search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.21k stars 5.5k forks source link

Redirect loop for initial password change, behind nginx SSL reverse-proxy #5815

Closed xdch47 closed 5 years ago

xdch47 commented 5 years ago

Description

See https://discourse.gitea.io/t/redirect-loop-for-initial-password-change-behind-nginx-ssl-reverse-proxy/684 (Note: I'm not the author of this request, but have the same issue)

Additional: On login the "heatdiagramm" is not generate - looks like website hangs … Every link redirects to /git/user/settings/change_password

Workaround: Set change_password field in the sql-lite gitea.db to 0

olymk2 commented 5 years ago

This also seems to effect the api, just spent some time trying to login and instead of getting json I was getting html for the change_password page.

Hitting this url with a new user, I eventually logged in and saw the change password screen set the password and now get json back this seems like incorrect behaviour for the api endpoint.

url = f"https://{username}:{password}@git.example.com/api/v1/users/{username}/tokens"

frostieDE commented 5 years ago

I am running the latest Gitea and it seems to work for me. My gitea is also running behind an nginx reverse proxy with the following configuration:

        location / {
                proxy_set_header    Host                git.example.com;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Proto   $scheme;

                proxy_set_header X-Forwarded-Ssl on;
                proxy_pass http://gitea;
        }

Maybe the added headers fix the infinite redirection?

lafriks commented 5 years ago

It could be that user has set that his password must be changed. For API most probably error should be returned

xdch47 commented 5 years ago

Just updated and test with gitea 1.7.1 Problem persists. nginx reverse proxy is kind of similar:

        location /git/ {                                                                                               
            proxy_pass       http://localhost:3000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #max_body_size will allow you to upload a large git repository
            client_max_body_size 100M;
        }
xdch47 commented 5 years ago

The problem occurs when adding new users.

xdch47 commented 5 years ago

@frostieDE : the main difference is the location - if I switch to location / - just the problem with the heatmap persists (user has been created and added to an active group as well) --> script on website hangs

location /git/ with app.ini ROOT_URL = https://myhostname.mydomain/git/ leads to an infinite loop