bushbasha Posted December 2, 2022 Share Posted December 2, 2022 hi guys, noob here Having issues trying to get my authelia and swag to work, followed ibracorps guide but it kinda lost me, swag works without authelia, autheia brings up a webui page but doesnt go anywhere. but when i put them together i get a 403 permissions nginx error. cant work out why. logs have {"level":"info","method":"GET","msg":"Access to https://radarr.my domain/ is forbidden to user XXX","path":"/api/verify","remote_ip":"XXXXXXXXXX","time":"2022-12-02T16:19:21+10:00"} any assistance? google says a permissions issue but im not entirely sure how or where. thanks Quote Link to comment
Taubin Posted December 10, 2022 Share Posted December 10, 2022 My authelia updated today and seems to have broke in the process. It wouldn't restart and seems to be stuck attempting to migrate to version 7 in the database: time="2022-12-10T19:12:49+13:00" level=info msg="Authelia v4.37.3 is starting" time="2022-12-10T19:12:49+13:00" level=info msg="Log severity set to info" time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema is being checked for updates" time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema migration from 6 to 7 is being attempted" time="2022-12-10T19:12:51+13:00" level=error msg="Failure running the storage provider startup check: error during schema migrate: error applying migration version 7 to version 6 for rollback: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted. rollback caused by: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted" stack="github.com/authelia/authelia/v4/internal/commands/root.go:281 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87 cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920 (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968 (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10 main\nruntime/proc.go:250 main\nruntime/asm_amd64.s:1594 goexit" time="2022-12-10T19:13:01+13:00" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:309 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87 cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920 (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968 (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10 main\nruntime/proc.go:250 main\nruntime/asm_amd64.s:1594 goexit" ** Press ANY KEY to close this window ** I've reinstalled redis, and reinstalled authelia and it's still occurring. There are no errors in redis, just this in Authelia. Any help or suggestions would be greatly appreciated. Quote Link to comment
Domodial Posted December 10, 2022 Share Posted December 10, 2022 I had this yesterday. The base table was destroyed, no more data in it. but in addition I realized that I could no longer create a base. So I did an update of all the command line databases with the console. from there I could again create a base. but authelia still couldn't write and create the tables. after 50 tries I downgraded authelia one version. it didn't work right away. but with 3 tries authelia was able to create the tables. I then put authelia back to the latest version. authelia launched and at the database migration stage everything went well. in all I spent 3 hours on it. I confess that I still don't understand how the problem was solved. i am with mariadb and authelia latest version and unraid too. there is no problem with redis. it is played between MySQL and autheliaEnvoyé de mon M2011K2G en utilisant Tapatalk Quote Link to comment
Sycotix Posted December 10, 2022 Author Share Posted December 10, 2022 The issue with Authelia is due to mysql not upgrading. See here: https://github.com/authelia/authelia/issues/4519#issuecomment-1343297516 solutions are often shared in our Discord, so highly recommend you check there too Quote Link to comment
Casadream_1 Posted December 10, 2022 Share Posted December 10, 2022 MySQL upgrade fixe it for me 1 Quote Link to comment
Taubin Posted December 11, 2022 Share Posted December 11, 2022 The upgrade worked for me as well. Thank you. I've tried discord in the past but it's simply too distracting and discombobulated. If you don't catch whatever is said right when it's said, you can very easily miss it and never see it, as opposed to a forum like this one where you can easily scroll back and search. Forums tend to stay on topic a lot better as well. 1 Quote Link to comment
Sycotix Posted December 11, 2022 Author Share Posted December 11, 2022 Glad it worked! Definitely. I felt this was a big breaker so needed to be shared 🙂 Quote Link to comment
maR1o Posted December 21, 2022 Share Posted December 21, 2022 Hi, I am having an issue accessing my site through athelia and NPM. I get the following error as soon as i go to the link: msg="Access to https://warden.domain.com/ is forbidden to user " I am not sure what could be causing this. I believe it has something to do with my acl on authelia: access_control: default_policy: deny rules: ## bypass rule - domain: - "auth.domain.com" - "warden.domain.com" policy: bypass networks: - "192.168.1.0/24" ## catch-all - domain: - "*.domain.com" subject: - "group:requesters" - "group:admins" policy: one_factor I am using the templates from ibracorp for my NPM configuration. I just changed the IPs and Domain to match mine. Any ideas what could be causing this? Quote Link to comment
