[GH-ISSUE #122] Crash after setting up SSO #59

New issue

Closed

opened 2026-02-27 15:54:51 +03:00 by kerem · 27 comments

kerem commented 2026-02-27 15:54:51 +03:00

Owner

Copy link

Originally created by @CrazyWolf13 on GitHub (Oct 22, 2025).
Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/122

Originally assigned to: @arunavo4 on GitHub.

Hi @arunavo4

I set up SSO via authentik today.

After doing so and saving it all seemed fine, but after clicking logout, it showed an message at the bottom right that there is a JSON error but not the actual error, then it was like the gitea-mirror UI, but not with any data, and I didn't get redirected to loginpage.

After that the application responded with Code 500 Internal Server Error and this log:

Oct 22 08:06:14 gitea-mirror bun[13473]: [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled)
Oct 22 08:06:14 gitea-mirror bun[13473]: [Scheduler] Skipping user cgINKObx5R3XUQpzDS7JpVIZvnnGPvKy - next run at 2025-10-23T05:55:14.645Z

EDIT: I could not find any other relevant error in the log, accoring to the log everything should work fine.

I couldn't even get to a login page and a state where I could sign in with authentik, so this problem is purely on gitea-mirror side.

Also I saw you are using IDs for user, is it possible to map an existing user to an OIDC user?

can I just change the user ID via the DB, or do you plan on adding this feature?

Originally created by @CrazyWolf13 on GitHub (Oct 22, 2025). Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/122 Originally assigned to: @arunavo4 on GitHub. Hi @arunavo4 I set up SSO via authentik today. After doing so and saving it all seemed fine, but after clicking logout, it showed an message at the bottom right that there is a JSON error but not the actual error, then it was like the gitea-mirror UI, but not with any data, and I didn't get redirected to loginpage. After that the application responded with Code 500 Internal Server Error and this log: ```bash Oct 22 08:06:14 gitea-mirror bun[13473]: [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled) Oct 22 08:06:14 gitea-mirror bun[13473]: [Scheduler] Skipping user cgINKObx5R3XUQpzDS7JpVIZvnnGPvKy - next run at 2025-10-23T05:55:14.645Z ``` EDIT: I could not find any other relevant error in the log, accoring to the log everything should work fine. I couldn't even get to a login page and a state where I could sign in with authentik, so this problem is purely on gitea-mirror side. Also I saw you are using IDs for user, is it possible to map an existing user to an OIDC user? can I just change the user ID via the DB, or do you plan on adding this feature?

kerem closed this issue 2026-02-27 15:54:52 +03:00

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 did you try this PR #96

<!-- gh-comment-id:3430653279 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 did you try this PR #96

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 22, 2025):

my bad, still had reverse_proxy auth enabled on my reverse proxy.

500 Error is gone, but I'm getting this:

<!-- gh-comment-id:3430658325 --> @CrazyWolf13 commented on GitHub (Oct 22, 2025): my bad, still had reverse_proxy auth enabled on my reverse proxy. 500 Error is gone, but I'm getting this: <img width="1238" height="582" alt="Image" src="https://github.com/user-attachments/assets/e63e0569-d0e2-4a44-9e8d-20280825c2b9" />

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 is this on the main branch or the PR #96

<!-- gh-comment-id:3430664632 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 is this on the main branch or the PR #96

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 22, 2025):

@arunavo4 main branch.

If I shall test the PR, I'd be happy to do so, but then a tagged release would be awesome, so I can test it :)

<!-- gh-comment-id:3430667896 --> @CrazyWolf13 commented on GitHub (Oct 22, 2025): @arunavo4 main branch. If I shall test the PR, I'd be happy to do so, but then a tagged release would be awesome, so I can test it :)

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 let me make one for you

<!-- gh-comment-id:3430669842 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 let me make one for you

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 this should work https://github.com/RayLabsHQ/gitea-mirror/releases/tag/v3-sso since you need source files right?

<!-- gh-comment-id:3430676161 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 this should work https://github.com/RayLabsHQ/gitea-mirror/releases/tag/v3-sso since you need source files right?

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 also was there anything from docker logs>? on main branch anything useful?

<!-- gh-comment-id:3430695786 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 also was there anything from docker logs>? on main branch anything useful?

