Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fail to contact API with Traefik and Authentik #5109

Open
AxelVallon opened this issue Apr 10, 2024 · 2 comments
Open

Fail to contact API with Traefik and Authentik #5109

AxelVallon opened this issue Apr 10, 2024 · 2 comments

Comments

@AxelVallon
Copy link

Summary

Hello,
I face a major issue while configuring your Header authentication combined with the usage of Authentik as SSO and Traefik as Reverse Proxy, which could gives me the possibilty to set authentik as proxy to authentify each of my users on Emby. This set up was already used on many of my services and works nicely. I planned to use the Header authentication to simply create user with your SSO option, and authentifying them, and by identifying users with the header X-authentik-username.

I can correctly login first, but I can't contact any API endpoints

image

The more surprising elements which I do not understand are the combination of :

  • The JWT in the local storage is present, and looks good.
  • The configuration works well without the usage of the authentik middleware.
  • The logs does not show any errors. (Default level)
  • I can't contact any API call even while using call with the browser like https://ombi.MY_DOMAIN/api/v2/search/Tv/anticipated/0/17 (See logs)
  • I already allowed the Authorization header be returned from my authentik middleware.
  • When connecting with the middleware activated, and then disabling the middleware, and then refresh the page, the API works again, with the previously authentified account.

Any help would be greaty appreciated ! Thank you !

Ombi Version

4.43.5

What platform(s) does this occur on?

Docker

What database are you using?

SQLite (Default)

Relevant log output

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support the app dev(s) visit:
Ombi - Patreon: https://patreon.com/tidusjar
Ombi - PayPal: https://paypal.me/PlexRequestsNet

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1311
User GID:    1311
───────────────────────────────────────

[custom-init] No custom files found, skipping...
Hello, welcome to Ombi
Valid options are:
Ombi 4.43.5
Copyright (C) 2024 Ombi

  --host       (Default: http://*:5000) Set to a semicolon-separated (;) list of
               URL prefixes to which the server should respond. For example,
               http://localhost:123. Use "localhost" to indicate that the server
               should listen for requests on any IP address or hostname using
               the specified port and protocol (for example,
               http://localhost:5000). The protocol (http:// or https://) must
               be included with each URL. Supported formats vary between
               servers.

  --storage    Storage path, where we save the logs and database

  --baseurl    The base URL for reverse proxy scenarios

  --demo       Demo mode, you will never need to use this, fuck that fruit
               company...

  --migrate    Will run the migrations then exit the application

  --help       Display this help screen.

  --version    Display version information.



Wrote new baseurl at /app/ombi/ClientApp/dist/index.html
We are running on http://*:3579
/app/ombi
[ls.io-init] done.

Headers in chrome :

Content-Length:
0
Date:
Wed, 10 Apr 2024 17:59:47 GMT
Server:
Kestrel
Www-Authenticate:
Bearer
:authority:
ombi.MY_DOMAIN
:method:
GET
:path:
/api/v2/search/Tv/anticipated/0/17
:scheme:
https
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding:
gzip, deflate, br, zstd
Accept-Language:
fr-FR,fr;q=0.9,en;q=0.8,en-GB;q=0.7
Cache-Control:
no-cache
Cookie:
authentik_proxy_zD8BVb46=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Pragma:
no-cache
Sec-Ch-Ua:
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Linux"
Sec-Fetch-Dest:
document
Sec-Fetch-Mode:
navigate
Sec-Fetch-Site:
none
Sec-Fetch-User:
?1
Upgrade-Insecure-Requests:
1
User-Agent:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
@chrootlogin
Copy link

I seem to have a related issue. App Login is not possible with SSO. I get the error, that the server has an invalid version.

@jjer-137
Copy link

jjer-137 commented Jun 6, 2024

I seem to have a related issue. App Login is not possible with SSO. I get the error, that the server has an invalid version.

As of today I am having the same issue - don't know what's changed but I only noticed today when trying to request a show.

I also have authentik and traefik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants