Skip to content

Confusion as to where reverse proxy headers go in app.ini #33769

New issue
New issue
Closed
Closed
Confusion as to where reverse proxy headers go in app.ini#33769
Labels
issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detail
@yatesco

Description

@yatesco
yatesco
opened on Mar 2, 2025

Description

Hi, in https://docs.gitea.com/usage/authentication#reverse-proxy it states that various settings can be overridden, for example REVERSE_PROXY_AUTHENTICATION_USER. It doesn't, however, explicitly state where they should go in app.ini. Given that the only section that is referenced is [service] I naively put them in there.

Moving

REVERSE_PROXY_AUTHENTICATION_USER = Remote-User
REVERSE_PROXY_AUTHENTICATION_EMAIL = Remote-Email

to the [security] section worked.

My question is, how am I supposed to know, as a reader, that those headers shouldn't be in the [service] section? Happy to do a PR to clarify the wording if that helps?

(This is in the context of trying to configure this for Authelia forward auth via Caddy. With the header overrides set in the [service] section, Gitea failed to "notice" the authenticated user and so required additional logging in. Moving them to the [security] section and suddenly the user could login successfully.)

Gitea Version

1.22.3

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

Image

Git Version

No response

Operating System

No response

How are you running Gitea?

natively in proxmox debian LXC

Database

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detail

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions