akshunj Posted April 21, 2021 Posted April 21, 2021 On 3/25/2021 at 12:29 PM, akshunj said: Looks like Ghost 4 is out. Any plans to upgrade the container? It appears to be a major upgrade that requires a migration to the new version... Thanks for a great container! Latest update to Ghost pushes to v.4. It will break the container. Please see this thread for how to correct. You will need to remove the "migrations" and "migrations_lock" tables from your mariadb database. More here: https://forum.ghost.org/t/db-error-after-upgrading-to-v4/20921/6 And if you're not database saavy (like me), check this out for some step by step: https://www.tutorialspoint.com/mariadb/mariadb_drop_tables.htm Quote
Cliff Posted April 23, 2021 Posted April 23, 2021 (edited) I tried setting up FreeIpa but am having some problems getting it to work with authelia. I followed the youtube guide and it looks like everything is installed ok. I have changed my authelia configuration as mentioned in the guide and I can log in to the freeipa webui. The only thing that I have done is created a new user. But I always get "Invalid Credentials" after tying to log in using authelia. this is the error message: Quote time="2021-04-23T06:50:19+02:00" level=debug msg="Mark authentication attempt made by user admin" method=POST path=/api/firstfactor remote_ip=<my_public_ip> time="2021-04-23T06:50:19+02:00" level=error msg="Error while checking password for user admin: LDAP Result Code 49 \"Invalid Credentials\": " method=POST path=/api/firstfactor remote_ip=83.209.13.231 stack="github.com/authelia/authelia/internal/middlewares/authelia_context.go:64 (*AutheliaCtx).Error\ngithub.com/authelia/authelia/internal/handlers/response.go:112 handleAuthenticationUnauthorized\ngithub.com/authelia/authelia/internal/handlers/handler_firstfactor.go:103 FirstFactorPost.func1\ngithub.com/authelia/authelia/internal/middlewares/authelia_context.go:49 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2207 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1371 goexit" I also have another problem, when creating a new user and setting a password the password expires directly which is by desig after reading the FreeIPA doc. The user is supposed to reset the password on the first login and set a new password. But for some reason I also get Invalid credentials when trying to send the reset mail from authelia. Quote time="2021-04-23T06:36:26+02:00" level=error msg="LDAP Result Code 49 \"Invalid Credentials\": " method=POST path=/api/reset-password/identity/start remote_ip=<my_public_ip> stack="github.com/authelia/authelia/internal/middlewares/identity_verification.go:25 IdentityVerificationStart.func1\ngithub.com/authelia/authelia/internal/middlewares/authelia_context.go:49 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2207 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1371 goexit" Is this part correct "admin" method=POST path=/api/firstfactor remote_ip=<my_public_ip>" ? Should the post be sent from my external/public ip ? And could it be the cause of the problems ? Edited April 23, 2021 by Cliff Quote
ezzys Posted April 26, 2021 Posted April 26, 2021 I had Authelia set up and running with LDAP (FreeIPA). However after having my server down for last few weeks due to a house move it wont start. I get the error: level=error msg="invalid configuration key 'authentication_backend.ldap.skip_verify' was replaced by 'authentication_backend.ldap.tls.skip_verify'" Any suggestions on how to resolve this? Quote
zognic Posted April 27, 2021 Posted April 27, 2021 I got an error too , little bit different level=error msg="invalid configuration key 'notifier.smtp.disable_verify_cert' was replaced by 'notifier.smtp.tls.skip_verify'" Quote
Sycotix Posted April 27, 2021 Author Posted April 27, 2021 7 hours ago, zognic said: I got an error too , little bit different level=error msg="invalid configuration key 'notifier.smtp.disable_verify_cert' was replaced by 'notifier.smtp.tls.skip_verify'" You need to use latest configuration.yml on my Git or the official Git. Mine has FreeIPA LDAP otherwise either will work. Quote
zognic Posted April 28, 2021 Posted April 28, 2021 Thanks , I need to deep dive inside your configuration (& check your youtube video), coz it's completely different than mine Quote
mmwilson0 Posted May 5, 2021 Posted May 5, 2021 (edited) Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread. Quote time="2021-05-04T19:57:11-07:00" level=error msg="Error malformed yaml: line 216: did not find expected key" the file stanza starts on line 217 ##Line 216 file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 and the obfuscated users_database.yml file cat users_database.yml users: <username>: displayname: "<name>" password: "$argon2i$v=19$m=1024,t=1,p=<hash>" email: <email> groups: - admins - dev Not quite sure whats going wrong. Please let me know if you have any thoughts! Edited May 5, 2021 by mmwilson0 Quote
awediohead Posted May 5, 2021 Posted May 5, 2021 Wasn't sure where to post this. Ibracorps Discord isn't letting me message there . . . but that's a separate issue. I'm following the Atomic Moves video and got to the part where I'm allocating ports on qbittorrent - 8080 is already in use by sabnbzdvpn so no idea how to proceed. I realise I obviously don't know what 'port allocation' really means or I'd be able to figure it out. Maybe. Can I just use any port number not currently used, so kinda pick one at random? Does it matter that a torrent and a usenet container share the same port? I notice that sabnzbdvpn has several other ports . . . I'm really just following the tutorial and jumping through hoops, and generally make little use of torrents, but I don't want to do something dumb now that I'll forget about in a couple of weeks (days if I'm honest) !! I have created a 'custom' docker network if that makes any difference? If any one can also point me at a tutorial or info that explains docker port allocations at a high level then very happy to learn something. Quote
Sycotix Posted May 5, 2021 Author Posted May 5, 2021 @awediohead not sure why discord isn't letting you chat? I'll look into it. To answer your question, if the port is already in use by different app just use a random one one digit up or down if you like. It can't be the same one because the other app is using it and unraid won't let you anyway. 1 Quote
mmwilson0 Posted May 11, 2021 Posted May 11, 2021 On 4/22/2021 at 9:58 PM, Cliff said: I tried setting up FreeIpa but am having some problems getting it to work with authelia. I followed the youtube guide and it looks like everything is installed ok. I have changed my authelia configuration as mentioned in the guide and I can log in to the freeipa webui. The only thing that I have done is created a new user. Did you resolve this? I am having the same issue. I switched from password to LDAP with FreeIPA. i followed the ibracorp LDAP video and copied over the LDAP configs from the git repo, and commented out the password file configurations. In freeIPA i have basically set it up, created an admin user and a non-admin user (ipausers group), the latter i would like to use to log in to authelia. Do i have to do any configurations in FreeIPA so that this will work? Quote
linusgrip Posted May 22, 2021 Posted May 22, 2021 On 5/5/2021 at 5:54 AM, mmwilson0 said: Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread. the file stanza starts on line 217 ##Line 216 file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 and the obfuscated users_database.yml file cat users_database.yml users: <username>: displayname: "<name>" password: "$argon2i$v=19$m=1024,t=1,p=<hash>" email: <email> groups: - admins - dev Not quite sure whats going wrong. Please let me know if you have any thoughts! Same problem as you, did you find any solution? Quote
mmwilson0 Posted May 23, 2021 Posted May 23, 2021 On 5/22/2021 at 9:49 AM, linusgrip said: Same problem as you, did you find any solution? Nope ☹️ Ive just powered off the freeipa VM for now. Need to revisit it and try again Quote
linusgrip Posted May 24, 2021 Posted May 24, 2021 12 hours ago, mmwilson0 said: Nope ☹️ Ive just powered off the freeipa VM for now. Need to revisit it and try again Probably something we´ve overlooked I´ll let you know if i find a solution, would appreciate if you did the same. Maybe @Sycotix have some time over and takes a look 1 Quote
JustAnotherGuy1324 Posted June 8, 2021 Posted June 8, 2021 (edited) I have some prolems with authelia. Whenever I try to go to my auth.domain.com I get a white screen and no change in my authelia logs. If I go to a domain that I have set to bypass it seems to work and I get some activity in the logs. I have another subdomain with one_factor where I also get a white screen when accessing, however here I get some logs. level=info msg="Access to [REDACTED] (method unknown) is not authorized to user <anonymous>, sending 401 response" method=GET path=/api/verify remote_ip=[REDACTED] I haven't been able to replicate it but somethimes I get this error message in my logs error when serving connection "172.18.0.8:9091"<->"172.18.0.1:38846": error when reading request headers: EOF. Buffer size=194, contents: "\x16\x03\x01\x00\xbd\x01\x00\x00\xb9\x03\x03\u0084\xf4<\xb5\xa8\xaaB '\xe1\xf3͔\xb7\xd5\xd8g7z`\r\x05瑫\xd2[\xb3Iҷ\x00\x008\xc0,\xc00\x00\x9f̨̩̪\xc0+\xc0/\x00\x9e\xc0$\xc0(\x00k\xc0#\xc0'\x00g\xc0\n\xc0\x14\x009\xc0\t\xc0\x13\x003\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\xff\x01\x00\x00X\x00\v\x00\x04\x03\x00\x01\x02\x00\n\x00\f\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x000\x00.