Jump to content
jbrodriguez

[Plugin] ControlR

408 posts in this topic Last Reply

Recommended Posts

Posted (edited)

@mikeydk I've only skimmed the last posts, but I see you mention that nginx takes care of the login and you also mention other users than root. I assume by nginx you mean reverse proxy? Can you explain what you think the reverse proxy part of nginx is doing in your setup? How exactly do you tell nginx what user to log into unraid with? You say that nginx runs as root,  and it will always log into unraid with root no matter what user you use. how do you do that? Do you change the PUID,PGID of the container? And do you expect it to then log into other services with the user you run the container as?

 

Either I'm missing something or maybe you have misinterpreted on how "nginx" (reverse proxy) works. What the reverse proxy does is serves you your local services through the internet via a domain. So what happens when you go to your domain/IP it serves the unraid webui as you were sitting locally.

 

And since the only user that can log into the webui is root how do you expect to log into "nginx" with another user than root and except "nginx" to magically put in the root user and password? I'm no nginx expert, so I'd like to know how you do this.

 

I see you mention .htpasswd file all this does is serve up a simple login to get access to the service behind the reverse proxy, once logged in it will still serve the local login to the service if it has one. So essentially you have to log in twice, once with whatever user you set up in the htpasswd file, and once with the REAL username and password to the service. 

 

So if you understand all this I'm still at a loss on how you expect this app (or any app really) to log into the webui (which ONLY accepts the root username and password) with another user. I don't care what magic the app (nginx) does, if it doesn't put the root username and password into the unraid webui login box it isn't going to work, as simple as that.

 

Edited by strike

Share this post


Link to post
9 minutes ago, strike said:

You say that nginx runs as root

I dont think I ever said that.

 

2 minutes ago, strike said:

How exactly do you tell nginx what user to log into unraid with?

proxy_set_header Authorization

 

With this you can make nginx do the basic auth unraid is using, while having another login when accessing nginx. And it actually seems to work pretty well. When trying to access unaid, you go to a link, and the basic auth is popping up, but instead of getting the one from unraid, it is the one from nginx. This allow me to block brute force attacks, along with a bunch of other things.

 

7 minutes ago, strike said:

So essentially you have to log in twice, once with whatever user you set up in the htpasswd file, and once with the REAL username and password to the service. 

No, I only log in once, nginx is then applying the header for logging into unraid.

 

Clearly I don't know how to use this app, since the only way I can get it to work, is a way it is not supposed to work.

Share this post


Link to post
12 minutes ago, mikeydk said:

proxy_set_header Authorization

Then I understand, as I said I'm no nginx expert and never had the usecase to try this.

 

But I still I can't see how this app would know that you're using nginx reverse proxy and that header. I'm also not a programmer but I don't think this app supports what you're trying to do. 

Share this post


Link to post
Just now, strike said:

I don't think this app supports what you're trying to do. 

I dont think so either, now. But it is actually the only thing I can get to work.

If I put unraid's ip and port 443 in, I get the dash and access to start and stop all dockers, which work just fine. But to do that, I need to create a root user the app can log in with (because the username field is for the plugin, but the password field isnt?).

 

I have also tried to put the ip of unraid in, but then start the server from the plugin and put the port in it it is showing, but when I press ADD in the app, I am just send back to the server list, without getting anything added, and then I can go back and try to put everything in again, and just have it all erased and send back to the empty server list.

 

Trying to access the UI in the plugin shows this too

Quote

Unable to connect to serverx

(1001) - Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused

 

So the only way I can get it to work, is the way it isn't supposed to work. But it is actually working pretty well that way, except the username field is being used for something else.

Share this post


Link to post

I don't have too much more to say, to be honest.

 

For remote access, the app supports an OpenVPN(/WireGuard) setup, not a reverse proxy such as nginx.

 

The port to use is the Unraid webGUI port, not the plugin's.

 

This is stated in the FAQ (https://www.apertoire.com/faq/controlr/)

 

I'm currently unable to provide support for any other scenarios (even if they may or may not somewhat work).

Share this post


Link to post
30 minutes ago, mikeydk said:

So the only way I can get it to work, is the way it isn't supposed to work.

I may have missed something as I only skimmed through your post. Or I misunderstood something. But to me, it seemed like the only way you got it to work was when you used the root user (which is the way it's supposed to work) and when you tried to put in another user it didn't work because it still used root (?). That's the way I read it anyway. So to me, your statement is wrong. You can only get it to work the way it's supposed to, but not the way you want to would be more correct imo. :P

 

Share this post


Link to post
Posted (edited)

Seems to be something up with the pluginUdklip.thumb.PNG.c6860033dc98f8b53d813a1ae5565fbf.PNG

 

46 minutes ago, strike said:

But to me, it seemed like the only way you got it to work was when you used the root user (which is the way it's supposed to work) and when you tried to put in another user it didn't work because it still used root (?).

I actually think it all started with a bad ui design. There is a field for ip, port, username and password. But as it seems, username and password are not related to each other. You can change the username to whatever you want, but the password must be for the root user on the server. But nothing is explaining how that is, and nothing is put in to indicate they are not connected. What has been confusing on top, is that I have apparently tried to use it as intended, but since I am not sharing passwords across multiple users, I could not get it to add the server to the list, because it was the wrong root password. The app isn't showing any error messages, it just silently goes back to the server list, where nothing is added, no matter what the problem is.

I only just now found a place in the faq where it mention the need of root password, and that is only because I was looking specifictly for that. I have even been on it before, but there were two topics about connecting, then it continued to the plugin. It turns out, after that, it goes back to explain about connecting.

 

So I probably misunderstood how to use this. And failed to find the documentation needed, but I got some suggestions to make this easier to find and use.

 

FAQ

Move the "I’m having issues accessing the app with any user other than root" section up to the other relating connecting.

Move "Can you add x, y, z feature ?" down to "I’m having x, y, z issue with the app", as they are both related to something else not covered.

 

Mobile app

Split it up, so it is clear to see what part is related to the connection to the server, and what part is related to the user to use.

In the server part there could be, as there is now, a field for ip, port, username where it is set to root and disabled so it cant be changed, followed by password, server name, and the secure toggle.

After that a wider line or something to split the interface up, and then have a field for the user.

Also adding some error messages to the mobile app would be very helpful, then users wouldn't have to guess why nothing happened.

Edited by mikeydk

Share this post


Link to post
43 minutes ago, mikeydk said:

but I got some suggestions to make this easier to find and use.

Thanks for the feedback. I'll take it under consideration.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.