[Support] IBRACORP - All images and files


Recommended Posts

On 3/25/2021 at 12:29 PM, akshunj said:

Looks like Ghost 4 is out.  Any plans to upgrade the container?  It appears to be a major upgrade that requires a migration to the new version...  Thanks for a great container!

Latest update to Ghost pushes to v.4.  It will break the container. Please see this thread for how to correct.  You will need to remove the "migrations" and "migrations_lock" tables from your mariadb database.  More here:

https://forum.ghost.org/t/db-error-after-upgrading-to-v4/20921/6

 

And if you're not database saavy (like me), check this out for some step by step:

https://www.tutorialspoint.com/mariadb/mariadb_drop_tables.htm

Link to comment

I tried setting up FreeIpa but am having some problems getting it to work with authelia. I followed the youtube guide and it looks like everything is installed ok. I have changed my authelia configuration as mentioned in the guide and I can log in to the freeipa webui. The only thing that I have done is created a new user.

 

But I always get "Invalid Credentials" after tying to log in using authelia.

this is the error message:
 

Quote

time="2021-04-23T06:50:19+02:00" level=debug msg="Mark authentication attempt made by user admin" method=POST path=/api/firstfactor remote_ip=<my_public_ip>
time="2021-04-23T06:50:19+02:00" level=error msg="Error while checking password for user admin: LDAP Result Code 49 \"Invalid Credentials\": " method=POST path=/api/firstfactor remote_ip=83.209.13.231 stack="github.com/authelia/authelia/internal/middlewares/authelia_context.go:64 (*AutheliaCtx).Error\ngithub.com/authelia/authelia/internal/handlers/response.go:112 handleAuthenticationUnauthorized\ngithub.com/authelia/authelia/internal/handlers/handler_firstfactor.go:103 FirstFactorPost.func1\ngithub.com/authelia/authelia/internal/middlewares/authelia_context.go:49 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2207 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1371 goexit"

 

I also have another problem, when creating a new user and setting a password the password expires directly which is by desig after reading the FreeIPA doc. The user is supposed to reset the password on the first login and set a new password. But for some reason I also get Invalid credentials when trying to send the reset mail from authelia.
 

Quote

time="2021-04-23T06:36:26+02:00" level=error msg="LDAP Result Code 49 \"Invalid Credentials\": " method=POST path=/api/reset-password/identity/start remote_ip=<my_public_ip> stack="github.com/authelia/authelia/internal/middlewares/identity_verification.go:25 IdentityVerificationStart.func1\ngithub.com/authelia/authelia/internal/middlewares/authelia_context.go:49 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2207 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1371 goexit"

 

Is this part correct "admin" method=POST path=/api/firstfactor remote_ip=<my_public_ip>" ? Should the post be sent from my external/public ip ? And could it be the cause of the problems ?

Edited by Cliff
Link to comment

I had Authelia set up and running with LDAP (FreeIPA). However after having my server down for last few weeks due to a house move it wont start. I get the error:

level=error msg="invalid configuration key 'authentication_backend.ldap.skip_verify' was replaced by 'authentication_backend.ldap.tls.skip_verify'"

Any suggestions on how to resolve this?

Link to comment
7 hours ago, zognic said:

I got an error too , little bit different

 


level=error msg="invalid configuration key 'notifier.smtp.disable_verify_cert' was replaced by 'notifier.smtp.tls.skip_verify'"

 

You need to use latest configuration.yml on my Git or the official Git. Mine has FreeIPA LDAP otherwise either will work. 

Link to comment

Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread.

Quote

time="2021-05-04T19:57:11-07:00" level=error msg="Error malformed yaml: line 216: did not find expected key"

 

the file stanza starts on line 217

 

  ##Line 216
   file:
     path: /config/users_database.yml
     password:
       algorithm: argon2id
       iterations: 1
       key_length: 32
       salt_length: 16
       memory: 1024
       parallelism: 8

 

and the obfuscated users_database.yml file

cat users_database.yml
users:
  <username>:
    displayname: "<name>"
    password: "$argon2i$v=19$m=1024,t=1,p=<hash>"
    email: <email>
    groups:
      - admins
      - dev

 

Not quite sure whats going wrong. Please let me know if you have any thoughts!