\x04\x03\x05\x03\x06\x03\b\a\b\b\b\t\b\n\b\v\b\x04\b\x05\b\x06\x04\x01\x05\x01\x06\x01\x03\x03\x02\x03\x03\x01\x02\x01\x03\x02\x02\x02\x04\x02\x05\x02\x06\x02" Could it have to do with the default buffer sizes in "Authelia Portal.conf" or "Protected Endpoint.conf"? It says "Buffer size=194" but both those files have buffers if I read it correctly. PS is there a good reasource to lean more about this as I don't really understand what is going into these files? From my configuration.yml access_control: ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any ## resource if there is no policy to be applied to the user. default_policy: deny # Always set to deny rules: # Rules applied to everyone - domain: [REDACTED] policy: bypass - domain: [REDACTED] policy: bypass - domain: [REDACTED] policy: one_factor - domain: [REDACTED] policy: two_factor From "Authelia Portal.conf": client_body_buffer_size 128k; proxy_buffers 64 256k; From "Protected Endpoint.conf": client_body_buffer_size 128k; proxy_buffers 4 32k; The weird thing is that it has been working and now after I have woken up it does not work? Any help is much appreciated and if there is any information I need to provide please let me know. Edited June 8, 2021 by JustAnotherGuy1324 Quote
Lumpy_BD Posted June 9, 2021 Posted June 9, 2021 I've tried setting up Authelia following the deep dive video and I'm having an issue. Ive managed to get to the point where the container starts up with no errors in the log, however when I try to open the web UI I get the following in my browser: I'm using File notifications and there is absolutely nothing in the notification.txt file. Any ideas? Thanks. Quote
JustAnotherGuy1324 Posted June 9, 2021 Posted June 9, 2021 1 hour ago, Lumpy_BD said: I've tried setting up Authelia following the deep dive video and I'm having an issue. Ive managed to get to the point where the container starts up with no errors in the log, however when I try to open the web UI I get the following in my browser: I'm using File notifications and there is absolutely nothing in the notification.txt file. Any ideas? Thanks. Lumpy_BD I think we might have the same underlying problem. I will look into it again later today as I believe there is something wrong with some of the text-files for nginx. Quote
norsemanGrey Posted June 10, 2021 Posted June 10, 2021 I am using Authelia together with Nginx Proxy Manager. Both are installed with Docker containers on the same host. I have got the setup working with most of my services, but for some reason when trying to get it to work with VSCode (using linuxserver/code-server) I only get a white/blank screen after login. Anyone have any tip as to what might be wrong? I am using the same endpoint configuration for all the services just changing out the address and port number. I have no trouble with VSCode when not behind Authelia. Quote
rragu Posted June 17, 2021 Posted June 17, 2021 First off, thank you @Sycotix for your Authelia CA container as well as your video series on YouTube. Very helpful and detailed! I've set up Authelia using a combination of your video and this blog post by Linuxserver. I mostly followed your video except for the end where I used SWAG instead of NPM. I've tested Authelia by protecting two endpoints: Syncthing and Tautulli. A few questions: 1) When I go to https://syncthing.mydomain.com, I get a distorted Authelia login page (please see attached images), whereas when I go to https://tautulli.mydomain.com, I get the usual Authelia login page. This is the case on desktop Firefox, Chrome, and Edge. I don't suppose you've seen this before? Any ideas as to why this might be? The distorted page is still functional (just not as pretty). EDIT: tried on mobile Chrome (iOS) and mobile Safari. For both mobile browsers, both Syncthing and Tautulli give me the distorted Authelia page. 2) In any case, once I login, I get to another login prompt. Obviously this is from the authentication I enabled before Authelia was set up. So, now that Authelia is protecting these services, am I good to just disable the "internal" (for lack of a better word) authentication for these services? 2a) I disabled the basic GUI auth for Syncthing. And while Authelia of course still protects Syncthing, I do now get a bright red warning message from Syncthing that I need to set GUI authentication. Is there any way to make Syncthing aware of Authelia or link them in some way so that the warning message goes away? 3) For the majority of my reverse-proxied services, I will probably be the only one who needs to access them. But for certain services (e.g. Ombi) where I would have multiple users, how do I set it up such that userX and userY logging in via Authelia automatically signs in userX and userY, respectively, to the desired service? Thanks for any and all help! Quote
