Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unraid behind Authentik

Featured Replies

I'm using Authentik for centralized authentication for most of my apps in my homelab and would like to use it for authentication to Unraid as well but it looks like we can no longer disable the built in authentication to Unraid.  Is there any way to do so or another work around to use an app like Authentik with Unraid?

  • 1 month later...

Same question.

  • 9 months later...

I would also be interested. 

  • 3 months later...

Looks like this didn't gain traction but also curious if anyone has an answer. - Cheers!

  • 2 months later...

For anyone looking for this, I created a gist with the code and instructions on how to set Unraid up behind Authentik.

 

I'm pretty new to both Unraid and Authentik, so if anyone has suggestions for changing it, I'll gladly make them.

  • 1 month later...

Hey @dangle thanks for putting this together!

Was able to follow the instructions fairly well but seem to be hitting an issue somewhere.

 

Created a new group with the attribute 

unraid_password: xxxxxxx

being the password used for the root account, assigned this to my normal Authentik account I use.
 

I've created a Property Mapping -> Scope Mapping following instructions. I've updated internal_host

internal_host = "10.0.1.xx"

and my external 

external_host = "https://server.xxxxxx.com"


I had an existing Provider setup so I added the additional scopes I created above. It already had the same external_host

Existing application, as well as already assigned to Outpost. I had existing setup for forward authentication setup in my npm so changes there.

 

In the logs I do see the following.

 

# Something went wrong if the login succeeded but the cookie is missing ak_logger.error("cannot get unraid token") return {}

So think I'm close but missing some part of the equation. 

 

Thanks for any and all assistance might be able to provide to get over the final hurdle. - Cheers! 

Edited by Healzangels

Well, that indicates that it couldn't find the cookie. I'd try logging out all cookies before the for loop just to see what you're actually getting back.

 

Another thing to try would be removing "200" from the list of good statuses. As far as I know, it should always be a 302. It's possible that if you're getting a 200 it's not setting the cookie.

 

One final note is that your external host shouldn't have "http://" in it. Just the host name. It takes a hash of the domain name, not a URL.

Hey thanks so much for the follow up and extra information! 

Also apologies I mid testing so made some mistakes when writing yesterdays post which lead to some inaccuracies to what I was seeing/communicated here. D'oh sorry! 

The error I had been seeing yesterday was actually the follow (not the cookie is missing, I realized this was the end of the expression not the error message) 

Traceback (most recent call last):
  File "Unraid_Authentik", line 74, in <module>
  File "Unraid_Authentik", line 36, in handler
  File "/ak-root/venv/lib/python3.12/site-packages/requests/sessions.py", line 637, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/requests/adapters.py", line 622, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='http', port=80): Max retries exceeded with url: /10.0.1.xx/login (Caused by NameResolutionError("<urllib3.connection.HTTPConnection object at 0x1526279ea510>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))
Expression

 

After testing more today I found that this was caused as during one point of my testing I had set

 

internal_host = "http://10.0.1.xx"

Rather then just the IP address. I've since removed the "http://" (internal) and "https://" (external) from my entries. 

 

With those changes logging into authentik in front of my Unraid address I actually see nothing in the logs regarding my Scope Mapping (which seems like a good thing!) however I am still stopped by my unraid login screen. 

 

I then tested with removing the "200"  from the list of good status.

With that change I would see a "Property Mapping exception" in my Authentik logs containing the following Exception.

Exception

Traceback (most recent call last): File "Unraid_Authentik", line 74, in <module> File "Unraid_Authentik", line 46, in handler builtins.TypeError: argument of type 'int' is not iterable

 

Thanks again for the assistance in troubleshooting! 

Feels very close when I leave the 200 in place however with no entries in the logs but still hitting the unraid login not sure what to test next. - Cheers! 

That's a Python gotcha. When you have a tuple with a single item, you have to put a comma after it; otherwise the parentheses are treated as grouping, rather than a tuple.

I've gone ahead and made a couple of small changes to the gist that should hopefully help. I've removed the 200 status code check and added a log line for when it successfully finds the cookie.

A gotcha indeed! Thanks for the info/better understanding.

Also thanks for the updated code, appreciate it.

 

Was able to test today but unfortunately still not a success.

New code in place and updated variables. Interestingly nothing in the Authentik logs like I was seeing before when I had the () or internal_host = "http://10.0.1.xx".

Just looks like a successful login attempt from the logs side. 

 

On the webpage side, I see my normal Authentik log ->  login with my account that I have assigned to the group containing my unraid_password attribute -> greeted by the normal unraid login page. Password.thumb.PNG.06dea14f0a43688ba2a4b8b9a4558118.PNG

 

Wish I could provide more information but if there are some other logs I could be checking or within Chrome console happy to provide any info. 

 

Again thanks for the assistance troubleshooting/doing this, and no worries if we hit a full roadblock!

 

- Cheers

Edited by Healzangels

  • 4 months later...

Im also hitting the same issue as Healzangels

Noting eronious is showing up in the logs either

  • 5 weeks later...

@Alextrical curious if you had been able to make it any further along. I ended up putting this on the back burner as wasn't able to quite able to bring it a cross the finish line. Cheers!  

  • 3 weeks later...

Hi guys...I installed Authentik today...even though I'm connected, this message appears. Any suggestions?

 

image.png.2ae7f21c1bba3f0f593ba4ce54d2c0dd.png

Are you running through a reverse proxy?

If so make sure you’ve got websocket support enabled/setup properly. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.