Docker registry will not work when app url contains port

[yp05327]

Description

@wxiaoguang
It seems that the changes in #30885 is not correct.
httplib.GuessCurrentAppURL(ctx) will not return the correct URL when the url contains port

I tried to login docker with a url which contains port, then you can see the port is missing in the token request url.

Gitea Version

1.22.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

docker

Database

None

[yp05327]

host is from X-Forwarded-Host, and maybe it will not contain port?

[wxiaoguang]

It shouldn't contain port if your reverse proxy setting is right.

[wxiaoguang]

What's your reverse proxy config? What does your Gitea's admin self-check page say?

[yp05327]

My fault, but maybe we can let user set it from Gitea side but not proxy side.

[yp05327]

I'm using nginx proxy manager, and all recommended settings mentioned in docs are added by default.

in docs

server {
    listen 80;
    server_name git.example.com;

    location / {
        client_max_body_size 512M;
        proxy_pass http://localhost:3000;
        proxy_set_header Connection $http_connection;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

nginx.conf in NPM

map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}
server {
  set $forward_scheme http;
  set $server         "192.168.xxx.xxx";
  set $port           3000;
  listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
  server_name {mydomain}n;
  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-3/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-3/privkey.pem;
    # Force SSL
    include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
  access_log /data/logs/proxy-host-2_access.log proxy;
  error_log /data/logs/proxy-host-2_error.log warn;
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
    proxy_pass       http://192.168.xxx.xxx:3000;
    # Force SSL
    include conf.d/include/force-ssl.conf;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
  }
  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

[yp05327]

proxy_set_header X-Forwarded-Host $http_host;

I found the solution. This should be added in NPM's settings.

[wxiaoguang]

proxy_set_header X-Forwarded-Host $http_host;

I found the solution. This should be added in NPM's settings.

That's strange. proxy_set_header Host $host; should be enough.

https://serverfault.com/questions/706438/what-is-the-difference-between-nginx-variables-host-http-host-and-server-na

[wxiaoguang]

And I didn't see any 14443 port in your config, but it is in your screenshot. I think the problem is caused by the config with 14443

[yp05327]

NPM is deploy by docker, and host server is running behind a router with NAT.
14443 port is port forwarding from the router side.

So the network traffic is:
14443 (public) -> port (host) -> 443 (in container)
So you can not see 14443 port in the config. All of them are different.

[yp05327]

The solution comes from here: AlistGo/alist#726

Reason:

NPM will not forward host