bencmeyer Posted June 19, 2021 Posted June 19, 2021 On 5/4/2021 at 10:54 PM, mmwilson0 said: Hi, i'm following IBRACORP's videos on the configuring Authelia, and am hitting an issue similar to that reported by another user in this thread. the file stanza starts on line 217 ##Line 216 file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 I finally figured this one out after some head scratching. Malformed means the spacing is wrong. In your example, take off one space so they line up with the other lines in the document. Visual Studio Code helps with this because it shows lines to line up with. The spacing is 2. Like this; ##Line 216 file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 1 Quote
linusgrip Posted June 19, 2021 Posted June 19, 2021 (edited) Got this error when trying to setup two_factor: level=error msg="534 5.7.9 Application-specific password required. Any idea? EDIT: Found solution, had to add "App Passwords" inside gmail and add that password in the config file for mail. Edited August 6, 2021 by linusgrip Found solution Quote
Douji Posted June 20, 2021 Posted June 20, 2021 Hey, I'm somehow not able to login via the iOS nextcloud app. I saw the reply in page 8 (https://forums.unraid.net/topic/94096-support-ibracorp-all-images-and-files/page/4/?tab=comments#comment-891154&searchlight=1), however I'm running the config with swag/letsencrypt. I can use nextcloud normal via browser and the 2FA works, although after logging in with the old method (ios app), it threw 405 errors. After logging in successfully with authelia I get an "access denied, invalid login". I tried adding proxy_intercept_errors off; after server { and before the location part, although that does not work. Not really sure where I am supposed to look. The login seems to be fine in itself. Thanks in advance! Quote
SohailS Posted July 13, 2021 Posted July 13, 2021 Hi, Do you plan on doing a video guide on installing Jitsi? Quote
sylus Posted August 3, 2021 Posted August 3, 2021 Short question concerning Authelia. I got an error concerning the last part of the config file. time="2021-08-03T17:56:20+02:00" level=error msg="Error malformed yaml: line 543: did not find expected key" notifier: smtp: username: [email protected] # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html password: yourapppassword sender: [email protected] host: smtp.gmail.com port: 587 I have no clue what could go wrong here. I created an app password and pasted it. Any hints? Quote
OneMeanRabbit Posted August 6, 2021 Posted August 6, 2021 On 8/3/2021 at 11:19 AM, sylus said: Short question concerning Authelia. I got an error concerning the last part of the config file. time="2021-08-03T17:56:20+02:00" level=error msg="Error malformed yaml: line 543: did not find expected key" notifier: smtp: username: [email protected] # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html password: yourapppassword sender: [email protected] host: smtp.gmail.com port: 587 I have no clue what could go wrong here. I created an app password and pasted it. Any hints? Here's my portion, formatting could be issue as well as a few small differences - bolded & underlined...2 spaces where bullets are. And formatting on this forum sucks, so just validating the URL for secrets is included as a comment via # notifier: smtp: username: gmail password: gmail API password host: smtp-relay.gmail.com port: 587 sender: gmail subject: "[Authelia] {title}" disable_require_tls: false disable_html_emails: false tls: skip_verify: false minimum_version: TLS1.2 Quote
OneMeanRabbit Posted August 6, 2021 Posted August 6, 2021 I got it up and running, after lots of troubleshooting. Logs from docker were key to hunting them down. Odd that only a few of my secrets didn't work and had to add in manually. My issue is that I'm using HAPROXY via pfSense, which works brilliantly - but most writeups/videos are for NPM...I could never get NPM to work which is embarrassing because compared to HAPROXY, it looks stupid simple. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.