Lee B 3 Posted November 12, 2020 Share Posted November 12, 2020 44 minutes ago, Roxedus said: Depending on how you set it up. The last guide I saw needed you to change the hostname/forward ip, on the auth location. Hi thanks for the reply, when my gf trys to sign in with the settings from above I get a API connection error but I'm able to sign in? Quote Link to post
Roxedus 77 Posted November 12, 2020 Author Share Posted November 12, 2020 I have no idea how to do that on NPM, you might have some luck with adding some headers with the advanced settings for the location. We have a article on this problem in our docs. This what you should add: proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; Quote Link to post
Lee B 3 Posted November 12, 2020 Share Posted November 12, 2020 42 minutes ago, Roxedus said: I have no idea how to do that on NPM, you might have some luck with adding some headers with the advanced settings for the location. We have a article on this problem in our docs. This what you should add: proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; ok thanks Quote Link to post
MuNaught 1 Posted December 6, 2020 Share Posted December 6, 2020 I want to change the default ports from 80 and 443, but cannot find them. Changing the WebUI port doesn't seem to be doing anything. Any suggestions on how/where to change them? Quote Link to post
Roxedus 77 Posted December 6, 2020 Author Share Posted December 6, 2020 You cannot "change" port when running in host networking Quote Link to post
Squid 3340 Posted December 6, 2020 Share Posted December 6, 2020 You've changed the network type from the default bridge to instead be host, which has the effect that all port mappings are ignored. Quote Link to post
tinymegalodon 0 Posted January 3 Share Posted January 3 I'm trying to set up my Unraid dashboard in Organizr V2. I only plan to use this locally with no access from the outside internet. When I try to log into either of my Unraid servers, I can never progress pass the logon screen. I can see in the Unraid server logs where the authentication is successful, but the page never proceeds on to the standard Unraid dashboard. Any suggestions? Quote Link to post
Roxedus 77 Posted January 3 Author Share Posted January 3 1 hour ago, tinymegalodon said: Any suggestions? You are probably running into this browser resctriction: https://docs.organizr.app/books/troubleshooting/page/redirect-looping---samesite-errors Quote Link to post
ados 2 Posted April 20 Share Posted April 20 (edited) Just want to thank the developers for Organizr its made management of services so much easier. I would like to share a procedure for new peeps to secure their systems when using a reverse proxy, in this case NGINX Proxy Manager. The following I think is a typical new proxy setup: https://domain.com Then the docker apps are setup either as subdomains https://sub.domain.com or sub-folders https://domain.com/subfolder In both these instances the docker is exposed to the internet for hacking (we are dismissing firewalls in this example) You can use Organizr to collaborate them together but its still the same. https://organizr.com might be the location to access all the apps but https://sub.domain.com or sub-folders https://domain.com/subfolder is still there providing the address is used directly. This is where we can use Organizr API to lock down the access to the sub domains and sub-folders. When I access https://sub.domain.com or sub-folders https://domain.com/subfolder I get this: This is because in this session I'm not logged into Organizr and so there is no authentication session to authorise me. If I did this in a browser I was logged into Organizr it would take me directly to the app but I could always go through Organizr too; thus I can do both but the public cannot. Add this with SSO and even MFA for Organizr and we now have a secure login wall. The following procedure explains how to do this for the easier NGINX app NGINX Proxy Manager (GUI based): First you will need to have configured your NGINX PM docker, this is outside the scope of this guide so please review relevant procedures on their support forum; you will also need a configured Organizr using sub domains or sub-folders. Sub-folder setup: This setup is easier to configure and reduces complexity on domains/wildcards and SSL 1. In NGINX PM, edit the host relating to your Organizr which should have Organizr set on the "Details" screen and not a sub-folder; this ensures Organizr works effectively. 2. You have two options to configure the access: Enter the following (with your own edit using examples below) "auth_request /auth-4;" into the "Advanced" tab if you want a global group block for all sub-folders. OR Enter the following (with your own edit using examples below) "auth_request /auth-4;" into the the custom configuration field (cog icon) for each sub-folder you want to restrict. This method allows for granularity. **Remember the restriction you place also applies to the user accessing the resources from within Organizr. Replace the [4] with the match group level required to access the resource: 0=Admin 1=Co-Admin 2=Super User 3=Power User 4=User Logged In Users=998 Guests-999 3. Create a new location which will contain the API call to Organizr for this to work: Location: ~ /auth-(.*) Scheme: http Forward Hostname / IP: x.x.x.x/api/v2/auth?group=$1 Forward Port: 8040 **Replace the IP address values to your docker running Organizr and if you changed your default port also adjust that. In the custom configuration field (cog icon) for that same location enter the following without edits: internal; proxy_set_header Content-Length ""; 4. [Optional] if you have your Organizr connected to dockers using API (homepage items) via the proxy (don't know why you would, instead of local IP) then you will need to exclude the API call from needing authentication. For each location pointing to a docker using API in this configuration enter the following in the custom config (cog icon): location /tautulli/api { auth_request off; proxy_pass http://x.x.x.x:8181/tautulli/api; } **You might also have the auth_request /auth-4 text in there too which is fine. Replace the IP and port to your docker, replacing also the app names. 5. If you save it here you will block all users from accessing Organizr. This is because you need to be logged into Organizr to access Organizr, catch 22. We fix this with one final location: Location: / Scheme: http Forward Hostname / IP: x.x.x.x Forward Port: 8040 **Replace the IP address values to your docker running Organizr and if you changed your default port also adjust that. In the custom configuration field (cog icon) for that same location enter the following without edits: auth_request off; This means when we go to https://domain.com it will automatically append a "/" to the end and the location bypasses the need to authenticate so we can login. 6. Setup complete Sub-domain setup: This is similar but with more repeating steps. 1. In NGINX PM, edit the host relating to your sub domain you want to restrict. 2. Enter the following (with your own edit using examples below) "auth_request /auth-4;" into the "Advanced" tab. **Remember the restriction you place also applies to the user accessing the resources from within Organizr. Replace the [4] with the match group level required to access the resource: 0=Admin 1=Co-Admin 2=Super User 3=Power User 4=User Logged In Users=998 Guests-999 3. Create a new location which will contain the API call to Organizr for this to work: Location: ~ /auth-(.*) Scheme: http Forward Hostname / IP: x.x.x.x/api/v2/auth?group=$1 Forward Port: port of docker **Replace the IP address values to your docker. In the custom configuration field (cog icon) for that same location enter the following without edits: proxy_pass_request_body off; proxy_set_header Content-Length ""; 4. [Optional] if you have your Organizr connected to dockers using API (homepage items) via the proxy (don't know why you would, instead of local IP) then you will need to exclude the API call from needing authentication. Click the "Advanced" settings tab and enter the following: location /tautulli/api { auth_request off; proxy_pass http://x.x.x.x:8181/tautulli/api; } **Replace the IP and port to your docker, replacing also the app names. 5. Repeat steps 1-4 for each sub domain. 6. Setup complete Edited April 20 by ados Errors 1 Quote Link to post
tetrapod 2 Posted May 1 Share Posted May 1 @ados intro in the write-up above convinced me to try Organizr and it's now running. It looks beautiful and is so flexible. Heimdall is deleted forever and you are now on my beer supply list. My last step resulted in a problem though and I question my understanding. I run Organizer in a docker on Unraid 6.9.2. My services are reverse proxied (swag) with subdomain setup. My problem started when I started with authentication via Organizer. Worked brilliant as I wanted with different groups, level, on/off LAN access. Everything as I wanted until I came to Ombi. Now, Ombi access works fine in browser, but not the mobile app and I guess that is because it can't authenticate through Organizer and it's here that I question my understanding when I configure nginx. Following https://docs.organizr.app/books/setup-features/page/serverauth#bkmrk-swag%2Fletsencrypt-doc I have: added and edited the /config/nginx/proxy-confs/organizr-auth.subfolder.conf file edited all /config/nginx/proxy-confs/*.subdomain.conf files by adding this in the first location block: include /config/nginx/proxy-confs/organizr-auth.subfolder.conf; auth_request /auth-4; I have only added the above in the first location block even if the config file have more location blocks and it seems to work, but is this correct? The next section (Subdomain and How to include the authorization block in a reverse proxy) in the instruction I don't understand. I though I was using subdomains and reverse proxy, but it seems to work any way? What am I missing and is there a way to get the Ombi app to work or should I just exclude that from authentication? Quote Link to post