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 22, 2025):

@arunavo4 I'm not using docker, I'm the proxmox guy :D
Yes, with the new branch deployed I can see this:

Oct 22 08:41:27 gitea-mirror bun[13994]: # SERVER_ERROR:  467 |   let { baseURL, params, query } = option || {
Oct 22 08:41:27 gitea-mirror bun[13994]: 468 |     query: {},
Oct 22 08:41:27 gitea-mirror bun[13994]: 469 |     params: {},
Oct 22 08:41:27 gitea-mirror bun[13994]: 470 |     baseURL: ""
Oct 22 08:41:27 gitea-mirror bun[13994]: 471 |   };
Oct 22 08:41:27 gitea-mirror bun[13994]: 472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
Oct 22 08:41:27 gitea-mirror bun[13994]:                        ^
Oct 22 08:41:27 gitea-mirror bun[13994]: TypeError: undefined is not an object (evaluating 'url.startsWith')
Oct 22 08:41:27 gitea-mirror bun[13994]:       at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18)
Oct 22 08:41:27 gitea-mirror bun[13994]:       at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16)

did you setup your env vars properly?

<!-- gh-comment-id:3430717936 --> @CrazyWolf13 commented on GitHub (Oct 22, 2025): @arunavo4 I'm not using docker, I'm the proxmox guy :D Yes, with the new branch deployed I can see this: ```bash Oct 22 08:41:27 gitea-mirror bun[13994]: # SERVER_ERROR: 467 | let { baseURL, params, query } = option || { Oct 22 08:41:27 gitea-mirror bun[13994]: 468 | query: {}, Oct 22 08:41:27 gitea-mirror bun[13994]: 469 | params: {}, Oct 22 08:41:27 gitea-mirror bun[13994]: 470 | baseURL: "" Oct 22 08:41:27 gitea-mirror bun[13994]: 471 | }; Oct 22 08:41:27 gitea-mirror bun[13994]: 472 | let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || ""; Oct 22 08:41:27 gitea-mirror bun[13994]: ^ Oct 22 08:41:27 gitea-mirror bun[13994]: TypeError: undefined is not an object (evaluating 'url.startsWith') Oct 22 08:41:27 gitea-mirror bun[13994]: at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18) Oct 22 08:41:27 gitea-mirror bun[13994]: at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16) ``` did you setup your env vars properly?

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 22, 2025):

@arunavo4
Yes I think so, otherwise let me know.

NODE_ENV=production
HOST=0.0.0.0
PORT=4321
DATABASE_URL=sqlite://data/gitea-mirror.db
PUBLIC_BETTER_AUTH_URL=https://gitea-mirror.redacted.dev
BETTER_AUTH_URL=https://gitea-mirror.redacted.dev
BETTER_AUTH_TRUSTED_ORIGINS=https://gitea-mirror.redacted.dev,http://10.10.20.45:4321
BETTER_AUTH_SECRET=REDACTED
CLEANUP_DELETE_IF_NOT_IN_GITHUB=false
npm_package_version=3.7.1 

<!-- gh-comment-id:3430742110 --> @CrazyWolf13 commented on GitHub (Oct 22, 2025): @arunavo4 Yes I think so, otherwise let me know. ```bash NODE_ENV=production HOST=0.0.0.0 PORT=4321 DATABASE_URL=sqlite://data/gitea-mirror.db PUBLIC_BETTER_AUTH_URL=https://gitea-mirror.redacted.dev BETTER_AUTH_URL=https://gitea-mirror.redacted.dev BETTER_AUTH_TRUSTED_ORIGINS=https://gitea-mirror.redacted.dev,http://10.10.20.45:4321 BETTER_AUTH_SECRET=REDACTED CLEANUP_DELETE_IF_NOT_IN_GITHUB=false npm_package_version=3.7.1 ```

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 22, 2025):

@CrazyWolf13 can you try the v3.8.7 version look like better-auth have fixed some of the issues with sso that was blocking in their new beta release.

<!-- gh-comment-id:3432298967 --> @arunavo4 commented on GitHub (Oct 22, 2025): @CrazyWolf13 can you try the `v3.8.7` version look like better-auth have fixed some of the issues with sso that was blocking in their new beta release.

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 can you share a screenshot of your OIDC config, you can redact domain. also is your authentik in http or https ?

<!-- gh-comment-id:3447981373 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 can you share a screenshot of your OIDC config, you can redact domain. also is your authentik in `http` or `https` ?

