Skip to content

Commit

Permalink
fix
Browse files Browse the repository at this point in the history
  • Loading branch information
wxiaoguang committed May 17, 2024
1 parent 68d5c18 commit ad89179
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 35 deletions.
70 changes: 35 additions & 35 deletions docs/content/administration/reverse-proxies.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,35 @@ menu:

# Reverse Proxies

## General configuration

1. Set `[server] ROOT_URL = https://git.example.com/` in your `app.ini` file.
2. Make the reverse-proxy pass `https://git.example.com/foo` to `http://gitea:3000/foo`.
3. Make sure the reverse-proxy not decode the URI, the request `https://git.example.com/a%2Fb` should be passed as `http://gitea:3000/a%2Fb`.
4. Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea to make sure Gitea sees the real URL being visited.

### Use a sub-path

Usually it's **not recommended** to put Gitea in a sub-path, it's not widely used and may have some issues in rare cases.

If you really need to do so, to make Gitea work with sub-path (eg: `https://common.example.com/gitea/`),
here are the extra requirements besides the general configuration above:

1. Use `[server] ROOT_URL = https://common.example.com/gitea/` in your `app.ini` file.
2. Make the reverse-proxy pass `https://common.example.com/gitea/foo` to `http://gitea:3000/foo`.
3. If you'd like to use container registry, the container registry uses a fixed sub-path `/v2` in the root, which is unchangeable and required by container registry standard.
* Make reverse-proxy pass `https://common.example.com/v2` to `http://gitea:3000/v2`.
* Make sure the URI and headers are also correctly passed (see the general configuration above).

## Nginx

If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`:
If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`.

And make sure `client_max_body_size` is large enough, otherwise there would be "413 Request Entity Too Large" error when uploading large files.

```
server {
listen 80;
server_name git.example.com;
...
location / {
client_max_body_size 512M;
proxy_pass http://localhost:3000;
Expand All @@ -39,21 +59,13 @@ server {
}
```

### Resolving Error: 413 Request Entity Too Large

This error indicates nginx is configured to restrict the file upload size,
it affects attachment uploading, form posting, package uploading and LFS pushing, etc.
You can fine tune the `client_max_body_size` option according to [nginx document](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size).

## Nginx with a sub-path

In case you already have a site, and you want Gitea to share the domain name, you can setup Nginx to serve Gitea under a sub-path by adding the following `server` section inside the `http` section of `nginx.conf`:

```
server {
listen 80;
server_name git.example.com;
...
# Note: Trailing slash
location /gitea/ {
client_max_body_size 512M;
Expand All @@ -69,7 +81,7 @@ server {
}
```

Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/git/` correctly in your configuration.
Then you **MUST** set something like `[server] ROOT_URL = http://git.example.com/gitea/` correctly in your configuration.

## Nginx and serve static resources directly

Expand All @@ -93,7 +105,7 @@ or use a cdn for the static files.

Set `[server] STATIC_URL_PREFIX = /_/static` in your configuration.

```apacheconf
```
server {
listen 80;
server_name git.example.com;
Expand All @@ -112,7 +124,7 @@ server {

Set `[server] STATIC_URL_PREFIX = http://cdn.example.com/gitea` in your configuration.

```apacheconf
```
# application server running Gitea
server {
listen 80;
Expand All @@ -124,7 +136,7 @@ server {
}
```

```apacheconf
```
# static content delivery server
server {
listen 80;
Expand All @@ -151,6 +163,8 @@ If you want Apache HTTPD to serve your Gitea instance, you can add the following
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
```

Expand All @@ -172,6 +186,8 @@ In case you already have a site, and you want Gitea to share the domain name, yo
AllowEncodedSlashes NoDecode
# Note: no trailing slash after either /git or port
ProxyPass /git http://localhost:3000 nocanon
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
```

Expand All @@ -183,7 +199,7 @@ Note: The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`.

If you want Caddy to serve your Gitea instance, you can add the following server block to your Caddyfile:

```apacheconf
```
git.example.com {
reverse_proxy localhost:3000
}
Expand All @@ -193,7 +209,7 @@ git.example.com {

In case you already have a site, and you want Gitea to share the domain name, you can setup Caddy to serve Gitea under a sub-path by adding the following to your server block in your Caddyfile:

```apacheconf
```
git.example.com {
route /git/* {
uri strip_prefix /git
Expand Down Expand Up @@ -371,19 +387,3 @@ gitea:
This config assumes that you are handling HTTPS on the traefik side and using HTTP between Gitea and traefik.
Then you **MUST** set something like `[server] ROOT_URL = http://example.com/gitea/` correctly in your configuration.

## General sub-path configuration

Usually it's not recommended to put Gitea in a sub-path, it's not widely used and may have some issues in rare cases.

If you really need to do so, to make Gitea works with sub-path (eg: `http://example.com/gitea/`), here are the requirements:

1. Set `[server] ROOT_URL = http://example.com/gitea/` in your `app.ini` file.
2. Make the reverse-proxy pass `http://example.com/gitea/foo` to `http://gitea-server:3000/foo`.
3. Make sure the reverse-proxy not decode the URI, the request `http://example.com/gitea/a%2Fb` should be passed as `http://gitea-server:3000/a%2Fb`.

## Docker / Container Registry

The container registry uses a fixed sub-path `/v2` which can't be changed.
Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client.
Therefore you may need to add an additional route to your reverse proxy configuration.
2 changes: 2 additions & 0 deletions routers/api/packages/container/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,8 @@ func apiErrorDefined(ctx *context.Context, err *namedError) {
}

func apiUnauthorizedError(ctx *context.Context) {
// TODO: it doesn't seem quite right but it doesn't really cause problem at the moment.
// container registry requires that the "/v2" must be in the root, so the sub-path in AppURL should be removed, ideally.
ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+httplib.GuessCurrentAppURL(ctx)+`v2/token",service="container_registry",scope="*"`)
apiErrorDefined(ctx, errUnauthorized)
}
Expand Down

0 comments on commit ad89179

Please sign in to comment.