You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.5 KiB

Gitea Registration Proxy

Gitea servers have been targeted by a click farm employing human users to create accounts on any server with open registration. These accounts post SEO spam links on thier profiles and sometimes even create repositories.

a screenshot of two spam accounts, "HarryStylesMerch" and "MacMillerMerchStore"

To combat spam, you can integrate this application with your gitea deployment.

On registration, users are challenged to enter an invite token before they will be allowed to create an account.

a screenshot of the gitea new account registration form, including an "Invite Code" field at the end


This application only supports the /user/sign_up endpoint.

Therefore you must configure some sort of front-end reverse proxy server like nginx in order to use it, it can't be used as a front-end for gitea on its own.

  • Come up with your own invite token
    • It must be a string only containing alphanumeric characters and underscores
    • Configure it by setting the REGPROXY_INVITECODE environment variable
  • Configure this software by setting the REGPROXY_GITEAenvironment variable
    • REGPROXY_GITEA should be your gitea server's http host and port (not https or a url)
  • Run this software
  • Tell Nginx to proxy the /user/sign_up path on the gitea domain to hit this software instead of gitea
location /user/sign_up  {
	proxy_pass http://localhost:8080; # gitea registration proxy port	
  • ???
  • Profit!?!? (without spam)