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 authentik is https via nginxreverseproxymanager.

sure:

<!-- gh-comment-id:3448299574 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 authentik is https via nginxreverseproxymanager. sure: <img width="615" height="977" alt="Image" src="https://github.com/user-attachments/assets/42292e30-dec1-4191-9135-72605b15d999" />

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

Weird in #134 @ngregrichardson seems to have worked it out, might be the way authetik is configured. Hoping he can provide some help regarding how he is using authentik setup.

<!-- gh-comment-id:3448305316 --> @arunavo4 commented on GitHub (Oct 26, 2025): Weird in #134 @ngregrichardson seems to have worked it out, might be the way authetik is configured. Hoping he can provide some help regarding how he is using authentik setup.

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 and is gitea mirror also running behind the proxy? with https?

<!-- gh-comment-id:3448308487 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 and is gitea mirror also running behind the proxy? with https?

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 yes.

Tbh. authentik doesn't really have a config, you tell it just you want a new OIDC Provider with app and select implicit or explicit, that's it.

My Reverse Proxy is on defaults, so that should work.

This is the code I get on SSO:

GET
https://gitea-mirror.mydomain_redacted.dev/api/auth/sso/callback/authentik?code=1070b9247d7f4496819abc217728293c&state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7
NS_ERROR_NET_ERROR_RESPONSE

	
GET
	https://gitea-mirror.mydomain_redacted.dev/api/auth/sso/callback/authentik?code=1070b9247d7f4496819abc217728293c&state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7
Status
500
VersionHTTP/2
Übertragen182 B (0 B Größe)
Referrer Policysame-origin
Anfrage-PrioritätHighest
DNS-AuflösungSystem

    	
    content-length
    	0
    date
    	Sun, 26 Oct 2025 10:10:22 GMT
    server
    	openresty
    strict-transport-security
    	max-age=63072000;includeSubDomains; preload
    X-Firefox-Spdy
    	h2
    	
    Accept
    	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding
    	gzip, deflate, br, zstd
    Accept-Language
    	de,en-US;q=0.7,en;q=0.3
    Connection
    	keep-alive
    Cookie
    	__Secure-better-auth.state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7.MydOxC4vW1pm%2FdBCPf8SbTj0thfWKwDhgfEUp3L%2Br6U%3D
    DNT
    	1
    Host
    	gitea-mirror.mydomain_redacted.dev
    Priority
    	u=0, i
    Referer
    	https://gitea-mirror.mydomain_redacted.dev/
    Sec-Fetch-Dest
    	document
    Sec-Fetch-Mode
    	navigate
    Sec-Fetch-Site
    	same-site
    Sec-Fetch-User
    	?1
    Sec-GPC
    	1
    Upgrade-Insecure-Requests
    	1
    User-Agent
    	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0

Mine is also not an issuer mismatch, a different issue:

<!-- gh-comment-id:3448341697 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 yes. Tbh. authentik doesn't really have a config, you tell it just you want a new OIDC Provider with app and select implicit or explicit, that's it. My Reverse Proxy is on defaults, so that should work. This is the code I get on SSO: ```bash GET https://gitea-mirror.mydomain_redacted.dev/api/auth/sso/callback/authentik?code=1070b9247d7f4496819abc217728293c&state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7 NS_ERROR_NET_ERROR_RESPONSE GET https://gitea-mirror.mydomain_redacted.dev/api/auth/sso/callback/authentik?code=1070b9247d7f4496819abc217728293c&state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7 Status 500 VersionHTTP/2 Übertragen182 B (0 B Größe) Referrer Policysame-origin Anfrage-PrioritätHighest DNS-AuflösungSystem content-length 0 date Sun, 26 Oct 2025 10:10:22 GMT server openresty strict-transport-security max-age=63072000;includeSubDomains; preload X-Firefox-Spdy h2 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate, br, zstd Accept-Language de,en-US;q=0.7,en;q=0.3 Connection keep-alive Cookie __Secure-better-auth.state=JrxduiWLE6sXwkfPmXXB3z_rBazd0wY7.MydOxC4vW1pm%2FdBCPf8SbTj0thfWKwDhgfEUp3L%2Br6U%3D DNT 1 Host gitea-mirror.mydomain_redacted.dev Priority u=0, i Referer https://gitea-mirror.mydomain_redacted.dev/ Sec-Fetch-Dest document Sec-Fetch-Mode navigate Sec-Fetch-Site same-site Sec-Fetch-User ?1 Sec-GPC 1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0 ``` Mine is also not an issuer mismatch, a different issue: <img width="927" height="438" alt="Image" src="https://github.com/user-attachments/assets/cb3f66bf-2cd7-484a-9b1e-eb1d84876bd8" />

kerem commented 2026-02-27 15:54:52 +03:00

Author

Owner

Copy link

@ngregrichardson commented on GitHub (Oct 26, 2025):

