-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication failure for Transmission behind proxy for SSL #2049
Comments
Is it the https part? All connections to indexers (OZnzb and nzbgeek) have been failing for me due to SChannel errors. |
I'm currently getting a very similar issue and I believe the issue at least for me lies in that I'm using self signed certificates. How can I tell Sonarr to bypass the certificate checking for connecting to transmission via tls (nginx reverse proxy). I currently get a unable to connect message though I'm sure my parameters are configured correctly. Here is some great log info:
|
Well, I'm using a rather radical SSL configuration on my nginx server. Here's what's it looks like (if it helps):
|
Mono doesn't support TLS 1.1 or 1.2 natively so Sonarr falls back to using libcurl (if it's available).
@donileo possible need to update the ca-bundle, but open a thread on the forums for support. @KireinaHoro what do the logs actually show? Is nginx doing the authentication or is transmission? What if you bypass nginx? |
Transmission is doing the authentication. Nginx simply does a
Directly adding the client by using port 9091 (thus plain HTTP) works. |
What's worth noting may be that I'm getting failed Indexers like this as well:
It would be great if instructions on how to install the appropriate libcurl for other distributions (I'm using Debian 9). |
I rolled mono back to 4.8.1.0 and everything started working again. So something in mono 5.x broke SSL/TLS. |
I am very very close to getting it working on my FreeBSD 11 system. Here is what I found:
Finding an appropriate/easy solution to this problem is where I'm stuck. If you build curl/libcurl from source you can specify the ca bundle location which you can then use to link to your own managed ca roots cert file. That way even when the ca-root-nss.crt changes as it inevitably will you can simple update your managed ca roots file to match and it should work. This is where I last left off. |
On another note looking at the mono documentation it seems like its possible to get mono to independently trust certs. That approach may be way easier than how I'm currently going about it. @markus101 Doing a quick glance I'm reading that mono does support TLS 1.2 natively in 4.8+ so why is the fallback to libcurl still occurring? Update: Ok so apparently TLS 1.2 support is built in but not normally enabled. It is supported using BoringSSL (a Google fork of OpenSSL not meant for general use). |
@KireinaHoro Check the Trace logs to see the response from Transmission. The snippets of errors don't really help much, it looks like you're having some issues with secure connections, but if Transmission is actually sending a response, that part is working (unless the authentication is failing because the response fails). @donileo mono 5.0 and BoringSSL is not working 100% of the time, so we still recommend 4.8 or 5.0 with the legacy TLS provider. See #1928 (or the multiple forum threads on the issue). This issue is fractured with multiple issues and is not the correct location for support. Please open a thread on the forums for support and we can help troubleshoot. |
The transmission client is behind nginx for HTTPS. I can access the Transmission web control at
https://domain.tld
and authenticate properly, yet with domain.tld, port 443, ssl on, sonarr says that the authentication failed.I've also tried using
curl https://username:password@domain.tld:443
, which returned the control panel correctly instead ofHTTP 401
. If I remove the username and password section, curl simply returns a401
.The text was updated successfully, but these errors were encountered: