IIS 7.5 Reverse Proxy: Clone fails (401 Unauthorized)

Moving the conversation here after first posting an issue in github:

Relevant info

Gogs version: v0.8.25
Git version: 2.7.0.windows.1
Operating system: Windows Server 2008 R2 Standard
Database: SQLite
Last line in gogs.log: Listen:

Reversed proxied through IIS 7.5


This is what I see on the command line output server side:

[Macaron] Started GET [repo].git/info/refs?service=git-upload-pack for [IP address]:50673
2016/02/23 14:36:26 [D] Session ID: 32ceb61ccd7132c0
2016/02/23 14:36:26 [D] CSRF Token: DUpRkQ_r7kYBSRwMijEY7P3ekmk6MTQ1NjI2MzM4NjU1
[Macaron] Completed [repo].git/info/refs?service=git-upload-pack 401
Unauthorized in 5.0003ms

This is what I see client side:

git clone [repoUrl].git --verbose
Cloning into ‘[repo]’…
fatal: unable to access ‘[repoUrl].git/’: The requested URL returned error: 500

I’m trying to see if there is any other way to debug this. Nothing is really showing in the logs.

So far everything non-git works fine. Nothing appears in the IIS logs.

What happens if you open this URL on your browser? Can you open the web conosle to see what is the response code?

Client side the console says:[url]/testrepo.git/info/refs?service=git-upload-pack Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Page just displays: The page cannot be displayed because an internal server error has occurred.

The server cli says: 2016/03/03 11:51:44 [D] CSRF Token: MI7-zXp1-8ZZGrDFjXjsEKSqfm46MTQ1NzAzMTA2NjMw
[Macaron] Completed /[user]/testrepo.git/info/refs?service=git-upload-pack 401
Unauthorized in 5.0003ms

To confirm again, git clone works without IIS?

Yes, this is the result if I do it outside of IIS:

2016/03/03 12:48:53 [I] Listen:
[Macaron] Started GET /[user]/testrepo.git/info/refs?service=git-upload-pack f
or [::1]
2016/03/03 12:48:58 [D] Session ID: 51823383a1f1f67f
2016/03/03 12:48:58 [D] CSRF Token: GJtEaQvYM3Q18JtAzDNteUt5sRg6MTQ1NzAzNDUzODA3
[Macaron] Completed /[user]/testrepo.git/info/refs?service=git-upload-pack 401
Unauthorized in 4.0002ms
[Macaron] Started GET /[user]/testrepo.git/info/refs?service=git-upload-pack f
or [::1]
2016/03/03 12:49:07 [D] Session ID: a9f7cf7167662651
2016/03/03 12:49:07 [D] CSRF Token: dJxsFu__61Qrj63nJJFnmtnt6686MTQ1NzAzNDU0Nzc1
[Macaron] Completed /[user]/testrepo.git/info/refs?service=git-upload-pack 401
Unauthorized in 4.0002ms
[Macaron] Started GET /[user]/testrepo.git/info/refs?service=git-upload-pack f
or [::1]
2016/03/03 12:49:07 [D] Session ID: 13d9cf23d4de2dfd
2016/03/03 12:49:07 [D] CSRF Token: JE6MA6ZzpNqnsmwlsZGR2EVovgg6MTQ1NzAzNDU0Nzc2
[Macaron] Completed /[user]/testrepo.git/info/refs?service=git-upload-pack 200
OK in 188.0108ms
[Macaron] Started POST /[user]/testrepo.git/git-upload-pack for [::1]
2016/03/03 12:49:08 [D] Session ID: 82df898a0a86d430
2016/03/03 12:49:08 [D] CSRF Token: OYD-4MLN6uhXtjv8ecs2cIpbPRg6MTQ1NzAzNDU0Nzk4
[Macaron] Completed /[user]/testrepo.git/git-upload-pack 200 OK in 226.0129ms

This what happens when using IIS:
2016/03/03 12:54:02 [I] Listen:[subpath]
[Macaron] Started GET /[user]/testrepo.git/info/refs?service=git-upload-pack f
2016/03/03 12:54:04 [D] Session ID: b61ca2dff2e355bb
2016/03/03 12:54:04 [D] CSRF Token: 85e4ZlS2aMWsGmLY4H0yuZrCaQ06MTQ1NzAzNDg0NDk2
[Macaron] Completed /[user]/testrepo.git/info/refs?service=git-upload-pack 401
Unauthorized in 4.0002ms

Hmm… hope someone else uses windows and IIS could help.

@andreynering maybe?

I never had this problem, but we don’t use ISS.

Maybe it is an issue with reverse proxying with a subdirectory?

I already used reverse proxy (both Linux and Windows (not ISS)) and clones worked, but I proxied though subdomain, not subdirectory.

One could try reverse proxy with subdirectory on Linux to see what happens.

Hm… I tried to get proxy through a subdirectory with Caddy but couldn’t get it work. Not just clones don’t work, but nothing at all. Proxying through root works.

@Unknwon Is just nginx supported? Does Gogs depends on an HTTP header or anything?

My config:

# Caddyfile
proxy /git localhost:3000
; app.ini
DOMAIN = localhost
HTTP_PORT = 3000
ROOT_URL = http://localhost:3000/git/

Maybe try proxy /git/ localhost:3000?

Tried., the same.

Maybe there are some header missing vis reverse proxy, but NGINX pass them by default.

proxy /git localhost:3000 {
        without /git

Anything else I can do to help?

Hi, I can’t believe that IIS doesn’t have log for 500 reasons?

This is what the IIS logs show on a failed request (401) even though git shows 500 (“The requested URL returned error: 500”).

016-03-29 18:31:13 GET /[server]/testrepo.git/info/refs service=git-receive-pack&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=89df0527-e2af-46d1-b158-329611277bd9&SERVER-STATUS=401 443 - git/2.7.3 401 0 0 15

If I set REQUIRE_SIGNIN_VIEW = false, I can do cloning but pushing still fails. There is something being blocked when it comes to authentication.

This PR looks like indicated the real problem on Gogs: https://github.com/gogits/gogs/pull/2891

it works fine in my situation, host in IIS, proxy by application request routing