December 2, 20223 yr hi guys, noob here Having issues trying to get my authelia and swag to work, followed ibracorps guide but it kinda lost me, swag works without authelia, autheia brings up a webui page but doesnt go anywhere. but when i put them together i get a 403 permissions nginx error. cant work out why. logs have {"level":"info","method":"GET","msg":"Access to https://radarr.my domain/ is forbidden to user XXX","path":"/api/verify","remote_ip":"XXXXXXXXXX","time":"2022-12-02T16:19:21+10:00"} any assistance? google says a permissions issue but im not entirely sure how or where. thanks
December 10, 20223 yr My authelia updated today and seems to have broke in the process. It wouldn't restart and seems to be stuck attempting to migrate to version 7 in the database: time="2022-12-10T19:12:49+13:00" level=info msg="Authelia v4.37.3 is starting" time="2022-12-10T19:12:49+13:00" level=info msg="Log severity set to info" time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema is being checked for updates" time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema migration from 6 to 7 is being attempted" time="2022-12-10T19:12:51+13:00" level=error msg="Failure running the storage provider startup check: error during schema migrate: error applying migration version 7 to version 6 for rollback: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted. rollback caused by: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted" stack="github.com/authelia/authelia/v4/internal/commands/root.go:281 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87 cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920 (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968 (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10 main\nruntime/proc.go:250 main\nruntime/asm_amd64.s:1594 goexit" time="2022-12-10T19:13:01+13:00" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:309 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87 cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920 (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968 (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10 main\nruntime/proc.go:250 main\nruntime/asm_amd64.s:1594 goexit" ** Press ANY KEY to close this window ** I've reinstalled redis, and reinstalled authelia and it's still occurring. There are no errors in redis, just this in Authelia. Any help or suggestions would be greatly appreciated.
December 10, 20223 yr I had this yesterday. The base table was destroyed, no more data in it. but in addition I realized that I could no longer create a base. So I did an update of all the command line databases with the console. from there I could again create a base. but authelia still couldn't write and create the tables. after 50 tries I downgraded authelia one version. it didn't work right away. but with 3 tries authelia was able to create the tables. I then put authelia back to the latest version. authelia launched and at the database migration stage everything went well. in all I spent 3 hours on it. I confess that I still don't understand how the problem was solved. i am with mariadb and authelia latest version and unraid too. there is no problem with redis. it is played between MySQL and autheliaEnvoyé de mon M2011K2G en utilisant Tapatalk
December 10, 20223 yr Author The issue with Authelia is due to mysql not upgrading. See here: https://github.com/authelia/authelia/issues/4519#issuecomment-1343297516 solutions are often shared in our Discord, so highly recommend you check there too
December 11, 20223 yr The upgrade worked for me as well. Thank you. I've tried discord in the past but it's simply too distracting and discombobulated. If you don't catch whatever is said right when it's said, you can very easily miss it and never see it, as opposed to a forum like this one where you can easily scroll back and search. Forums tend to stay on topic a lot better as well.
December 11, 20223 yr Author Glad it worked! Definitely. I felt this was a big breaker so needed to be shared 🙂
December 21, 20223 yr Hi, I am having an issue accessing my site through athelia and NPM. I get the following error as soon as i go to the link: msg="Access to https://warden.domain.com/ is forbidden to user " I am not sure what could be causing this. I believe it has something to do with my acl on authelia: access_control: default_policy: deny rules: ## bypass rule - domain: - "auth.domain.com" - "warden.domain.com" policy: bypass networks: - "192.168.1.0/24" ## catch-all - domain: - "*.domain.com" subject: - "group:requesters" - "group:admins" policy: one_factor I am using the templates from ibracorp for my NPM configuration. I just changed the IPs and Domain to match mine. Any ideas what could be causing this?
January 16, 20233 yr I am installing Authelia today and had one issue that required me to run mysql_upgrade -u root -p against my existing MariaDB to get past an error in the log. I no longer see any log errors on start up but this is all I see in the Logs: time="2023-01-16T12:42:52-05:00" level=info msg="Authelia v4.37.5 is starting" time="2023-01-16T12:42:52-05:00" level=info msg="Log severity set to info" time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is being checked for updates" time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is already up to date" time="2023-01-16T13:02:56-05:00" level=info msg="Initializing server for non-TLS connections on '[::]:9098' path '/'" I did have to change the port I use from 9091 to 9098 as the 9091 port is alread in use on my network. I do not see an IP prior to the :9098 like in the install video but I and not sure why??? I am also unable to log into the app. Any help would be appreciated. Thanks! Edited January 16, 20233 yr by Shesakillatwo
March 2, 20233 yr What tool does @Sycotix use to organize the containers on their docker page? That looked super slick.
