Gitea + LFS + Nginx Proxy with Basic Auth help

I have gitea installed as a separate docker container instance and have my nginx docker container proxying gitea through it fine with SSL and http redirect to https.
Also was able to get SSH auth working fine and was able to upload a non lfs project fine.
The problem that im encountering is this:

warning: Authentication error: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/locks/verify
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
batch response: Authentication required: Authorization error: https://[SERVER URL]/gitea/[USER]/[REPO].git/info/lfs/objects/batch
Check that you have proper access to the repository
Uploading LFS objects: 0% (0/101), 0 B | 0 B/s, done.
error: failed to push some refs to ‚Äė192.168.1.2:[USER]/[REPO].git‚Äô

Im thinking it has to do with basic auth via nginx as this is what i have in my nginx config:

location ^~ /gitea/ {
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    allow all;

    client_max_body_size 512M;

    # make nginx use unescaped URI, keep "%2F" as is
    rewrite ^ $request_uri;
    rewrite ^/gitea(/.*) $1 break;

    proxy_pass http://gitea$uri;

    proxy_set_header Connection $http_connection;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Any help would be appreciated.

I was able to get it working!
By having a sub location within the main gitea location that turned off authentication only for the lfs section with matching made me able to upload.

location ^~ /gitea/ {
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    allow all;

    location ~ /gitea/[\w\.]+/[\w\.]+/info/lfs {
            auth_basic off;
            client_max_body_size 512M;

            # make nginx use unescaped URI, keep "%2F" as is
            rewrite ^ $request_uri;
            rewrite ^/gitea(/.*) $1 break;

            proxy_pass http://gitea$uri;

            proxy_set_header Connection $http_connection;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    }

    client_max_body_size 512M;

    # make nginx use unescaped URI, keep "%2F" as is
    rewrite ^ $request_uri;
    rewrite ^/gitea(/.*) $1 break;

    proxy_pass http://gitea$uri;

    proxy_set_header Connection $http_connection;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}
1 Like

So, i had an issue with working with repos that had underscores and dashes. so instead of using [\w.]+ for the username and repo, it’s probably a better idea to use [\S]+ instead.