tetrapod 2 Posted May 3 Share Posted May 3 Having problems with getting organizr to communicate with deluge docker (using binhex-delugevpn). I have followed the instructions and downloaded the egg file WebAPI-0.4.0-py3.7.egg. Renamed it WebAPI-0.4.0-py3.9.egg and installed it. I can however not tick the box for enable and getting API Error (no. 2) when testing the connection. All the other configured arrs and media apps works great. Looks beautiful 🤘 I also can not find out how to remove the plugin to start over again 😐 Quote Link to post
ados 2 Posted May 6 Share Posted May 6 (edited) On 5/2/2021 at 2:03 AM, tetrapod said: @ados intro in the write-up above convinced me to try Organizr and it's now running. It looks beautiful and is so flexible. Heimdall is deleted forever and you are now on my beer supply list. My last step resulted in a problem though and I question my understanding. I run Organizer in a docker on Unraid 6.9.2. My services are reverse proxied (swag) with subdomain setup. My problem started when I started with authentication via Organizer. Worked brilliant as I wanted with different groups, level, on/off LAN access. Everything as I wanted until I came to Ombi. Now, Ombi access works fine in browser, but not the mobile app and I guess that is because it can't authenticate through Organizer and it's here that I question my understanding when I configure nginx. Following https://docs.organizr.app/books/setup-features/page/serverauth#bkmrk-swag%2Fletsencrypt-doc I have: added and edited the /config/nginx/proxy-confs/organizr-auth.subfolder.conf file edited all /config/nginx/proxy-confs/*.subdomain.conf files by adding this in the first location block: include /config/nginx/proxy-confs/organizr-auth.subfolder.conf; auth_request /auth-4; I have only added the above in the first location block even if the config file have more location blocks and it seems to work, but is this correct? The next section (Subdomain and How to include the authorization block in a reverse proxy) in the instruction I don't understand. I though I was using subdomains and reverse proxy, but it seems to work any way? What am I missing and is there a way to get the Ombi app to work or should I just exclude that from authentication? Ha ha let me know when virtual beers are a thing. Sorry for the delay, work has been keeping me busy. Good to hear your liking Organizr, it does incorporate all your instances into one place for easy management. Since your using Swag and I don't have too much knowledge on that other than its also NGINX I might not be able to provide much direction. The "include" shouldn't be needed, as for the "auth_request" part you can either have this specified for each sub domain or in the main function of the config file. The reason you would divide it would be to allow greater control over which sub domains are authorisation controlled. However, you can just specify in the sub domain "auth_request off;" to omit it from authentication. As for Ombi, I didn't have that issue as I stopped using it in favor of another platform and I never liked the mobile app. All my interaction was from the web interface which I found better and can be pinned as such to the mobile home screen it more or less functions as an app. Since the Ombi app would have its own http/s requests to the docker instance it would have its own cookies and authentication, this causes an issue as it never contains the authentication cookie for Organiser which is passed in any web browser. I don't think there will be an easy way around this without using a firewall. Edited May 6 by ados Errors Quote Link to post
ados 2 Posted May 6 Share Posted May 6 On 5/3/2021 at 9:39 PM, tetrapod said: Having problems with getting organizr to communicate with deluge docker (using binhex-delugevpn). I have followed the instructions and downloaded the egg file WebAPI-0.4.0-py3.7.egg. Renamed it WebAPI-0.4.0-py3.9.egg and installed it. I can however not tick the box for enable and getting API Error (no. 2) when testing the connection. All the other configured arrs and media apps works great. Looks beautiful 🤘 I also can not find out how to remove the plugin to start over again 😐 The main issue with that application is support which has decreased over time. You need to stay on older versions if you wish to have plugin support. Keeping it short as this belongs over on the Deluge forum, you need to be on a 2.0.X version. 2.0.4 is a good one. 😉 Quote Link to post
