[Support] IBRACORP - All images and files


Recommended Posts

hi guys, noob here Having issues trying to get my authelia and swag to work, followed ibracorps guide but it kinda lost me, swag works without authelia, autheia brings up a webui page but doesnt go anywhere. but when i put them together i get a 403 permissions nginx error. cant work out why. logs have {"level":"info","method":"GET","msg":"Access to https://radarr.my domain/ is forbidden to user XXX","path":"/api/verify","remote_ip":"XXXXXXXXXX","time":"2022-12-02T16:19:21+10:00"} 

 

any assistance? google says a permissions issue but im not entirely sure how or where. thanks

Link to comment

My authelia updated today and seems to have broke in the process. It wouldn't restart and seems to be stuck attempting to migrate to version 7 in the database:

 

time="2022-12-10T19:12:49+13:00" level=info msg="Authelia v4.37.3 is starting"
time="2022-12-10T19:12:49+13:00" level=info msg="Log severity set to info"
time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema is being checked for updates"
time="2022-12-10T19:12:51+13:00" level=info msg="Storage schema migration from 6 to 7 is being attempted"
time="2022-12-10T19:12:51+13:00" level=error msg="Failure running the storage provider startup check: error during schema migrate: error applying migration version 7 to version 6 for rollback: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted. rollback caused by: schema migration 7 (ConsistencyFixes) failed: Error 1728 (HY000): Cannot load from mysql.proc. The table is probably corrupted" stack="github.com/authelia/authelia/v4/internal/commands/root.go:281 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044                 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1594                                      goexit"
time="2022-12-10T19:13:01+13:00" level=fatal msg="The following providers had fatal failures during startup: storage" stack="github.com/authelia/authelia/v4/internal/commands/root.go:309 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:87  cmdRootRun\ngithub.com/spf13/[email protected]/command.go:920                  (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1044                 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:968                  (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10       main\nruntime/proc.go:250                                           main\nruntime/asm_amd64.s:1594                                      goexit"

** Press ANY KEY to close this window ** 

 

 

I've reinstalled redis, and reinstalled authelia and it's still occurring. There are no errors in redis, just this in Authelia. Any help or suggestions would be greatly appreciated.

Link to comment

I had this yesterday. The base table was destroyed, no more data in it. but in addition I realized that I could no longer create a base. So I did an update of all the command line databases with the console. from there I could again create a base. but authelia still couldn't write and create the tables. after 50 tries I downgraded authelia one version. it didn't work right away. but with 3 tries authelia was able to create the tables. I then put authelia back to the latest version. authelia launched and at the database migration stage everything went well. in all I spent 3 hours on it. I confess that I still don't understand how the problem was solved. i am with mariadb and authelia latest version and unraid too.

there is no problem with redis. it is played between MySQL and authelia

Envoyé de mon M2011K2G en utilisant Tapatalk



Link to comment

The upgrade worked for me as well. Thank you.

 

I've tried discord in the past but it's simply too distracting and discombobulated. If you don't catch whatever is said right when it's said, you can very easily miss it and never see it, as opposed to a forum like this one where you can easily scroll back and search.

 

Forums tend to stay on topic a lot better as well.

  • Like 1
Link to comment
  • 2 weeks later...

Hi, I am having an issue accessing my site through athelia and NPM. I get the following error as soon as i go to the link: msg="Access to https://warden.domain.com/ is forbidden to user "

 

I am not sure what could be causing this. I believe it has something to do with my acl on authelia:

 

access_control:

  default_policy: deny

  rules:

    ## bypass rule

    - domain:

        - "auth.domain.com"

        - "warden.domain.com"

      policy: bypass

      networks:

        - "192.168.1.0/24"

    ## catch-all

    - domain:

        - "*.domain.com"

      subject:

        - "group:requesters"

        - "group:admins"

      policy: one_factor

 

I am using the templates from ibracorp for my NPM configuration. I just changed the IPs and Domain to match mine. Any ideas what could be causing this?

Link to comment
  • 4 weeks later...

