[SOLVED] Loop redirect behind nginx reverse proxy

Hey,

I try to run gitea behind a reverse proxy (nginx). Both in a docker container.
(h_t_t_p = http I can’t post more then 2 links)
My nginx configuration:

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $h_t_t_p_x_forwarded_proto $proxy_x_forwarded_proto {
  default $h_t_t_p_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $h_t_t_p_x_forwarded_port $proxy_x_forwarded_port {
  default $h_t_t_p_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $h_t_t_p_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
  default off;
  h_t_t_ps on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$h_t_t_p_referer" "$h_t_t_p_user_agent"';
access_log off;
# h_t_t_p 1.1 support
proxy_h_t_t_p_version 1.1;
proxy_buffering off;
proxy_set_header Host $h_t_t_p_host;
proxy_set_header Upgrade $h_t_t_p_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header    Accept-Encoding     "";
proxy_set_header    Proxy               "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate h_t_t_poxy attack (see README for details)
proxy_set_header Proxy "";
server {
	server_name _; # This is just an invalid value which will never trigger on a real hostname.
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	return 503;
}
# myUrl.de
upstream gitea-docker {
			# gitea
			server 172.18.0.8:3000;
}
server {
	server_name myUrl.de;
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
        location ~ /.well-known{
               allow all;
        }
	return 301 h_t_t_ps://$host$request_uri;
}
server {
	server_name myUrl.de;
	listen 443 ssl h_t_t_p2 ;
	access_log /var/log/nginx/access.log vhost;
	client_max_body_size 200M;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/myUrl.de.crt;
	ssl_certificate_key /etc/nginx/certs/myUrl.de.key;
	ssl_dhparam /etc/nginx/certs/myUrl.de.dhparam.pem;
	add_header Strict-Transport-Security "max-age=31536000";
	location /gitea/{
		proxy_set_header   X-Real-IP        $remote_addr;
		proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
		proxy_set_header   Host             $h_t_t_p_host;		
		proxy_redirect htt p://gitea-docker h_t_t_ps://$ht tp_host$request_uri/;
		proxy_pass htt p://gitea-docker;
	}

}

my server settings in app.ini:
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = h_t_t_p
DOMAIN = myUrl.de
h_t_t_p_PORT = 3000
h_t_t_p_ADDR = 0.0.0.0
ROOT_URL = h ttps://myUrl.de/gitea/
DISABLE_SSH = true
SSH_PORT = 22

when I execute " wget h_t_t_ps://myUrl.de/gitea/ 2>&1 | grep Location:" I get:
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]
Location: /gitea/install [following]

gitea logs:
2018/06/04 19:47:12 Exiting pid 17.
Jun 4 19:47:13 syslogd started: BusyBox v1.27.2
/etc/ssh/sshd_config line 32: Deprecated option UsePrivilegeSeparation
Jun 4 19:47:13 sshd[17]: Server listening on :: port 22.
Jun 4 19:47:13 sshd[17]: Server listening on 0.0.0.0 port 22.
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
2018/06/04 19:47:13 [T] AppPath: /app/gitea/gitea
2018/06/04 19:47:13 [T] AppWorkPath: /app/gitea
2018/06/04 19:47:13 [T] Custom path: /data/gitea
2018/06/04 19:47:13 [T] Log path: /data/gitea/log
2018/06/04 19:47:13 [I] Gitea vd62bc33 built with: bindata, sqlite
2018/06/04 19:47:13 [I] Log Mode: Console(Info)
2018/06/04 19:47:13 [I] XORM Log Mode: Console(Info)
2018/06/04 19:47:13 [I] Cache Service Enabled
2018/06/04 19:47:13 [I] Session Service Enabled
2018/06/04 19:47:13 [I] Mail Service Enabled
2018/06/04 19:47:13 [I] SQLite3 Supported
2018/06/04 19:47:13 [I] Run Mode: Development
2018/06/04 19:47:14 [I] Listen: h_t_t_p://0.0.0.0:3000/
2018/06/04 19:47:14 Serving [::]:3000 with pid 18
[Macaron] 2018-06-04 19:47:43: Started GET /gitea/install for 185.19.241.103
[Macaron] 2018-06-04 19:47:43: Completed GET /gitea/install 302 Found in 284.783µs
[Macaron] 2018-06-04 19:47:43: Started GET /gitea/install for 185.19.241.103
[Macaron] 2018-06-04 19:47:43: Completed GET /gitea/install 302 Found in 237.845µs
[Macaron] 2018-06-04 19:47:43: Started GET /gitea/install for 185.19.241.103
[Macaron] 2018-06-04 19:47:43: Completed GET /gitea/install 302 Found in 302.205µs
[Macaron] 2018-06-04 19:47:43: Started GET /gitea/install for 185.19.241.103
. . .
[Macaron] 2018-06-04 19:56:04: Started GET /gitea/install for 172.18.0.1
[Macaron] 2018-06-04 19:56:04: Completed GET /gitea/install 302 Found in 97.381µs

I hope someone can help me.

thanks,

Sam

Hi @sam,

Per https://docs.gitea.io/en-us/reverse-proxies/ it looks like you may be missing a trailing slash in your proxy pass settings. Are you running Nginx in docker as well? What are you port settings for Gitea (as in are you passing -p 80:3000 so that nginx connects via port 80)?

Thanks,
@techknowlogick

Hi @techknowlogick,

you are right. I only missed the trailing slash… . My bad.
Thanks for your fast reply.

Sam

Glad that worked. Happy to help.

I’m going to close this now, but if you have any other issues please feel free to open another thread.