx reverse proxy is kind of similar:

        location /git/ {                                                                                               
            proxy_pass       http://localhost:3000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #max_body_size will allow you to upload a large git repository
            client_max_body_size 100M;
        }

@xdch47 commented on GitHub (Feb 2, 2019): Just updated and test with gitea 1.7.1 Problem persists. nginx reverse proxy is kind of similar: ``` location /git/ { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #max_body_size will allow you to upload a large git repository client_max_body_size 100M; } ```

GiteaMirror commented

2025-11-02 04:49:00 -06:00

@xdch47 commented on GitHub (Feb 2, 2019):

The problem occurs when adding new users.

@xdch47 commented on GitHub (Feb 2, 2019): The problem occurs when adding **new** users.

GiteaMirror commented

2025-11-02 04:49:01 -06:00

@xdch47 commented on GitHub (Feb 4, 2019):

@frostieDE : the main difference is the location - if I switch to location / - just the problem with the heatmap persists (user has been created and added to an active group as well) --> script on website hangs

forwarding to change_password page works.

location /git/ with app.ini ROOT_URL = https://myhostname.mydomain/git/ leads to an infinite loop

@xdch47 commented on GitHub (Feb 4, 2019): @frostieDE : the main difference is the location - if I switch to `location /` - just the problem with the heatmap persists (user has been created and added to an active group as well) --> script on website hangs - forwarding to *change_password* page works. `location /git/` with *app.ini* `ROOT_URL = https://myhostname.mydomain/git/` leads to an infinite loop

GiteaMirror referenced this issue

2025-11-02 12:14:24 -06:00

[PR #2803] [MERGED] Fix Git LFS object/repo link storage in database and small refactoring #16601

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#2803