My setup wasn't noticeably different than any other authentik OIDC setup --

1. Create a new Application with Provider
2. Enter name
3. Select OIDC type
4. Select the implicit flow
5. Start the Gitea mirror SSO process
6. Enter "authentik" as Provider ID
7. Copy redirect URL from Gitea mirror
8. Add redirect url to authentik provider
9. Create the provider
10. Copy issuer URL, client id, and client secret from authentik
11. Paste into Gitea mirror
12. Click Discover
13. Voila?

I started this with latest build, then @arunavo4 made some changes to fix some issues regarding trailing slashes, etc. so as of now I'm not on the latest tag. I'm running this on Unraid v7.1.4 so I don't have much help in terms of proxmox unfortunately.

<!-- gh-comment-id:3448485784 --> @ngregrichardson commented on GitHub (Oct 26, 2025): My setup wasn't noticeably different than any other authentik OIDC setup -- 1. Create a new Application with Provider 2. Enter name 3. Select OIDC type 4. Select the implicit flow 5. Start the Gitea mirror SSO process 6. Enter "authentik" as Provider ID 7. Copy redirect URL from Gitea mirror 8. Add redirect url to authentik provider 9. Create the provider 10. Copy issuer URL, client id, and client secret from authentik 11. Paste into Gitea mirror 12. Click Discover 13. Voila? I started this with latest build, then @arunavo4 made some changes to fix some issues regarding trailing slashes, etc. so as of now I'm not on the latest tag. I'm running this on Unraid v7.1.4 so I don't have much help in terms of proxmox unfortunately.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@ngregrichardson Thanks for the steps, yeah I've done it the same way like you and what I've done countless times already in my Homelab.

the SSO flow per se works fine, as I click on login on the gitea-mirror UI, get redirected to authentik, it creates the redirect or I have to login, then back on gitea-mirror there is this Internal Server Error 500.

As my reverse Proxy (nginxproxymanager) is left on all defaults e.g. no custom config, I think this is an issue of gitea-mirror.

<!-- gh-comment-id:3448499473 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @ngregrichardson Thanks for the steps, yeah I've done it the same way like you and what I've done countless times already in my Homelab. the SSO flow per se works fine, as I click on login on the gitea-mirror UI, get redirected to authentik, it creates the redirect or I have to login, then back on gitea-mirror there is this Internal Server Error 500. As my reverse Proxy (nginxproxymanager) is left on all defaults e.g. no custom config, I think this is an issue of gitea-mirror.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 were you able to replicate the issue or did it work fine for you with authentik?

<!-- gh-comment-id:3448500016 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 were you able to replicate the issue or did it work fine for you with authentik?

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

Not yet, But will try and set it up on docker compose and see if I can get it to work.

<!-- gh-comment-id:3448501903 --> @arunavo4 commented on GitHub (Oct 26, 2025): Not yet, But will try and set it up on docker compose and see if I can get it to work.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 please try v3.8.10 as in this issue #134 we were able to get it to work with authentik.

<!-- gh-comment-id:3448554382 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 please try `v3.8.10` as in this issue #134 we were able to get it to work with authentik.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 same issue as before.