Edited by mmwilson0
Link to comment

Wasn't sure where to post this. Ibracorps Discord isn't letting me message there . . . but that's a separate issue.

 

I'm following the Atomic Moves video and got to the part where I'm allocating ports on qbittorrent - 8080 is already in use by sabnbzdvpn so no idea how to proceed. I realise I obviously don't know what 'port allocation' really means or I'd be able to figure it out. Maybe.

 

Can I just use any port number not currently used,  so kinda pick one at random?

Does it matter that a torrent and a usenet container share the same port? I notice that sabnzbdvpn has several other ports . . . I'm really just following the tutorial and jumping through hoops, and generally make little use of torrents, but I don't want to do something dumb now that I'll forget about in a couple of weeks (days if I'm honest) !!

 

I have created a 'custom' docker network if that makes any difference?

 

If any one can also point me at a tutorial or info that explains docker port allocations at a high level then very happy to learn something.

Link to comment

@awediohead not sure why discord isn't letting you chat? I'll look into it. 

 

To answer your question, if the port is already in use by different app just use a random one one digit up or down if you like. 

 

It can't be the same one because the other app is using it and unraid won't let you anyway. 

  • Thanks 1
Link to comment
On 4/22/2021 at 9:58 PM, Cliff said:

I tried setting up FreeIpa but am having some problems getting it to work with authelia. I followed the youtube guide and it looks like everything is installed ok. I have changed my authelia configuration as mentioned in the guide and I can log in to the freeipa webui. The only thing that I have done is created a new user.

 

Did you resolve this? I am having the same issue. I switched from password to LDAP with FreeIPA. i followed the ibracorp LDAP video and copied over the LDAP configs from the git repo, and commented out the password file configurations.

 

In freeIPA i have basically set it up, created an admin user and a non-admin user (ipausers group), the latter i would like to use to log in to authelia. Do i have to do any configurations in FreeIPA so that this will work?

Link to comment
  • 2 weeks later...
On 5/5/2021 at 5:54 AM, mmwilson0 said:

Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread.

 

the file stanza starts on line 217

 


  ##Line 216
   file:
     path: /config/users_database.yml
     password:
       algorithm: argon2id
       iterations: 1
       key_length: 32
       salt_length: 16
       memory: 1024
       parallelism: 8

 

and the obfuscated users_database.yml file


cat users_database.yml
users:
  <username>:
    displayname: "<name>"
    password: "$argon2i$v=19$m=1024,t=1,p=<hash>"
    email: <email>
    groups:
      - admins
      - dev

 

Not quite sure whats going wrong. Please let me know if you have any thoughts!

Same problem as you, did you find any solution?

Link to comment
  • 3 weeks later...

I have some prolems with authelia. Whenever I try to go to my auth.domain.com I get a white screen and no change in my authelia logs. If I go to a domain that I have set to bypass it seems to work and I get some activity in the logs. I have another subdomain with one_factor where I also get a white screen when accessing, however here I get some logs.

 

level=info msg="Access to [REDACTED] (method unknown) is not authorized to user <anonymous>, sending 401 response" method=GET path=/api/verify remote_ip=[REDACTED]

 

 

I haven't been able to replicate it but somethimes I get this error message in my logs

 

error when serving connection "172.18.0.8:9091"<->"172.18.0.1:38846": error when reading request headers: EOF. Buffer size=194, contents: "\x16\x03\x01\x00\xbd\x01\x00\x00\xb9\x03\x03\u0084\xf4<\xb5\xa8\xaaB '\xe1\xf3͔\xb7\xd5\xd8g7z`\r\x05瑫\xd2[\xb3Iҷ\x00\x008\xc0,\xc00\x00\x9f̨̩̪\xc0+\xc0/\x00\x9e\xc0$\xc0(\x00k\xc0#\xc0'\x00g\xc0\n\xc0\x14\x009\xc0\t\xc0\x13\x003\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\xff\x01\x00\x00X\x00\v\x00\x04\x03\x00\x01\x02\x00\n\x00\f\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x000\x00.\x04\x03\x05\x03\x06\x03\b\a\b\b\b\t\b\n\b\v\b\x04\b\x05\b\x06\x04\x01\x05\x01\x06\x01\x03\x03\x02\x03\x03\x01\x02\x01\x03\x02\x02\x02\x04\x02\x05\x02\x06\x02"

