Gitea + LFS + Nginx Proxy with Basic Auth help

Install/Maintain/Configure

alatnet April 14, 2024, 6:14am 1

I have gitea installed as a separate docker container instance and have my nginx docker container proxying gitea through it fine with SSL and http redirect to https.
Also was able to get SSH auth working fine and was able to upload a non lfs project fine.
The problem that im encountering is this:

warning: Authentication error: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/locks/verify
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
Uploading LFS objects: 0% (0/101), 0 B | 0 B/s, done.
error: failed to push some refs to ‘192.168.1.2:[USER]/[REPO].git’

Im thinking it has to do with basic auth via nginx as this is what i have in my nginx config:

location ^~ /gitea/ {
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    allow all;

    client_max_body_size 512M;

    # make nginx use unescaped URI, keep "%2F" as is
    rewrite ^ $request_uri;
    rewrite ^/gitea(/.*) $1 break;

    proxy_pass http://gitea$uri;

    proxy_set_header Connection $http_connection;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Any help would be appreciated.

alatnet April 16, 2024, 2:48pm 2

I was able to get it working!
By having a sub location within the main gitea location that turned off authentication only for the lfs section with matching made me able to upload.

location ^~ /gitea/ {
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    allow all;

    location ~ /gitea/[\w\.]+/[\w\.]+/info/lfs {
            auth_basic off;
            client_max_body_size 512M;

            # make nginx use unescaped URI, keep "%2F" as is
            rewrite ^ $request_uri;
            rewrite ^/gitea(/.*) $1 break;

            proxy_pass http://gitea$uri;

            proxy_set_header Connection $http_connection;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    }

    client_max_body_size 512M;

    # make nginx use unescaped URI, keep "%2F" as is
    rewrite ^ $request_uri;
    rewrite ^/gitea(/.*) $1 break;

    proxy_pass http://gitea$uri;

    proxy_set_header Connection $http_connection;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

1 Like

alatnet April 18, 2024, 1:12pm 3

So, i had an issue with working with repos that had underscores and dashes. so instead of using [\w.]+ for the username and repo, it’s probably a better idea to use [\S]+ instead.

Related Topics

Topic		Replies	Views	Activity
Gitea behind reverse proxy using HTTPS Install/Maintain/Configure	5	3413	November 18, 2023
Happy New Year. About the htpasswd auth with gitea possibility and solution General	0	866	December 31, 2018
LFS authentication with DISABLE_HTTP_GIT Install/Maintain/Configure	0	434	September 29, 2020
Unknown git command git-lfs-authenticate Install/Maintain/Configure	2	940	January 14, 2023
Docker login Forbidden General	1	2376	February 13, 2023