Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot login behind Traefik, but ip:port works fine #639

Closed
4 tasks
joshoram80 opened this issue Mar 15, 2024 · 4 comments
Closed
4 tasks

Cannot login behind Traefik, but ip:port works fine #639

joshoram80 opened this issue Mar 15, 2024 · 4 comments
Labels
question Further information is requested

Comments

@joshoram80
Copy link

Have you read the documentation?

  • [x ] Yes, but it does not include related information regarding my question.
  • Yes, but the steps described in the documentation do not work on my machine.
  • Yes, but I am having difficulty understanding it and wants clarification.

You are setting up gotify in

  • [x ] Docker
  • Linux native platform
  • Windows native platform

Describe your problem

Cannot login when accessing Gotify via Traefik, but login via IP:Port Works fine. Obviously this is not ideal

2024-03-15T19:43:15+11:00 | 401 | 24.478µs | 202.179.131.174 | POST "/client"
Error #1: you need to provide a valid access token or user credentials to access this api

Ex: docker-compose.yml, nginx.conf, android logcat, browser requests, etc.

Compose Snippet
gotify:

image: ghcr.io/gotify/server:latest

container_name: gotify

restart: unless-stopped

networks:

- t2_proxy

environment:

- PUID=1000

- PGID=1000

- TZ=$TZ

volumes:

- $DOCKERDIR/appdata/gotify/data:/app/data

ports:

- 8044:80 #optional

labels:

- "traefik.enable=true"

## HTTP Local Auth Bypass

- "traefik.http.routers.gotify-rtr-local.entrypoints=https"

- "traefik.http.routers.gotify-rtr-local.rule=Host(gotify.$DOMAINNAME) && ClientIP(192.168.0.0/24)"

- "traefik.http.routers.gotify-rtr-local.priority=100"

- "traefik.http.routers.gotify-rtr-local.middlewares=middlewares-authentik@file"

- "traefik.http.routers.gotify-rtr-local.service=gotify-svc"

## HTTP Routers

- "traefik.http.routers.gotify-rtr.entrypoints=https"

- "traefik.http.routers.gotify-rtr.rule=Host(gotify.$DOMAINNAME)"

- "traefik.http.routers.gotify-rtr.priority=99"

## Middlewares

- "traefik.http.routers.gotify-rtr.middlewares=middlewares-authentik@file"

## HTTP Services

- "traefik.http.routers.gotify-rtr.service=gotify-svc"

- "traefik.http.services.gotify-svc.loadbalancer.server.port=80"

The middleware in the snippet is just auth response headers for Authentik, nothing touches Basic Auth
@joshoram80 joshoram80 added the question Further information is requested label Mar 15, 2024
@jmattheis
Copy link
Member

show your middlewares-authentik@file.

@joshoram80
Copy link
Author

middlewares-authentik:
forwardAuth:
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
- authorization

@jmattheis
Copy link
Member

You've listed authorization in the authResponseHeaders. Basic auth uses this header.

@joshoram80
Copy link
Author

Excellent! I Completely overlooked that. Thanks :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshoram80 @jmattheis