 

Could it have to do with the default buffer sizes in "Authelia Portal.conf" or "Protected Endpoint.conf"? It says "Buffer size=194" but both those files have buffers if I read it correctly. PS is there a good reasource to lean more about this as I don't really understand what is going into these files?

 

From my configuration.yml

access_control:
  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
  ## resource if there is no policy to be applied to the user.
  default_policy: deny # Always set to deny
  
  rules:
    # Rules applied to everyone
    - domain: [REDACTED]
      policy: bypass

    - domain: [REDACTED]
      policy: bypass

    - domain: [REDACTED]
      policy: one_factor

    - domain: [REDACTED]
      policy: two_factor

 

 

From "Authelia Portal.conf":

client_body_buffer_size 128k;

proxy_buffers 64 256k;

 

From "Protected Endpoint.conf":

client_body_buffer_size 128k;

proxy_buffers 4 32k;

 

The weird thing is that it has been working and now after I have woken up it does not work? Any help is much appreciated and if there is any information I need to provide please let me know.

Edited by JustAnotherGuy1324
Link to comment

I've tried setting up Authelia following the deep dive video and I'm having an issue. Ive managed to get to the point where the container starts up with no errors in the log, however when I try to open the web UI I get the following in my browser:

 

image.thumb.png.f5091db04fa5edade6d32ec7b928bffd.png

 

I'm using File notifications and there is absolutely nothing in the notification.txt file. Any ideas?

 

Thanks.

Link to comment
1 hour ago, Lumpy_BD said:

I've tried setting up Authelia following the deep dive video and I'm having an issue. Ive managed to get to the point where the container starts up with no errors in the log, however when I try to open the web UI I get the following in my browser:

 

image.thumb.png.f5091db04fa5edade6d32ec7b928bffd.png

 

I'm using File notifications and there is absolutely nothing in the notification.txt file. Any ideas?

 

Thanks.

 

Lumpy_BD I think we might have the same underlying problem. I will look into it again later today as I believe there is something wrong with some of the text-files for nginx. 

Link to comment

I am using Authelia together with Nginx Proxy Manager. Both are installed with Docker containers on the same host. I have got the setup working with most of my services, but for some reason when trying to get it to work with VSCode (using linuxserver/code-server) I only get a white/blank screen after login. Anyone have any tip as to what might be wrong? I am using the same endpoint configuration for all the services just changing out the address and port number. I have no trouble with VSCode when not behind Authelia.

Link to comment

First off, thank you @Sycotix for your Authelia CA container as well as your video series on YouTube. Very helpful and detailed!

 

I've set up Authelia using a combination of your video and this blog post by Linuxserver. I mostly followed your video except for the end where I used SWAG instead of NPM.

 

I've tested Authelia by protecting two endpoints: Syncthing and Tautulli.

 

A few questions:

1) When I go to https://syncthing.mydomain.com, I get a distorted Authelia login page (please see attached images), whereas when I go to https://tautulli.mydomain.com, I get the usual Authelia login page. This is the case on desktop Firefox, Chrome, and Edge. I don't suppose you've seen this before? Any ideas as to why this might be? The distorted page is still functional (just not as pretty).

EDIT: tried on mobile Chrome (iOS) and mobile Safari. For both mobile browsers, both Syncthing and Tautulli give me the distorted Authelia page.

 

2) In any case, once I login, I get to another login prompt. Obviously this is from the authentication I enabled before Authelia was set up. So, now that Authelia is protecting these services, am I good to just disable the "internal" (for lack of a better word) authentication for these services?

 

2a) I disabled the basic GUI auth for Syncthing. And while Authelia of course still protects Syncthing, I do now get a bright red warning message from Syncthing that I need to set GUI authentication. Is there any way to make Syncthing aware of Authelia or link them in some way so that the warning message goes away?

