gitea behind the Apache2

git · November 30, 2023, 11:02am

Hi Community,

I am desperately trying to put Apache in front of gitea.

My Apache2 .conf:

<VirtualHost *80:>
        ServerName sub.domain.tdl
        ServerAlias ddns.providor.tdl
        ServerAdmin webmaster@domain.tdl

        <Proxy *>
                 Order allow,deny
                 Allow from all
        </Proxy>
        AllowEncodedSlashes NoDecode
        ProxyPass /git http://localhost:3000 nocanon

        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
</VirtualHost>

In the app.ini I have set ROOT_URL as follows:

[server]
ROOT_URL = http://sub.domain.tdl/

What have I done wrong?

p7k · November 30, 2023, 9:22pm

Did you check your log files? The first thing I miss is this

ProxyPreserveHost On
ProxyPass "/git" "http://localhost:3000"
ProxyPassReverse "/git" "http://localhost:3000"

Does the access work without Apache? How does your LOCAL_ROOT_URL variable look like?

git · December 2, 2023, 9:20pm

Hi @p7k,

the logs look good, no warnings or errors with Apche or gitea.

Without Apache I can call everything with https://IP:3000 without any problems.
There is no LOCAL_ROOT_URL in the app.ini.

p7k · December 3, 2023, 12:23am

Maybe you can configure it. I use nginx as a reverse proxy and I have always set

LOCAL_ROOT_URL = http://localhost:3000/

in the [server] section. That works perfectly here. You wrote https in your last answer. But that’s probably just a typo, isn’t it?

git · December 3, 2023, 9:43am

I have added the LOCAL_ROOT_URL.
But without any change.

No, I have already configured TLS in gitea.

This is my mistake?

p7k · December 6, 2023, 6:45am

Yes, i think this is your mistake. If you want to use a reverse proxy like Apache you have to move your TLS configuration to Apache too. Gitea should listen on plain http because it is running on the same server. So there is no need for Gitea to use TLS too. You can use TLS in Gitea too but then you have to add SSLProxyEngine on in your Apache vHost configuration and change the backend url to https://localhost:3000.

But in any case, you should also configure TLS in the Apache vhost.

git · January 7, 2024, 5:52pm

Sorry for the late response.

Many thanks for the information. I will try it and because I have no error message, I am now thinking of a network problem.

Thanks again.