March 2, 20233 yr I have Authentik up and running, but it's telling me there is already a password set. How do I fix this?
March 28, 20233 yr Hi all, I'm trying to set up authelia for securing my reverse proxies. Got it up and running but it seems to refuse any connection to the proxies. See the log under here and my current config. (Replaced the domain and IP with xx and removed the secrets for privacy reasons ) Any help would be much appreciated because I'm completly new to authelia. Followed the guide on the Ibracorp site but here is where I stranded.. :') LOG: time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'" time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx ############################################################################### # Authelia Configuration # ############################################################################### theme: dark jwt_secret: "" default_redirection_url: server: host: 0.0.0.0 port: 9091 path: "authelia" read_buffer_size: 4096 write_buffer_size: 4096 enable_pprof: false enable_expvars: false disable_healthcheck: false tls: key: "" certificate: "" log: level: info totp: issuer: duckdns.org period: 30 skew: 1 authentication_backend: password_reset: disable: false refresh_interval: 5m file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 access_control: default_policy: one_factor rules: ## bypass rule - domain: - "xx.xx.org" policy: bypass ## catch-all - domain: - "*.xx.org" subject: - "group:admins" policy: one_factor session: name: authelia_session domain: xx.org same_site: lax secret: "" expiration: 1h inactivity: 5m remember_me_duration: 2M redis: host: x.x.x.x port: 6379 password: "" database_index: 0 maximum_active_connections: 10 minimum_idle_connections: 0 regulation: max_retries: 5 find_time: 10m ban_time: 3h storage: encryption_key: "" mysql: host: x.x.x.x port: 3306 database: authelia1 username: authelia1 password: "" notifier: disable_startup_check: true smtp: username: password: "" host: smtp.office365.com port: 587 sender: identifier: localhost subject: "[Authelia] {title}" startup_check_address: [email protected] disable_require_tls: false disable_html_emails: false tls: skip_verify: false minimum_version: TLS1.2
April 19, 20233 yr Hey All, Does anyone have much experience with Plex Trakt Sync? I followed IBRACORP's guide online, but I'm encountering an issue where the sync keeps timing out ReadTimeout: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30) Error: Error running sync command: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30) I have tried modifying the config.yml to have plex: timeout: 300 but that doesn't seem to change anything. Any suggestions anyone has would be greatly appreciated!
April 21, 20233 yr On 3/2/2023 at 7:59 AM, eagle470 said: What tool does @Sycotix use to organize the containers on their docker page? That looked super slick. It’s a plug-in called Docker Folder by GuildDarts. I know Sycotix did a video on it at some point but I can’t remember when
May 29, 20233 yr HI All, I'm using SWAG and just went through the Authelia video. I compile the configuration.yml in Code server. Upon starting, I'm getting the following errors. time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: failed to load configuration from yaml file(/config/configuration.yml) source: yaml: line 37: did not find expected key" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: option 'jwt_secret' is required" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: session: option 'domain' is required" time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided" Here is the config file with relevant info hidden theme: dark jwt_secret: "16 character passcode" default_redirection_url: https://mydomain.com/ server: host: 0.0.0.0 port: 9091 read_buffer_size: 4096 write_buffer_size: 4096 path: "authelia" log: level: info file_path: /config/logs/authelia.log duo_api: hostname: myapi.duosecurity.com integration_key: myintegrationkey secret_key: mysecret authentication_backend: disable_reset_password: false file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 512 parallelism: 8 access_control: default_policy: deny rules: - domain: - "sub1.mydomain.com" - "sub2.mydomain.com" - "sub3.mydomain.com" - "sub4.mydomain.com" - "sub5.mydomain.com" policy: bypass - domain: - "sub6.mydomain.com" - "sub7.mydomain.com" resources: -"^*/admin.*$" - "sub8.mydomain.com" resources: -"^*/login.*$" - "sub9.mydomain.com" resources: -"^*/identification.*$" policy: two_factor session: name: authelia_session secret: "16 character passcode" expiration: 1h inactivity: 5m remember_me_duration: 1M domain: mydomain.com regulation: max_retries: 4 find_time: 2m ban_time: 60m redis: host: redis port: 6379 password: "redis pass" database_index: 0 maximum_active_connections: 10 minimum_idle_connections: 0 storage: encryption_key: "64 character passcode no special characters" mysql: host: local ip port: 3306 database: authelia username: authelia password: "authelia pass" notifier: disable_startup_check: false smtp: username: email password: "password" host: smtp.server.com port: 587 sender: sender subject: "[Authelia] {title}" startup_check_address: [email protected] disable_require_tls: false tls: skip_verify: false minimum_version: TLS1.2 The yml formatting looks correct in code server. What can be the issue?
May 29, 20233 yr Hello, I'm having a little bit issues with KIMAI2 & Traefik. I've configured it as all other dockers (made DNS entry in Cloudlfare and added the label to the docker) - but when I try to access it from outside, i get 502. Anyone had this problem with Kimai?
May 31, 20233 yr Anyone had any luck getting Homepage to use a different port than 3000? I'm trying to get it to use 443 or 80 on a different IP.
August 5, 20232 yr On 3/28/2023 at 2:25 PM, mharmsen538 said: LOG: time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'" time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx I'm trying to set up my first Authelia end point and also get this error. Has anyone found a solution to this ? I'm effectively in a log in loop with a 401 error... time="2023-08-05T20:03:17+01:00" level=debug msg="Successful 1FA authentication attempt made by user 'USER'" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:17+01:00" level=debug msg="Required level for the URL https://mydomain/ is 1" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:17+01:00" level=debug msg="Redirection URL https://mydomain/ is safe" method=POST path=/api/firstfactor remote_ip=myIP time="2023-08-05T20:03:18+01:00" level=debug msg="Check authorization of subject username= groups= ip=IP and object https://mydomain/ (method )." time="2023-08-05T20:03:18+01:00" level=info msg="Access to https://mydomain/ (method unknown) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=IP
August 19, 20232 yr hello, is it possible with authelia to protect a subfolder (xxx.ttt.de/bw/) with a one_factor and a subfolder below it (xxx.ttt.de/bw/admin) with a tow_factor? this config is not working ###################################################### - domain: - "xxx.ttt.de" resources: - '^/bw/admin/.*$' subject: - 'user:abc' policy: two_factor ###################################################### - domain: - "xxx.ttt.de" resources: - '^/bw/.*$' subject: - 'user:abc' policy: one_factor ###################################################### Edited August 20, 20232 yr by zacc
February 8, 20242 yr I am having an issue with the CROWDSEC docker. No matter what I do I can not get into the WEBUI of the docker. I have another docker utilizing 8080 so i changed the port to 8082 and a few other variations and it to open. I currently have a few dockers reverse proxied to a cloudflare domain, and wanted to also install TRAEFIK should I install this before getting CROWDSEC up and working or does it even matter? I appreciate all the help!
October 10, 20241 yr Hi, im using Unmanic to save some space in my media library. I noticed that several files (movies and tv shows) are not playable anymore in Plex or Emby after converting. Sound is there but the screen stays black. The size of the movie is quite low (normal 1,5h movie did unman shrink to 400mb). Do I have wrong settings somewhere?
November 5, 20241 yr Hi, I am planning to switch to traefik. However, currently I have multiple domain and i don't have any idea how to set those up & what i need to change in the template. Hope you can point me up on this matter. I am still new to traefik.
January 26, 20251 yr Hi, In Authentik, I accidentally deleted all the user groups. So my user account doesn't have access to any of the Admin stuff. I saw you can fix this issue here .. https://docs.goauthentik.io/docs/troubleshooting/missing_admin_group However i don't know how to run this command 'docker compose run --rm server create_admin_group username' in unraid. I tried it in the Authentik console and the unraid console however they both came up with errors. Does anyone know how i can fix this or am i going to have to reinstall everything again? Thanks.
January 26, 20251 yr 1 hour ago, cheww said: Hi, In Authentik, I accidentally deleted all the user groups. So my user account doesn't have access to any of the Admin stuff. I saw you can fix this issue here .. https://docs.goauthentik.io/docs/troubleshooting/missing_admin_group However i don't know how to run this command 'docker compose run --rm server create_admin_group username' in unraid. I tried it in the Authentik console and the unraid console however they both came up with errors. Does anyone know how i can fix this or am i going to have to reinstall everything again? Thanks. Remember to replace username with the username for the user you want to create. Also this command is ment for docker compose, if you are not using docker compose this will not work. Lastly, the docker compose command should be run in Urnaids console not Authentiks.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.