Incorrect apache config in tutorial

Site Feedback

gtusr April 18, 2025, 9:58pm 1

Here Reverse Proxies | Gitea Documentation under heading Apache HTTPD with a sub-path this sample configuration seems to be incorrect.

According to documentation this should work:

/etc/apache2/sites-available/gitea.conf

<VirtualHost *:80>
    <Proxy *>
         Order allow,deny
         Allow from all
    </Proxy>
    AllowEncodedSlashes NoDecode
    ProxyPass /gitea http://localhost:3000 nocanon
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>

/etc/gitea/app.ini

ROOT_URL = http://localhost/gitea/

But in reality it gets not found:

$ curl http://localhost/gitea/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

If there should be something in place of ... in that sample then that should be written there instead of ... so that example would be fully functional. Otherwise sample has no point.

gtusr April 19, 2025, 11:04am 2

After hours of trial and error I figured that … in that documentation should be:

    ServerName localhost
    ServerAlias *

ServerName because without it you just get forbidden error and ServerAlias because without it you are only allowed to connect by typing localhost on your address bar but not by typing 127.0.0.1 or 192.168.1.10 for example.

So here is more complete example:

<VirtualHost *:80>
    ServerName localhost
    ServerAlias *
    <Proxy *>
         Order allow,deny
         Allow from all
    </Proxy>
    AllowEncodedSlashes NoDecode
    # Note: no trailing slash after either /git or port
    ProxyPass /git http://localhost:3000 nocanon
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>

<VirtualHost *:443>
    ServerName localhost
    ServerAlias *
    <Proxy *>
         Order allow,deny
         Allow from all
    </Proxy>
    AllowEncodedSlashes NoDecode
    # Note: no trailing slash after either /git or port
    ProxyPass /git http://localhost:3000 nocanon
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>

The 2nd block is copy-paste of first one with just port changed to allow https because on linux newer versions of apache do not allow to write *.*.

linkp April 19, 2025, 3:08pm 3

Why localhost instead of a proper FQDN? Are you planning on this being a local instance that can only be accessed from the same device where it is running? Why are you allowing HTTP access instead of redirecting to HTTPS?

gtusr April 19, 2025, 7:00pm 4

It’s just to provide example that actually works. Those who run it in production would notice localhost anyways and replace it.

Reason for allowing http is that I run it locally at home for personal projects with self signed SSL certs. And it could happen that I might want to access web ui with software where I cannot add my own certs. So in that case I could use http.