Shesakillatwo Posted January 16, 2023 Share Posted January 16, 2023 (edited) I am installing Authelia today and had one issue that required me to run mysql_upgrade -u root -p against my existing MariaDB to get past an error in the log. I no longer see any log errors on start up but this is all I see in the Logs: time="2023-01-16T12:42:52-05:00" level=info msg="Authelia v4.37.5 is starting" time="2023-01-16T12:42:52-05:00" level=info msg="Log severity set to info" time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is being checked for updates" time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is already up to date" time="2023-01-16T13:02:56-05:00" level=info msg="Initializing server for non-TLS connections on '[::]:9098' path '/'" I did have to change the port I use from 9091 to 9098 as the 9091 port is alread in use on my network. I do not see an IP prior to the :9098 like in the install video but I and not sure why??? I am also unable to log into the app. Any help would be appreciated. Thanks! Edited January 16, 2023 by Shesakillatwo Quote Link to comment
eagle470 Posted March 2, 2023 Share Posted March 2, 2023 What tool does @Sycotix use to organize the containers on their docker page? That looked super slick. Quote Link to comment
eagle470 Posted March 2, 2023 Share Posted March 2, 2023 I have Authentik up and running, but it's telling me there is already a password set. How do I fix this? Quote Link to comment
mharmsen538 Posted March 28, 2023 Share Posted March 28, 2023 Hi all, I'm trying to set up authelia for securing my reverse proxies. Got it up and running but it seems to refuse any connection to the proxies. See the log under here and my current config. (Replaced the domain and IP with xx and removed the secrets for privacy reasons ) Any help would be much appreciated because I'm completly new to authelia. Followed the guide on the Ibracorp site but here is where I stranded.. :') LOG: time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'" time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx ############################################################################### # Authelia Configuration # ############################################################################### theme: dark jwt_secret: "" default_redirection_url: server: host: 0.0.0.0 port: 9091 path: "authelia" read_buffer_size: 4096 write_buffer_size: 4096 enable_pprof: false enable_expvars: false disable_healthcheck: false tls: key: "" certificate: "" log: level: info totp: issuer: duckdns.org period: 30 skew: 1 authentication_backend: password_reset: disable: false refresh_interval: 5m file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 access_control: default_policy: one_factor rules: ## bypass rule - domain: - "xx.xx.org" policy: bypass ## catch-all - domain: - "*.xx.org" subject: - "group:admins" policy: one_factor session: name: authelia_session domain: xx.org same_site: lax secret: "" expiration: 1h inactivity: 5m remember_me_duration: 2M redis: host: x.x.x.x port: 6379 password: "" database_index: 0 maximum_active_connections: 10 minimum_idle_connections: 0 regulation: max_retries: 5 find_time: 10m ban_time: 3h storage: encryption_key: "" mysql: host: x.x.x.x port: 3306 database: authelia1 username: authelia1 password: "" notifier: disable_startup_check: true smtp: username: password: "" host: smtp.office365.com port: 587 sender: identifier: localhost subject: "[Authelia] {title}" startup_check_address: [email protected] disable_require_tls: false disable_html_emails: false tls: skip_verify: false minimum_version: TLS1.2 1 Quote Link to comment
earthyinsightpuppy Posted April 19, 2023 Share Posted April 19, 2023 Hey All, Does anyone have much experience with Plex Trakt Sync? I followed IBRACORP's guide online, but I'm encountering an issue where the sync keeps timing out ReadTimeout: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30) Error: Error running sync command: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30) I have tried modifying the config.yml to have plex: timeout: 300 but that doesn't seem to change anything. Any suggestions anyone has would be greatly appreciated! Quote Link to comment
earthyinsightpuppy Posted April 21, 2023 Share Posted April 21, 2023 On 3/2/2023 at 7:59 AM, eagle470 said: What tool does @Sycotix use to organize the containers on their docker page? That looked super slick. It’s a plug-in called Docker Folder by GuildDarts. I know Sycotix did a video on it at some point but I can’t remember when 1 Quote Link to comment
