ROOT_URL configuration is not respected during first git authorization

Install/Maintain/Configure

twostarsmco October 22, 2025, 7:19am 1

First, I understand this issue may involve Gitea, nginx, and the Git for Windows client, but I’m not sure which one is responsible. I would appreciate any guidance in identifying the root cause.

Gitea Setup

• v1.21.10

• Hosted on our internal server using the official Docker image, managed by Docker Compose and nginx.

• Accessible at a server’s sub-path: http://mydomain.example.com/git/.

  • The ROOT_URL in the [server] section of Gitea’s configuration is set to http://mydomain.example.com/git/.

(Note: We use HTTP only, as this is an internal server.)

How Users Access Gitea

• Users access Gitea from Windows, either via the Git for Windows command line or via Visual Studio’s integrated Git functionality.

• User credentials for Gitea are saved in the Windows Credential Manager, presumably via the Git Credential Manager.

Problem

When a user initiates a git operation from CLI that require authentication, and no credentials are yet stored in Windows Credential Manager, a browser window opens. This window shows a 404 error from nginx, and the CLI becomes unresponsive.

The URL displayed in the browser is:
http://mydomain.example.com/login/oauth/authorize?response_type=code&client_id=<client_id>&state=<state>&code_challenge_method=S256&code_challenge=<code_challenge>&redirect_uri=http%3a%2f%2f127.0.0.1%3a62426%2f

• The value of redirect_uri decodes to http://127.0.0.1:62426/.

However, if the user manually edit the URL in the browser to add “/git/” (i.e., http://mydomain.example.com/git/login/oauth/authorize?...), the authentication succeeds. The browser is then redirected to http://127.0.0.1:62426/?code=... with the message: “Authentication successful / You can now close this page.”
Afterwards, the CLI prompts for the Gitea repository username and password, which, once entered, are saved in Windows Credentials, allowing all subsequent git operations to proceed without issue.

On Visual Studio, when a user attempts the Git operation without credential stored, it just takes forever without any output if I remember correctly.

Question

It appears to me that either Gitea or the Git client is not respecting the custom sub-path configured in ROOT_URL. How can I ensure that the sub-path is correctly honored during first authorization?

app.config

APP_NAME = My-Gitea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads
ALLOWED_TYPES = */*

[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
HTTP_PORT = 3000
ROOT_URL = http://mydomain.example.com/git/
DISABLE_SSH = true
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
DOMAIN = localhost
LFS_JWT_SECRET = <redacted>
OFFLINE_MODE = false

[lfs]
PATH=/data/git/lfs

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
LOG_SQL = false

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true

[attachment]
PATH = /data/gitea/attachments
ALLOWED_TYPES = */*

[log]
ROOT_PATH = /data/gitea/log
MODE = file
LEVEL = Info

[security]
INSTALL_LOCK = true
SECRET_KEY = <redacted>
INTERNAL_TOKEN = <redacted>

[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost

[oauth2]
JWT_SECRET = <redacted>

default.conf on nginx

server {
    listen       80;
    server_name mydomain.example.com;
    index index.php index.html index.htm;
    client_max_body_size 1000m;

    location / {
      root /usr/share/nginx/html;
    }

    location /git/ {
      client_max_body_size 512M;

      proxy_pass http://gitea:3000/;

      proxy_set_header Connection $http_connection;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Related topics

Topic		Replies	Views	Activity
关于在rooturl配置子路径后，不能正常访问的问题 中文求助(Chinese Only)	1	1083	May 18, 2019
Problem with root_url Install/Maintain/Configure	1	574	October 1, 2019
[SOLVED] Warning: Your ROOT_URL in app.ini is undefined Install/Maintain/Configure	1	14578	May 30, 2022
Gitea shows ssh url identical to the https url Install/Maintain/Configure	8	4451	May 10, 2018
Wrong ssh url path Install/Maintain/Configure	2	5916	May 24, 2018