I am installing Authelia today and had one issue that required me to run mysql_upgrade -u root -p against my existing MariaDB to get past an error in the log.  I no longer see any log errors on start up but this is all I see in the Logs:

 

time="2023-01-16T12:42:52-05:00" level=info msg="Authelia v4.37.5 is starting"
time="2023-01-16T12:42:52-05:00" level=info msg="Log severity set to info"
time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is being checked for updates"
time="2023-01-16T12:42:52-05:00" level=info msg="Storage schema is already up to date"
time="2023-01-16T13:02:56-05:00" level=info msg="Initializing server for non-TLS connections on '[::]:9098' path '/'"

 

I did have to change the port I use from 9091 to 9098 as the 9091 port is alread in use on my network.  I do not see an IP prior to the :9098 like in the install video but I and not sure why???  I am also unable to log into the app.  Any help would be appreciated.  Thanks!

Edited by Shesakillatwo
Link to comment
  • 1 month later...
  • 4 weeks later...

Hi all,

 

I'm trying to set up authelia for securing my reverse proxies. Got it up and running but it seems to refuse any connection to the proxies. See the log under here and my current config. (Replaced the domain and IP with xx and removed the secrets for privacy reasons ;) )

 

Any help would be much appreciated because I'm completly new to authelia. Followed the guide on the Ibracorp site but here is where I stranded.. :')

 

LOG:

time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'"

time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx

 

 

 

###############################################################################
#                           Authelia Configuration                            #
###############################################################################

theme: dark
jwt_secret: ""
default_redirection_url: 

server:
  host: 0.0.0.0
  port: 9091
  path: "authelia"
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

log:
  level: info

totp:
  issuer: duckdns.org
  period: 30
  skew: 1

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8

access_control:
  default_policy: one_factor
  rules:
    ## bypass rule
    - domain: 
        - "xx.xx.org"
      policy: bypass
    ## catch-all
    - domain:
        - "*.xx.org"
      subject: 
        - "group:admins"
      policy: one_factor

session:
  name: authelia_session
  domain: xx.org
  same_site: lax
  secret: ""
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 2M
  redis:
    host: x.x.x.x
    port: 6379
    password: ""
    database_index: 0
    maximum_active_connections: 10
    minimum_idle_connections: 0

regulation:
  max_retries: 5
  find_time: 10m
  ban_time: 3h

storage:
  encryption_key: ""
  mysql:
    host: x.x.x.x
    port: 3306
    database: authelia1
    username: authelia1
    password: ""
  
notifier:
  disable_startup_check: true
  smtp:
    username: 
    password: ""
    host: smtp.office365.com
    port: 587
    sender: 
    identifier: localhost
    subject: "[Authelia] {title}"
    startup_check_address: [email protected]
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2

  • Like 1
Link to comment
  • 4 weeks later...

Hey All, 

Does anyone have much experience with Plex Trakt Sync? I followed IBRACORP's guide online, but I'm encountering an issue where the sync keeps timing out 

 ReadTimeout:                                                           
         HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30)         
Error: Error running sync command: HTTPSConnectionPool(host='[IP].plex.direct', port=32400): Read timed out. (read timeout=30)

I have tried modifying the config.yml to have 

 

plex:
  timeout: 300

 

but that doesn't seem to change anything. Any suggestions anyone has would be greatly appreciated!

Link to comment
  • 1 month later...

HI All,

 

I'm using SWAG and just went through the Authelia video. I compile the configuration.yml in Code server. Upon starting, I'm getting the following errors.

 

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: failed to load configuration from yaml file(/config/configuration.yml) source: yaml: line 37: did not find expected key"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: option 'jwt_secret' is required"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: access control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: session: option 'domain' is required"

time="2023-05-28T16:16:15-05:00" level=error msg="Configuration: storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided"

 

Here is the config file with relevant info hidden

 

theme: dark

jwt_secret: "16 character passcode"

default_redirection_url: https://mydomain.com/

server:

host: 0.0.0.0

port: 9091

read_buffer_size: 4096

write_buffer_size: 4096

path: "authelia"

log:

level: info

file_path: /config/logs/authelia.log

duo_api:

hostname: myapi.duosecurity.com

integration_key: myintegrationkey

secret_key: mysecret

authentication_backend:

disable_reset_password: false

file:

path: /config/users_database.yml

password:

algorithm: argon2id

iterations: 1

key_length: 32

salt_length: 16

memory: 512

parallelism: 8

access_control:

default_policy: deny

rules:

- domain:

- "sub1.mydomain.com"

- "sub2.mydomain.com"

