Unable to find remote user

[illispi]

I am using caddy and dozzle, but I am unable to get in and I get this error in docker logs:

msg="Unable to find remote user. Please check your proxy configuration. Expecting headers Remote-Email, Remote-User, Remote-Name."

This is my ansible task:

---
- name: Create dozzle container
  community.docker.docker_container:
    name: dozzle
    image: amir20/dozzle:latest
    pull: true
    state: started
    restart_policy: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    security_opts:
      - no-new-privileges:true
    networks:
      - name: caddy
    env:
      DOZZLE_AUTH_PROVIDER: forward-proxy

    labels:
      caddy: "dozzle.{{ domain }}"
      caddy.reverse_proxy: "{{'{{upstreams 8080}}'}}"
      caddy.forward_auth: "authelia:9091"
      caddy.forward_auth.0_uri: "/api/verify?rd=https://auth.{{ domain }}/"
      caddy.forward_auth.1_copy_headers: "Remote-User Remote-Groups Remote-Name Remote-Email"

There was similiar issue, but it was fixed so I am not sure what I am doing wrong here.

[amir20]

Hi @illispi. Its really hard to debug proxy issues. However, if you enable debug with DOZZLE_LEVEL: debug, I print out all the headers when remote user is not found. So please enable that and let's see what that looks like.

If the headers are missing then you'll have to figure out why Caddy is not providing the right headers.

[illispi]

level=error msg="Unable to find remote user. Please check your proxy configuration. Expecting headers Remote-Email, Remote-User, Remote-Name."
level=debug msg="Dumping all headers for url /"
level=debug msg="Accept-Language: [fi-FI,fi;q=0.6]"
level=debug msg="Cf-Connecting-Ip: ["redacted_ip"]"
level=debug msg="Cookie: [authelia_"redacted"]"
level=debug msg="X-Forwarded-For: ["redacted_ip"]"
level=debug msg="User-Agent: [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36]"
level=debug msg="Accept-Encoding: [gzip]"
level=debug msg="Cf-Visitor: [{\"scheme\":\"https\"}]"
level=debug msg="Sec-Gpc: [1]"
level=debug msg="Cf-Ray: ["redacted"]"
level=debug msg="Remote-Name: [admin]"
level=debug msg="Remote-User: [admin]"
level=debug msg="Sec-Ch-Ua-Mobile: [?0]"
level=debug msg="X-Forwarded-Host: [dozzle."redacted".org]"
level=debug msg="Sec-Ch-Ua: [\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Brave\";v=\"120\"]"
level=debug msg="Sec-Ch-Ua-Platform: [\"Windows\"]"
level=debug msg="Upgrade-Insecure-Requests: [1]"
level=debug msg="Sec-Fetch-Dest: [document]"
level=debug msg="Sec-Fetch-Mode: [navigate]"
level=debug msg="Sec-Fetch-User: [?1]"
level=debug msg="Accept: [text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8]"
level=debug msg="Cdn-Loop: [cloudflare]"
level=debug msg="Cf-Ipcountry: [FI]"
level=debug msg="Priority: [u=0, i]"
level=debug msg="Remote-Email: []"
level=debug msg="Remote-Groups: [admins,dev]"
level=debug msg="Sec-Fetch-Site: [none]"
level=debug msg="X-Forwarded-Proto: [https]"

Here is the output.

[amir20]

Well, the problem is that Remote-Email is blank. Is that to be expected for you?

Right now I make sure I have at least an email. Maybe a better solution would be to check for Remote-User.

[amir20]

@illispi try amir20/dozzle:pr-2604. That expects username. But I don't know if it breaks anything else. I need to check the code again to make sure email address is not used anywhere that could break.

[illispi]

With this amir20/dozzle:pr-2604, it does work.

[amir20]

Do you know why email is blank for you? Are you setting it that way or is caddy removing it?

[illispi]

I have set it intentionally blank.

[amir20]

Then does it make sense to only check for username? I just want to use one field as a requirement. Thoughts?

[illispi]

I think that it would be fine to just check for username.

[amir20]

Alright went through the code. I think the only thing it will break is the avatar. But I fallback to showing username initials. So I think it will be ok.

[amir20]

Releasing new version now...