<!-- gh-comment-id:3448556802 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 same issue as before.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4
I also tried with this nginxproxymanager config, but the issue persists:

location / {
    proxy_pass http://10.10.20.45:4321;

    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
}

Here the log:

Oct 26 14:47:08 gitea-mirror bun[31628]: 2025-10-26T13:47:08.403Z ERROR [Better Auth]: TypeError 467 |   let { baseURL, params, query } = option || {
Oct 26 14:47:08 gitea-mirror bun[31628]: 468 |     query: {},
Oct 26 14:47:08 gitea-mirror bun[31628]: 469 |     params: {},
Oct 26 14:47:08 gitea-mirror bun[31628]: 470 |     baseURL: ""
Oct 26 14:47:08 gitea-mirror bun[31628]: 471 |   };
Oct 26 14:47:08 gitea-mirror bun[31628]: 472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
Oct 26 14:47:08 gitea-mirror bun[31628]:                        ^
Oct 26 14:47:08 gitea-mirror bun[31628]: TypeError: undefined is not an object (evaluating 'url.startsWith')
Oct 26 14:47:08 gitea-mirror bun[31628]:       at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18)
Oct 26 14:47:08 gitea-mirror bun[31628]:       at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16)
Oct 26 14:47:08 gitea-mirror bun[31628]: # SERVER_ERROR:  467 |   let { baseURL, params, query } = option || {
Oct 26 14:47:08 gitea-mirror bun[31628]: 468 |     query: {},
Oct 26 14:47:08 gitea-mirror bun[31628]: 469 |     params: {},
Oct 26 14:47:08 gitea-mirror bun[31628]: 470 |     baseURL: ""
Oct 26 14:47:08 gitea-mirror bun[31628]: 471 |   };
Oct 26 14:47:08 gitea-mirror bun[31628]: 472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
Oct 26 14:47:08 gitea-mirror bun[31628]:                        ^
Oct 26 14:47:08 gitea-mirror bun[31628]: TypeError: undefined is not an object (evaluating 'url.startsWith')
Oct 26 14:47:08 gitea-mirror bun[31628]:       at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18)
Oct 26 14:47:08 gitea-mirror bun[31628]:       at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16)
Oct 26 14:47:09 gitea-mirror bun[31628]: [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled)
Oct 26 14:47:09 gitea-mirror bun[31628]: [Scheduler] Skipping user cgINKObx5R3XUQpzDS7JpVIZvnnGPvKy - next run at 2025-10-27T13:44:09.952Z

my config again:

NODE_ENV=production
HOST=0.0.0.0
PORT=4321
DATABASE_URL=sqlite://data/gitea-mirror.db
PUBLIC_BETTER_AUTH_URL=https://gitea-mirror.redacted.dev
BETTER_AUTH_URL=https://gitea-mirror.redacted.dev
BETTER_AUTH_TRUSTED_ORIGINS=https://gitea-mirror.redacted.dev,http://10.10.20.45:4321
BETTER_AUTH_SECRET=REDACTED
npm_package_version=3.8.10

<!-- gh-comment-id:3448563311 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 I also tried with this nginxproxymanager config, but the issue persists: ```nginx location / { proxy_pass http://10.10.20.45:4321; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; } ``` Here the log: ```bash Oct 26 14:47:08 gitea-mirror bun[31628]: 2025-10-26T13:47:08.403Z ERROR [Better Auth]: TypeError 467 | let { baseURL, params, query } = option || { Oct 26 14:47:08 gitea-mirror bun[31628]: 468 | query: {}, Oct 26 14:47:08 gitea-mirror bun[31628]: 469 | params: {}, Oct 26 14:47:08 gitea-mirror bun[31628]: 470 | baseURL: "" Oct 26 14:47:08 gitea-mirror bun[31628]: 471 | }; Oct 26 14:47:08 gitea-mirror bun[31628]: 472 | let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || ""; Oct 26 14:47:08 gitea-mirror bun[31628]: ^ Oct 26 14:47:08 gitea-mirror bun[31628]: TypeError: undefined is not an object (evaluating 'url.startsWith') Oct 26 14:47:08 gitea-mirror bun[31628]: at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18) Oct 26 14:47:08 gitea-mirror bun[31628]: at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16) Oct 26 14:47:08 gitea-mirror bun[31628]: # SERVER_ERROR: 467 | let { baseURL, params, query } = option || { Oct 26 14:47:08 gitea-mirror bun[31628]: 468 | query: {}, Oct 26 14:47:08 gitea-mirror bun[31628]: 469 | params: {}, Oct 26 14:47:08 gitea-mirror bun[31628]: 470 | baseURL: "" Oct 26 14:47:08 gitea-mirror bun[31628]: 471 | }; Oct 26 14:47:08 gitea-mirror bun[31628]: 472 | let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || ""; Oct 26 14:47:08 gitea-mirror bun[31628]: ^ Oct 26 14:47:08 gitea-mirror bun[31628]: TypeError: undefined is not an object (evaluating 'url.startsWith') Oct 26 14:47:08 gitea-mirror bun[31628]: at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18) Oct 26 14:47:08 gitea-mirror bun[31628]: at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16) Oct 26 14:47:09 gitea-mirror bun[31628]: [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled) Oct 26 14:47:09 gitea-mirror bun[31628]: [Scheduler] Skipping user cgINKObx5R3XUQpzDS7JpVIZvnnGPvKy - next run at 2025-10-27T13:44:09.952Z ``` my config again: ```bash NODE_ENV=production HOST=0.0.0.0 PORT=4321 DATABASE_URL=sqlite://data/gitea-mirror.db PUBLIC_BETTER_AUTH_URL=https://gitea-mirror.redacted.dev BETTER_AUTH_URL=https://gitea-mirror.redacted.dev BETTER_AUTH_TRUSTED_ORIGINS=https://gitea-mirror.redacted.dev,http://10.10.20.45:4321 BETTER_AUTH_SECRET=REDACTED npm_package_version=3.8.10 ```

