Like the title says, when using authelia for authentication in front of Gitea, cloning a repository is impossible through the https protocol, which also break the git-lfs support of gitea.
I’m assuming I have to setup an additional location block in gitea.subdomain.conf to allow access but I’m a bit lost as to what to put in it, any pointers?
I did some more digging and found from git-lfs’s documentation that I can use ssh ssh://git@gitea.my-server.com:2222 git-lfs-authenticate foo/bar.git download to find out which endpoint is recommended by gitea. In my case it’s:
{
"header": {
"Authorization": "Bearer some-token"
},
"href": "https://gitea.my-server.com/foo/bar.git/info/lfs"
}
Is there a way in swag’s proxy-confs to have requests that have this format of Authorization header to bypass the authentication?
My current solution is to use ssh for the bulk of the git operations and only change the reverse proxy configuration for the lfs endpoints with the changes described in this pull request.