Mlatx Posted May 29, 2023 Share Posted May 29, 2023 HI All, I'm using SWAG and just went through the Authelia video. I compile the configuration.yml in Code server. Upon starting, I'm getting the following errors. time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: failed to load configuration from yaml file(/config/configuration.yml) source: yaml: line 37: did not find expected key" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: option 'jwt_secret' is required" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: session: option 'domain' is required" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided" Here is the config file with relevant info hidden theme: dark jwt_secret: "16 character passcode" default_redirection_url: https://mydomain.com/ server: host: 0.0.0.0 port: 9091 read_buffer_size: 4096 write_buffer_size: 4096 path: "authelia" log: level: info file_path: /config/logs/authelia.log duo_api: hostname: myapi.duosecurity.com integration_key: myintegrationkey secret_key: mysecret authentication_backend: disable_reset_password: false file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 512 parallelism: 8 access_control: default_policy: deny rules: - domain: - "sub1.mydomain.com" - "sub2.mydomain.com" - "sub3.mydomain.com" - "sub4.mydomain.com" - "sub5.mydomain.com" policy: bypass - domain: - "sub6.mydomain.com" - "sub7.mydomain.com" resources: -"^*/admin.*$" - "sub8.mydomain.com" resources: -"^*/login.*$" - "sub9.mydomain.com" resources: -"^*/identification.*$" policy: two_factor session: name: authelia_session secret: "16 character passcode" expiration: 1h inactivity: 5m remember_me_duration: 1M domain: mydomain.com regulation: max_retries: 4 find_time: 2m ban_time: 60m redis: host: redis port: 6379 password: "redis pass" database_index: 0 maximum_active_connections: 10 minimum_idle_connections: 0 storage: encryption_key: "64 character passcode no special characters" mysql: host: local ip port: 3306 database: authelia username: authelia password: "authelia pass" notifier: disable_startup_check: false smtp: username: email password: "password" host: smtp.server.com port: 587 sender: sender subject: "[Authelia] {title}" startup_check_address: [email protected] disable_require_tls: false tls: skip_verify: false minimum_version: TLS1.2 The yml formatting looks correct in code server. What can be the issue? Quote Link to comment
TDA Posted May 29, 2023 Share Posted May 29, 2023 Hello, I'm having a little bit issues with KIMAI2 & Traefik. I've configured it as all other dockers (made DNS entry in Cloudlfare and added the label to the docker) - but when I try to access it from outside, i get 502. Anyone had this problem with Kimai? Quote Link to comment
Arbadacarba Posted May 31, 2023 Share Posted May 31, 2023 Anyone had any luck getting Homepage to use a different port than 3000? I'm trying to get it to use 443 or 80 on a different IP. Quote Link to comment
SRTG Posted August 5, 2023 Share Posted August 5, 2023 On 3/28/2023 at 2:25 PM, mharmsen538 said: LOG: time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'" time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx I'm trying to set up my first Authelia end point and also get this error. Has anyone found a solution to this ? I'm effectively in a log in loop with a 401 error... time="2023-08-05T20:03:17+01:00" level=debug msg="Successful 1FA authentication attempt made by user 'USER'" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:17+01:00" level=debug msg="Required level for the URL https://mydomain/ is 1" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:17+01:00" level=debug msg="Redirection URL https://mydomain/ is safe" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:18+01:00" level=debug msg="Check authorization of subject username= groups= ip=IP and object https://mydomain/ (method )." time="2023-08-05T20:03:18+01:00" level=info msg="Access to https://mydomain/ (method unknown) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=IP Quote Link to comment
zacc Posted August 19, 2023 Share Posted August 19, 2023 (edited) hello, is it possible with authelia to protect a subfolder (xxx.ttt.de/bw/) with a one_factor and a subfolder below it (xxx.ttt.de/bw/admin) with a tow_factor? this config is not working ###################################################### - domain: - "xxx.ttt.de" resources: - '^/bw/admin/.*$' subject: - 'user:abc' policy: two_factor ###################################################### - domain: - "xxx.ttt.de" resources: - '^/bw/.*$' subject: - 'user:abc' policy: one_factor ###################################################### Edited August 20, 2023 by zacc Quote Link to comment
T_Matz Posted February 8 Share Posted February 8 I am having an issue with the CROWDSEC docker. No matter what I do I can not get into the WEBUI of the docker. I have another docker utilizing 8080 so i changed the port to 8082 and a few other variations and it to open. I currently have a few dockers reverse proxied to a cloudflare domain, and wanted to also install TRAEFIK should I install this before getting CROWDSEC up and working or does it even matter? I appreciate all the help! Quote Link to comment
nekromantik Posted February 24 Share Posted February 24 is the unraid authelia docs up to date compared with the container in CA apps? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.