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 so you are accessing it from https://gitea-mirror.redacted.dev right? or from http://10.10.20.45:4321?

<!-- gh-comment-id:3448569644 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 so you are accessing it from `https://gitea-mirror.redacted.dev` right? or from `http://10.10.20.45:4321`?

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 via domain, locally through the IP is only in spcacial circumstances to fix /debug things, but there I don't mind SSO not working.

<!-- gh-comment-id:3448571736 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 via domain, locally through the IP is only in spcacial circumstances to fix /debug things, but there I don't mind SSO not working.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 can you wipe your existing Authentik provider (create a new provider with a fresh
providerId) and add it again on v3.8.10 on a fresh install using Discover so the normalized config (with token endpoint) gets stored.

<!-- gh-comment-id:3448574419 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 can you wipe your existing Authentik provider (create a new provider with a fresh providerId) and add it again on `v3.8.10` on a fresh install using Discover so the normalized config (with token endpoint) gets stored.

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@CrazyWolf13 commented on GitHub (Oct 26, 2025):

@arunavo4 wow, that actually fixed it, recreating the provider in gitea-mirror only was sufficient.

Thanks a lot!

<!-- gh-comment-id:3448577266 --> @CrazyWolf13 commented on GitHub (Oct 26, 2025): @arunavo4 wow, that actually fixed it, recreating the provider in gitea-mirror only was sufficient. Thanks a lot!

kerem commented 2026-02-27 15:54:53 +03:00

Author

Owner

Copy link

@arunavo4 commented on GitHub (Oct 26, 2025):

@CrazyWolf13 awesome I will update some of the methods so that this will be a warning for users using older versions. and will link all these issues in readme if people get these issues.

<!-- gh-comment-id:3448578524 --> @arunavo4 commented on GitHub (Oct 26, 2025): @CrazyWolf13 awesome I will update some of the methods so that this will be a warning for users using older versions. and will link all these issues in readme if people get these issues.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/mirror-sync-bugs-262-263-264

v3.15.5

v3.15.4

v3.15.3

v3.15.2

v3.15.1

v3.15.0

v3.14.2

v3.14.1

v3.14.0

v3.13.4

v3.13.3

v3.13.2

v3.13.1

v3.13.0

v3.12.5

v3.12.4

v3.12.3

v3.12.2

v3.12.1

v3.12.0

v3.11.0

v3.10.1

v3.10.0

v3.9.6

v3.9.5

v3.9.4

v3.9.3

v3.9.2

v3.9.0

v3.8.11

v3.8.10

v3.8.9

v3.8.8

v3.8.7

v3.8.6

v3.8.5

v3.8.4

v3.8.3

v3.8.2

v3.8.1

v3.8.0

v3-sso

v3.7.2

v3.7.1

v3.7.0

v3.6.0

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.18.0

v2.17.0

v2.16.3

v2.16.2

v2.16.1

v2.16.0

v2.15.0

v2.14.0

v2.13.2

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.1.0

v2.0.0

v1.0.0

Labels

Clear labels   

bug

  

documentation

  

enhancement

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

documentation

enhancement

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/gitea-mirror#59

No description provided.