Unable to use git push (basic authentication)


#1

Hi,
I can’t use git push and this is the error message with more relative clues for investigate this case. The feature of the gitea is that I set htpasswd with basic authentication for usage.

I found there is a slight different in the failure message-“remote: invalid credentials”. :thinking:

remote: invalid credentials
fatal: Authentication failed for ‘http://example.com/gitea_user/gitea_repo.git

If I use none of the user inside of the htpasswd, of course, it has the the same message because of the Authentication. But, there isn’t the failure message-“remote: invalid credentials”.

I can use git clone and browser visiting to site.

This is app.ini file.

APP_NAME = Gitea: Git with a cup of tea
RUN_USER = pi
RUN_MODE = prod

[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsIpo5cCI6IkpXVCJ9.eyJuYmYiOjE1NDY3NjA2ODZ9.0Lkp8ogBv7bk-rsvUc16AF-KKqD9V-86vm4WrmqMceY
INSTALL_LOCK   = true
SECRET_KEY     = zrD3ZyHVgkopi3KquGXaWvUVVNddBDCvcMpplmafZwgAAIJfTxpdT8IaBpIxvtSs
#REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER

[database]
DB_TYPE  = sqlite3
HOST     = 127.0.0.1:3306
NAME     = gitea
USER     = gitea
PASSWD   = 
SSL_MODE = disable
PATH     = data/gitea.db

[repository]
ROOT = /home/pi/gitea-repositories

[server]
SSH_DOMAIN = example.com
DOMAIN = example.com
HTTP_PORT = 3000
ROOT_URL = http://example.com
DISABLE_SSH      = true
LFS_START_SERVER = true
LFS_CONTENT_PATH = /home/pi/gitea/data/lfs
LFS_JWT_SECRET   = squCH-fnNdda5dKIa2hmi_yzpQS9W44bk2PQghMNAiyM
OFFLINE_MODE     = false

[mailer]
ENABLED = true
HOST = gmail.com:587
FROM = "NOREPLY@gmail.com"
USER = "gmail_user_for_gitea@gmail.com
PASSWORD = "gmail_password"

[service]
REGISTER_EMAIL_CONFIRM            = true
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = true
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING       = false
NO_REPLY_ADDRESS                  = noreply.example.org
#ENABLE_REVERSE_PROXY_AUTHENTICATION = true

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = false

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = Info
ROOT_PATH = /home/pi/gitea/log

The log file is here.

2019/01/07 11:43:05 [I] Register Mail Service Enabled
2019/01/07 11:43:05 [I] Notify Mail Service Enabled
2019/01/07 11:43:27 [I] Git Version: 2.11.0
2019/01/07 11:43:28 [I] SQLite3 Supported
2019/01/07 11:43:29 [I] Run Mode: Production
2019/01/07 11:44:38 [I] Listen: http://0.0.0.0:3000
2019/01/07 11:44:39 [I] LFS server enabled
2019/01/07 13:08:45 […routers/repo/http.go:137 HTTP()] [E] invalid credentials
2019/01/07 13:09:03 […routers/repo/http.go:137 HTTP()] [E] invalid credentials

This is the nginx configuration.

server {
  listen 80 default_server;
  server_name example.com;
  location / {
    proxy_pass http://127.0.0.1:3000;
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    
    #this is the maximum upload size
    client_max_body_size       10m;
    client_body_buffer_size    128k;
    proxy_connect_timeout      90;
    proxy_send_timeout         90;
    proxy_read_timeout         90;             
    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;

    proxy_set_header   Host             $http_host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_max_temp_file_size 0;

    proxy_set_header X-WEBAUTH-USER $remote_user;
 }

}

If there are any information I miss to post in here, I am able to post more. Thanks.