Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.18.0: "Unexpected proxy header" with nginx reverse proxy #22277

Closed
tjblackheart opened this issue Dec 30, 2022 · 2 comments
Closed

1.18.0: "Unexpected proxy header" with nginx reverse proxy #22277

tjblackheart opened this issue Dec 30, 2022 · 2 comments
Labels
type/bug

Comments

@tjblackheart
Copy link

Description

Hello!

Running gitea via docker-compose behind a reverse proxy (nginx). After updating the docker image to 1.18.0 the web ui refuses to work (502) on browser access:

[...]
gitea  | 2022/12/30 08:26:34 cmd/web.go:227:listen() [I] [63ae92aa-34] LFS server enabled
gitea  | 2022/12/30 08:26:34 ...s/graceful/server.go:62:NewServer() [I] [63ae92aa-34] Starting new Web server: tcp:0.0.0.0:3000 on PID: 16
gitea  | 2022/12/30 08:27:37 ...roxyprotocol/conn.go:170:func1() [E] [63ae92aa-34] Failed to read proxy prefix: Unexpected proxy header: [71 69 84 32 47 32 72 84 84 80 47 49]
gitea  | 2022/12/30 08:27:37 ...roxyprotocol/conn.go:170:func1() [E] [63ae92aa-34] Failed to read proxy prefix: Unexpected proxy header: [71 69 84 32 47 102 97 118 105 99 111 110]

These byte slices translate to

GET / HTTP/1
GET /favicon

The proxy header config:

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl "on";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;

It makes no difference if I disable them.

The nginx config:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.my.domain;

    location / {
      proxy_pass https://127.0.0.1:3000;
    }

    add_header "X-Robots-Tag" noindex;
    include /etc/nginx/snippets/proxy_headers.conf;

    ssl_certificate /path...;
    ssl_certificate_key /path...;
}

Gitea Version

1.18.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu Jammy

How are you running Gitea?

v1.18.0 with docker-compose

Database

SQLite
@tjblackheart tjblackheart changed the title 1.180.0: broken UI: "Unexpected proxy header" with nginx reverse proxy 1.18.0: "Unexpected proxy header" with nginx reverse proxy Dec 30, 2022
@wxiaoguang
Copy link
Contributor

Do not enable the PROXY PROTOCOL on Gitea side.

ps: I have warned that the PROXY PROTOCOL config is quite messy and will mislead users 🤷🏻‍♂️

@tjblackheart
Copy link
Author

Confirmed: Disabling USE_PROXY_PROTOCOL makes things work again. Thank you. This should really be communicated somewhere because it is not mentioned in the update notes and the same config worked fine with 1.17.4.

Thanks, closing.

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wxiaoguang @tjblackheart