- "sub3.mydomain.com"

- "sub4.mydomain.com"

- "sub5.mydomain.com"

policy: bypass

- domain:

- "sub6.mydomain.com"

- "sub7.mydomain.com"

resources:

-"^*/admin.*$"

- "sub8.mydomain.com"

resources:

-"^*/login.*$"

- "sub9.mydomain.com"

resources:

-"^*/identification.*$"

policy: two_factor

session:

name: authelia_session

secret: "16 character passcode"

expiration: 1h

inactivity: 5m

remember_me_duration: 1M

domain: mydomain.com

regulation:

max_retries: 4

find_time: 2m

ban_time: 60m

redis:

host: redis

port: 6379

password: "redis pass"

database_index: 0

maximum_active_connections: 10

minimum_idle_connections: 0

storage:

encryption_key: "64 character passcode no special characters"

mysql:

host: local ip

port: 3306

database: authelia

username: authelia

password: "authelia pass"

notifier:

disable_startup_check: false

smtp:

username: email

password: "password"

host: smtp.server.com

port: 587

sender: sender

subject: "[Authelia] {title}"

startup_check_address: [email protected]

disable_require_tls: false

tls:

skip_verify: false

minimum_version: TLS1.2

 

The yml formatting looks correct in code server. What can be the issue?

Link to comment

Hello,

I'm having a little bit issues with KIMAI2 & Traefik.

I've configured it as all other dockers (made DNS entry in Cloudlfare and added the label to the docker) - but when I try to access it from outside, i get 502.

Anyone had this problem with Kimai?

Link to comment
  • 2 months later...
On 3/28/2023 at 2:25 PM, mharmsen538 said:

 

 

LOG:

time="2023-03-28T15:14:38+02:00" level=info msg="Initializing server for non-TLS connections on '[::]:9091' path '/' and '/authelia'"

time="2023-03-28T15:14:45+02:00" level=info msg="Access to https://xx.xx.org/?rd=https%3A%2F%2Fxx.xx.org%2F%3Frd%3Dhttps%3A%2F%2Fxx.xx.org%2F (method GET) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=xxx.xxx.xxx.xx

 

 

I'm trying to set up my first Authelia end point and also get this error. Has anyone found a solution to this ? 

 

I'm effectively in a log in loop with a 401 error...

 

time="2023-08-05T20:03:17+01:00" level=debug msg="Successful 1FA authentication attempt made by user 'USER'" method=POST path=/api/firstfactor remote_ip=myIP

time="2023-08-05T20:03:17+01:00" level=debug msg="Required level for the URL https://mydomain/ is 1" method=POST path=/api/firstfactor remote_ip=myIP
time="2023-08-05T20:03:17+01:00" level=debug msg="Redirection URL https://mydomain/ is safe" method=POST path=/api/firstfactor remote_ip=myIP
time="2023-08-05T20:03:18+01:00" level=debug msg="Check authorization of subject username= groups= ip=IP and object https://mydomain/ (method )."
time="2023-08-05T20:03:18+01:00" level=info msg="Access to https://mydomain/ (method unknown) is not authorized to user <anonymous>, responding with status code 401" method=GET path=/api/verify remote_ip=IP

Link to comment
  • 2 weeks later...

hello, is it possible with authelia to protect a subfolder (xxx.ttt.de/bw/) with a one_factor and a subfolder below it (xxx.ttt.de/bw/admin) with a tow_factor?   

 

this config is not working :(

 

######################################################
    
    - domain:
        - "xxx.ttt.de"
      resources:
        - '^/bw/admin/.*$'
      subject:
        - 'user:abc'
      policy: two_factor
    
    ######################################################
    
    - domain:
        - "xxx.ttt.de"
      resources:
        - '^/bw/.*$'
      subject:
        - 'user:abc'

      policy: one_factor
    
    ######################################################

Edited by zacc
Link to comment
  • 5 months later...

I am having an issue with the CROWDSEC docker. No matter what I do I can not get into the WEBUI of the docker. I have another docker utilizing 8080 so i changed the port to 8082 and a few other variations and it to open. 

 

I currently have a few dockers reverse proxied to a cloudflare domain, and wanted to also install TRAEFIK should I install this before getting CROWDSEC up and working or does it even matter? I appreciate all the help!

Link to comment
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.