tetrapod 2 Posted May 6 Share Posted May 6 9 minutes ago, ados said: Ha ha let me know when virtual beers are a thing. Sorry for the delay, work has been keeping me busy. Good to hear your liking Organizr, it does incorporate all your instances into one place for easy management. Since your using Swag and I don't have too much knowledge on that other than its also NGINX I might not be able to provide much direction. The "include" shouldn't be needed, as for the "auth_request" part you can either have this specified for each sub domain or in the main function of the config file. The reason you would divide it would be to allow greater control over which sub domains are authorisation controlled. However, you can just specify in the sub domain "auth_request off;" to omit it from authentication. As for Ombi, I didn't have that issue as I stopped using it in favor of another platform and two I never used the mobile app. All my interaction was from the web interface which I found better and can be pinned as such to the mobile home screen it more or less functions as an app. Since the Ombi app would have its own http/s requests to the docker instance it would have its own cookies and authentication, this causes an issue as it never contains the authentication cookie for Organiser which is passed in any web browser. I don't think there will be an easy way around this without using a firewall. No problem with time buddy. I'm just glad to get answers and still trying to figure out where to best ask the questions. I think my knowledge profile is an outlier in this home server arena and a lot of the time the answers I get are just over my head, or my questions are not understood at all and are ignored. But, I'm starting to understand enough to help other people - that feels good. I think I need the "include". How would nginx know where to go for authentication other vice? Yeah I have included the auth_request in all the subdomain config files. Need the granularity for different authentication levels. Quote Link to post
stFfn 0 Posted July 12 Share Posted July 12 I Need help to run this behind a proxy. Im using Swag. I have a few other dockers runing fin behind Swag but i cant seem to get this to run. 😕 Im Using Swag in combination with Cloudflare. Could someone help me with this? (it seems like swag does not see the config beeing renamed from samble to .conf) i dont know what im doing wrong. is there someone who could help me with that matter? Quote Link to post
Roxedus 77 Posted July 14 Author Share Posted July 14 Swag does not list active configs. Do a ls in the proxy-conf and see if it is named correctly Quote Link to post
stFfn 0 Posted July 19 Share Posted July 19 On 7/14/2021 at 11:58 AM, Roxedus said: Swag does not list active configs. Do a ls in the proxy-conf and see if it is named correctly Well the files are there... Quote Link to post
Roxedus 77 Posted July 19 Author Share Posted July 19 And you open organizr.domain.com? Quote Link to post
stFfn 0 Posted July 19 Share Posted July 19 1 minute ago, Roxedus said: And you open organizr.domain.com? no it says site not reachable Quote Link to post
stFfn 0 Posted July 19 Share Posted July 19 (edited) 5 hours ago, stFfn said: no it says site not reachable Docker Name: Organizr Config: Cloudflare entry: and when i try to reach itexternal : 500 Internal Server Error and Internal as well: 500 Internal Server Error Edited July 19 by stFfn Quote Link to post
stFfn 0 Posted July 21 Share Posted July 21 On 7/19/2021 at 1:47 PM, Roxedus said: And you open organizr.domain.com? Hello? didnt you see my other messages? Quote Link to post
tronyx 3 Posted July 21 Share Posted July 21 (edited) 49 minutes ago, stFfn said: Hello? didnt you see my other messages? Yes, we did, but you didn't answer the question. Are you LITERALLY browsing to organizr.domain.com or are you replacing domain.com with your ACTUAL domain? Also, those error pages show Nginx version 1.18. Both the SWAG and Organizr containers are running Nginx version 1.20 so you're either VERY out of date or you're running something else that is using Nginx. Edited July 21 by tronyx Nginx versions Quote Link to post
stFfn 0 Posted July 21 Share Posted July 21 25 minutes ago, tronyx said: Yes, we did, but you didn't answer the question. Are you LITERALLY browsing to organizr.domain.com or are you replacing domain.com with your ACTUAL domain? Also, those error pages show Nginx version 1.18. Both the SWAG and Organizr containers are running Nginx version 1.20 so you're either VERY out of date or you're running something else that is using Nginx. why would i use organizr.domain.com? of course im using my own domain.. where did you see that i use organizr.domain.com? the swag and organizr dockers are up to date. i dont know how anything else with nginx could interfere? port 443 is redirected to swag. how could anything else be taking over only this docker but not the others that im running? Quote Link to post
Roxedus 77 Posted July 21 Author Share Posted July 21 Because the config you posted expose it on organizr.domain.com, not domain.com. That's why I asked, and waited for a answer To clarify, domain.com in this context is supposed to be substituted with your real domain 1 Quote Link to post
61 posts in this topic Last Reply
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.