 

3) For the majority of my reverse-proxied services, I will probably be the only one who needs to access them. But for certain services (e.g. Ombi) where I would have multiple users, how do I set it up such that userX and userY logging in via Authelia automatically signs in userX and userY, respectively, to the desired service?

 

Thanks for any and all help!

Authelia-distorted.png

Authelia-regular.png

Link to comment
On 5/4/2021 at 10:54 PM, mmwilson0 said:

Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread.

 

the file stanza starts on line 217

 


  ##Line 216
   file:
     path: /config/users_database.yml
     password:
       algorithm: argon2id
       iterations: 1
       key_length: 32
       salt_length: 16
       memory: 1024
       parallelism: 8

 

 

I finally figured this one out after some head scratching.

Malformed means the spacing is wrong.

 

In your example, take off one space so they line up with the other lines in the document. Visual Studio Code helps with this because it shows lines to line up with. The spacing is 2.
Like this;
 

##Line 216
file:
  path: /config/users_database.yml
  password:
    algorithm: argon2id
    iterations: 1
    key_length: 32
    salt_length: 16
    memory: 1024
    parallelism: 8

 

  • Thanks 1
Link to comment

Got this error when trying to setup two_factor:

 

level=error msg="534 5.7.9 Application-specific password required.

 

Any idea? :)

 

EDIT:

 

Found solution, had to add "App Passwords" inside gmail and add that password in the config file for mail.

Edited by linusgrip
Found solution
Link to comment

Hey, I'm somehow not able to login via the iOS nextcloud app.

I saw the reply in page 8 (https://forums.unraid.net/topic/94096-support-ibracorp-all-images-and-files/page/4/?tab=comments#comment-891154&searchlight=1), however I'm running the config with swag/letsencrypt.

I can use nextcloud normal via browser and the 2FA works, although after logging in with the old method (ios app), it threw 405 errors. After logging in successfully with authelia I get an "access denied, invalid login".

I tried adding

proxy_intercept_errors off;

after server { and before the location part, although that does not work.

Not really sure where I am supposed to look. The login seems to be fine in itself.

 

Thanks in advance!

Link to comment
  • 4 weeks later...
  • 3 weeks later...

Short question concerning Authelia.

 

I got an error concerning the last part of the config file.

 

time="2021-08-03T17:56:20+02:00" level=error msg="Error malformed yaml: line 543: did not find expected key"

 

 

notifier:

smtp:

username: [email protected]

# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html password: yourapppassword

sender: [email protected]

host: smtp.gmail.com

port: 587

 

I have no clue what could go wrong here. 

I created an app password and pasted it. 

Any hints?

Link to comment
On 8/3/2021 at 11:19 AM, sylus said:

Short question concerning Authelia.

 

I got an error concerning the last part of the config file.

 

time="2021-08-03T17:56:20+02:00" level=error msg="Error malformed yaml: line 543: did not find expected key"

 

 

notifier:

smtp:

username: [email protected]

# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html password: yourapppassword

sender: [email protected]

host: smtp.gmail.com

port: 587

 

I have no clue what could go wrong here. 

I created an app password and pasted it. 

Any hints?

Here's my portion, formatting could be issue as well as a few small differences - bolded & underlined...2 spaces where bullets are.  And formatting on this forum sucks, so just validating the URL for secrets is included as a comment via #

 

  • notifier:
    • smtp:
      • username: gmail
      • password: gmail API password
      • host: smtp-relay.gmail.com
      • port: 587
      • sender: gmail
      • subject: "[Authelia] {title}"
      • disable_require_tls: false
      • disable_html_emails: false
      • tls:
        • skip_verify: false
        • minimum_version: TLS1.2
Link to comment

I got it up and running, after lots of troubleshooting.  Logs from docker were key to hunting them down. Odd that only a few of my secrets didn't work and had to add in manually.  

 

My issue is that I'm using HAPROXY via pfSense, which works brilliantly - but most writeups/videos are for NPM...I could never get NPM to work which is embarrassing because compared to HAPROXY, it looks stupid simple.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.