Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reverse proxy login error on git push/clone #3973

Closed
2 of 7 tasks
brandonocasey opened this issue May 16, 2018 · 6 comments · Fixed by #4643
Closed
2 of 7 tasks

Reverse proxy login error on git push/clone #3973

brandonocasey opened this issue May 16, 2018 · 6 comments · Fixed by #4643
Labels
type/enhancement An improvement of existing functionality
Milestone

Comments

@brandonocasey
Copy link

  • Gitea version (or commit ref): 1546458 (listed in the footer)
  • Git version: git version 2.17.0
  • Operating system: osx
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I am trying to push/clone repos in gitea. My previous configuration worked in gogs

Steps

  1. I am proxy passing http://127.0.0.1:3000 to -> https://test.example.com with a valid ssl cert.
  2. Users are authenticated with ldap only
  3. I Create a private repo with the gogs UI. https://test.example.com/test/test.git
  4. I try to push to it with https://test.example.com/test/test.git
  5. I try to push to it as the user https://test@test.example.com/test/test.git

Both 4/5 result in:
remote: reverse proxy login error. authUsername empty

nginx config

location / {
  proxy_pass        http://127.0.0.1:3000;
  proxy_buffering off;
  proxy_set_header  Host $host;
  proxy_set_header  X-Real-IP $remote_addr;
  proxy_set_header  X-Forwarded-Proto $scheme;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-Host $server_name;
  fastcgi_param     X-WEBAUTH-USER   $remote_user;
  client_max_body_size 50m;

  # Force https
  if ($scheme = http) {
	  rewrite ^ https://$server_name$request_uri? permanent;
  }
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  more_clear_input_headers 'Accept-Encoding';
}

app.ini

...
[service]
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
...
@lunny lunny added the type/question Issue needs no code to be fixed, only a description on how to fix it yourself. label May 16, 2018
@jpellegrini
Copy link
Contributor

jpellegrini commented May 17, 2018

The same happens to me. I am not using LDAP, and my reverse proxy is Apache (so I suppose this is likely not something specific to either LDAP or Nginx). My Gitea vresion is 1.1.0+1249-g4ceb92f3

@jpellegrini
Copy link
Contributor

jpellegrini commented May 17, 2018

Updated to 1.1.0+1253-g2aabfc1a (did a git pull, make clean, make generate all, and restarted the server), and the same problem happens.

Cloning/pulling/pushing through ssh works; and I can log in with a browser without problems.

@jpellegrini
Copy link
Contributor

Oh, I see what the problem was. Setting these:

ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false

in app.ini fixed the problem for me!

@brandonocasey could you try that?

@brandonocasey
Copy link
Author

brandonocasey commented May 17, 2018

Yeah that fixed if for me as well. It seems like reverse proxy login auth actually works without those settings anyway.

@jpellegrini
Copy link
Contributor

jpellegrini commented May 17, 2018

By reverse proxy login auth do you mean "getting authenticated with Gitea, going through a reverse proxy", or "doing HTTP auth in the reverse proxy in order to get to Gitea"?

I believe it's the second, but I'm not sure (this should be documented).

@brandonocasey
Copy link
Author

Sorry for the very long delay, its the second one as you thought.

@lafriks lafriks added type/enhancement An improvement of existing functionality and removed type/question Issue needs no code to be fixed, only a description on how to fix it yourself. labels Aug 8, 2018
@lafriks lafriks added this to the 1.6.0 milestone Aug 8, 2018
@techknowlogick techknowlogick modified the milestones: 1.6.0, 1.7.0 Aug 29, 2018
techknowlogick pushed a commit that referenced this issue Aug 29, 2018
* Make reverse proxy auth optional

If the option ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, make
reverse proxy auth optional, instead of failing if the authentication
did not succeed.

Fixes #3973

Signed-off-by: Najib Idrissi <najib.idrissi.kaitouni@gmail.com>

* Update http.go
@lunny lunny modified the milestones: 1.7.0, 1.6.0 Sep 6, 2018
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants