Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] IBRACORP - All images and files

Featured Replies

hi guys, noob here Having issues trying to get my authelia and swag to work, followed ibracorps guide but it kinda lost me, swag works without authelia, autheia brings up a webui page but doesnt go anywhere. but when i put them together i get a 403 permissions nginx error. cant work out why. logs have {"level":"info","method":"GET","msg":"Access to https://radarr.my domain/ is forbidden to user XXX","path":"/api/verify","remote_ip":"XXXXXXXXXX","time":"2022-12-02T16:19:21+10:00"} 

 

any assistance? google says a permissions issue but im not entirely sure how or where. thanks

  • Replies 308
  • Views 118.7k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Thanks, Sycotix, for setting up this template and providing your writeup. This was super helpful to get me up and running behind the LSIO Letsencrypt container.   Just FYI, the section where

  • Thanks for the feedback and picking that up @kaiguy. You're very welcome. Wanted to help out whatever way I could.    I have amended the doco with the semicolon. I will also add the block/in

  • Looks like I'm having the exact same issue with Radarr that some other folks were having, but I don't see a resolution for it in this thread.   I have reverse proxies set up for Sonarr and R

Posted Images

My authelia updated today and seems to have broke in the process. It wouldn't restart and seems to be stuck attempting to migrate to version 7 in the database:

 

time="2022-12-10T19:12:49+13:00" level=info msg="Authelia v4.37.3 is starting"
time="2022-12-10T19:12:49+13:00" level=info msg="Log severity set to info"
time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema is being checked for updates"
time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema migration from 6 to 7 is being attempted"
time="2022-12-10T19:12:51+13:00" level=error msg="Failure running the storage provider startup check: error during schema migrate: error applying migration version 7 to version 6 for rollback: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted. rollback caused by: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted" stack="github.com/authelia/authelia/v4/internal/commands/root.go:281 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044                 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1594                                      goexit"
time="2022-12-10T19:13:01+13:00" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:309 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044                 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1594                                      goexit"

** Press ANY KEY to close this window ** 

 

 

I've reinstalled redis, and reinstalled authelia and it's still occurring. There are no errors in redis, just this in Authelia. Any help or suggestions would be greatly appreciated.

I had this yesterday. The base table was destroyed, no more data in it. but in addition I realized that I could no longer create a base. So I did an update of all the command line databases with the console. from there I could again create a base. but authelia still couldn't write and create the tables. after 50 tries I downgraded authelia one version. it didn't work right away. but with 3 tries authelia was able to create the tables. I then put authelia back to the latest version. authelia launched and at the database migration stage everything went well. in all I spent 3 hours on it. I confess that I still don't understand how the problem was solved. i am with mariadb and authelia latest version and unraid too.

there is no problem with redis. it is played between MySQL and authelia

Envoyé de mon M2011K2G en utilisant Tapatalk



MySQL upgrade fixe it for me

The upgrade worked for me as well. Thank you.

 

I've tried discord in the past but it's simply too distracting and discombobulated. If you don't catch whatever is said right when it's said, you can very easily miss it and never see it, as opposed to a forum like this one where you can easily scroll back and search.

 

Forums tend to stay on topic a lot better as well.

  • Author

Glad it worked!

Definitely. I felt this was a big breaker so needed to be shared 🙂

  • 2 weeks later...

Hi, I am having an issue accessing my site through athelia and NPM. I get the following error as soon as i go to the link: msg="Access to https://warden.domain.com/ is forbidden to user "

 

I am not sure what could be causing this. I believe it has something to do with my acl on authelia:

 

access_control:

  default_policy: deny

  rules:

    ## bypass rule

    - domain:

        - "auth.domain.com"

        - "warden.domain.com"

      policy: bypass

      networks:

        - "192.168.1.0/24"

    ## catch-all

    - domain:

        - "*.domain.com"

      subject:

        - "group:requesters"

        - "group:admins"

      policy: one_factor

 

I am using the templates from ibracorp for my NPM configuration. I just changed the IPs and Domain to match mine. Any ideas what could be causing this?

  • 4 weeks later...

I am installing Authelia today and had one issue that required me to run mysql_upgrade -u root -p against my existing MariaDB to get past an error in the log.  I no longer see any log errors on start up but this is all I see in the Logs:

 

time="2023-01-16T12:42:52-05:00" level=info msg="Authelia v4.37.5 is starting"
time="2023-01-16T12:42:52-05:00" level=info msg="Log severity set to info"
time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is being checked for updates"
time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is already up to date"
time="2023-01-16T13:02:56-05:00" level=info msg="Initializing server for non-TLS connections on '[::]:9098' path '/'"

 

I did have to change the port I use from 9091 to 9098 as the 9091 port is alread in use on my network.  I do not see an IP prior to the :9098 like in the install video but I and not sure why???  I am also unable to log into the app.  Any help would be appreciated.  Thanks!

Edited by Shesakillatwo

  • 1 month later...

What tool does @Sycotix use to organize the containers on their docker page? That looked super slick.

I have Authentik up and running, but it's telling me there is already a password set. How do I fix this?

  • 4 weeks later...

Hi all,

 

I'm trying to set up authelia for securing my reverse proxies. Got it up and running but it seems to refuse any connection to the proxies. See the log under here and my current config. (Replaced the domain and IP with xx and removed the secrets for privacy reasons ;) )

 

Any help would be much appreciated because I'm completly new to authelia. Followed the guide on the Ibracorp site but here is where I stranded.. :')

 

LOG:

time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'"

time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx

 

 

 

###############################################################################
#                           Authelia Configuration                            #
###############################################################################

theme: dark
jwt_secret: ""
default_redirection_url: 

server:
  host: 0.0.0.0
  port: 9091
  path: "authelia"
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

log:
  level: info

totp:
  issuer: duckdns.org
  period: 30
  skew: 1

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8

access_control:
  default_policy: one_factor
  rules:
    ## bypass rule
    - domain: 
        - "xx.xx.org"
      policy: bypass
    ## catch-all
    - domain:
        - "*.xx.org"
      subject: 
        - "group:admins"
      policy: one_factor

session:
  name: authelia_session
  domain: xx.org
  same_site: lax
  secret: ""
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 2M
  redis:
    host: x.x.x.x
    port: 6379
    password: ""
    database_index: 0
    maximum_active_connections: 10
    minimum_idle_connections: 0

regulation:
  max_retries: 5
  find_time: 10m
  ban_time: 3h

storage:
  encryption_key: ""
  mysql:
    host: x.x.x.x
    port: 3306
    database: authelia1
    username: authelia1
    password: ""
  
notifier:
  disable_startup_check: true
  smtp:
    username: 
    password: ""
    host: smtp.office365.com
    port: 587
    sender: 
    identifier: localhost
    subject: "[Authelia] {title}"
    startup_check_address: [email protected]
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2

  • 4 weeks later...

Hey All, 

Does anyone have much experience with Plex Trakt Sync? I followed IBRACORP's guide online, but I'm encountering an issue where the sync keeps timing out 

 ReadTimeout:                                                           
         HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30)         
Error: Error running sync command: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30)

I have tried modifying the config.yml to have 

 

plex:
  timeout: 300

 

but that doesn't seem to change anything. Any suggestions anyone has would be greatly appreciated!

On 3/2/2023 at 7:59 AM, eagle470 said:

What tool does @Sycotix use to organize the containers on their docker page? That looked super slick.

It’s a plug-in called Docker Folder by GuildDarts. I know Sycotix did a video on it at some point but I can’t remember when

  • 1 month later...

HI All,

 

I'm using SWAG and just went through the Authelia video. I compile the configuration.yml in Code server. Upon starting, I'm getting the following errors.

 

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: failed to load configuration from yaml file(/config/configuration.yml) source: yaml: line 37: did not find expected key"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: option 'jwt_secret' is required"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: session: option 'domain' is required"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided"

 

Here is the config file with relevant info hidden

 

theme: dark

jwt_secret: "16 character passcode"

default_redirection_url: https://mydomain.com/

server:

host: 0.0.0.0

port: 9091

read_buffer_size: 4096

write_buffer_size: 4096

path: "authelia"

log:

level: info

file_path: /config/logs/authelia.log

duo_api:

hostname: myapi.duosecurity.com

integration_key: myintegrationkey

secret_key: mysecret

authentication_backend:

disable_reset_password: false

file:

path: /config/users_database.yml

password:

algorithm: argon2id

iterations: 1

key_length: 32

salt_length: 16

memory: 512

parallelism: 8

access_control:

default_policy: deny

rules:

- domain:

- "sub1.mydomain.com"

- "sub2.mydomain.com"

- "sub3.mydomain.com"

- "sub4.mydomain.com"

- "sub5.mydomain.com"

policy: bypass

- domain:

- "sub6.mydomain.com"

- "sub7.mydomain.com"

resources:

-"^*/admin.*$"

- "sub8.mydomain.com"

resources:

-"^*/login.*$"

- "sub9.mydomain.com"

resources:

-"^*/identification.*$"

policy: two_factor

session:

name: authelia_session

secret: "16 character passcode"

expiration: 1h

inactivity: 5m

remember_me_duration: 1M

domain: mydomain.com

regulation:

max_retries: 4

find_time: 2m

ban_time: 60m

redis:

host: redis

port: 6379

password: "redis pass"

database_index: 0

maximum_active_connections: 10

minimum_idle_connections: 0

storage:

encryption_key: "64 character passcode no special characters"

mysql:

host: local ip

port: 3306

database: authelia

username: authelia

password: "authelia pass"

notifier:

disable_startup_check: false

smtp:

username: email

password: "password"

host: smtp.server.com

port: 587

sender: sender

subject: "[Authelia] {title}"

startup_check_address: [email protected]

disable_require_tls: false

tls:

skip_verify: false

minimum_version: TLS1.2

 

The yml formatting looks correct in code server. What can be the issue?

Hello,

I'm having a little bit issues with KIMAI2 & Traefik.

I've configured it as all other dockers (made DNS entry in Cloudlfare and added the label to the docker) - but when I try to access it from outside, i get 502.

Anyone had this problem with Kimai?

Anyone had any luck getting Homepage to use a different port than 3000?

 

I'm trying to get it to use 443 or 80 on a different IP.

  • 2 months later...
On 3/28/2023 at 2:25 PM, mharmsen538 said:

 

 

LOG:

time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'"

time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx

 

 

I'm trying to set up my first Authelia end point and also get this error. Has anyone found a solution to this ? 

 

I'm effectively in a log in loop with a 401 error...

 

time="2023-08-05T20:03:17+01:00" level=debug msg="Successful 1FA authentication attempt made by user 'USER'" method=POST path=/api/firstfactor remote_ip=myIP

time="2023-08-05T20:03:17+01:00" level=debug msg="Required level for the URL https://mydomain/ is 1" method=POST path=/api/firstfactor remote_ip=myIP
time="2023-08-05T20:03:17+01:00" level=debug msg="Redirection URL https://mydomain/ is safe" method=POST path=/api/firstfactor remote_ip=myIP
time="2023-08-05T20:03:18+01:00" level=debug msg="Check authorization of subject username= groups= ip=IP and object https://mydomain/ (method )."
time="2023-08-05T20:03:18+01:00" level=info msg="Access to https://mydomain/ (method unknown) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=IP

  • 2 weeks later...

hello, is it possible with authelia to protect a subfolder (xxx.ttt.de/bw/) with a one_factor and a subfolder below it (xxx.ttt.de/bw/admin) with a tow_factor?   

 

this config is not working :(

 

######################################################
    
    - domain:
        - "xxx.ttt.de"
      resources:
        - '^/bw/admin/.*$'
      subject:
        - 'user:abc'
      policy: two_factor
    
    ######################################################
    
    - domain:
        - "xxx.ttt.de"
      resources:
        - '^/bw/.*$'
      subject:
        - 'user:abc'

      policy: one_factor
    
    ######################################################

Edited by zacc

  • 5 months later...

I am having an issue with the CROWDSEC docker. No matter what I do I can not get into the WEBUI of the docker. I have another docker utilizing 8080 so i changed the port to 8082 and a few other variations and it to open. 

 

I currently have a few dockers reverse proxied to a cloudflare domain, and wanted to also install TRAEFIK should I install this before getting CROWDSEC up and working or does it even matter? I appreciate all the help!

  • 3 weeks later...

is the unraid authelia docs up to date compared with the container in CA apps?

 

  • 7 months later...

Hi, im using Unmanic to save some space in my media library. I noticed that several files (movies and tv shows) are not playable anymore in Plex or Emby after converting. Sound is there but the screen stays black. The size of the movie is quite low (normal 1,5h movie did unman shrink to 400mb). Do I have wrong settings somewhere? 

  • 4 weeks later...

Hi, I am planning to switch to traefik. However, currently I have multiple domain and i don't have any idea how to set those up & what i need to change in the template. Hope you can point me up on this matter. I am still new to traefik.

  • 2 months later...

Hi,

 

In Authentik, I accidentally deleted all the user groups. So my user account doesn't have access to any of the Admin stuff.

 

I saw you can fix this issue here .. https://docs.goauthentik.io/docs/troubleshooting/missing_admin_group

 

However i don't know how to run this command 'docker compose run --rm server create_admin_group username' in unraid. I tried it in the Authentik console and the unraid console however they both came up with errors. 

 

Does anyone know how i can fix this or am i going to have to reinstall everything again?

 

Thanks.

 

1 hour ago, cheww said:

Hi,

 

In Authentik, I accidentally deleted all the user groups. So my user account doesn't have access to any of the Admin stuff.

 

I saw you can fix this issue here .. https://docs.goauthentik.io/docs/troubleshooting/missing_admin_group

 

However i don't know how to run this command 'docker compose run --rm server create_admin_group username' in unraid. I tried it in the Authentik console and the unraid console however they both came up with errors. 

 

Does anyone know how i can fix this or am i going to have to reinstall everything again?

 

Thanks.

 

Remember to replace username with the username for the user you want to create.

 

Also this command is ment for docker compose, if you are not using docker compose this will not work.

 

Lastly, the docker compose command should be run in Urnaids console not Authentiks.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.