-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth with trusted HTTP Header #141
Comments
Hey, thanks for your time and effort! I will take a look at the items listed above in the coming days / weeks. |
I did test this with my setup (some other applications already use this kind of auth) and it doesn't seem to be working. I'm unsure why though, the logs are not very informative on this one |
@Typhonragewind hey, what setup (proxy, proxy config, and OliveTin config) are you using please? Let's debug it together. |
As my reverse proxy i use SWAG coupled with Authentik with the following config for OliveTin:
The content of authentik_location is:
My Olivetin config is:
|
Just a note that the logs have been considerably improved in the 2023.11.21 release to help debug trusted header Auth. |
Sure, i'll update and report soon! |
https://docs.olivetin.app/trusted-header.html @jacksgt @Typhonragewind Would you be willing to help test with a recent OliveTin release? |
I've been pretty swamped with life in general, but I'll try to do it this weekend! |
No hurry @Typhonragewind - we all have that problem! :-) I'll leave the issue open until we all resolve it! |
@jamesread So, i updated and tested it out, still no luck. I checked the logs and it seems the problem is on my side xD
Thanks for looking into this with me! |
So that sounds like your authentik proxy isn't sending that header to OliveTin - as it's complaining it can't find that header in the request. What does your authentik config look like, if you can share it? |
Yep,I'm now investigating this and how to fix it.
I use authentik alongside docker-SWAG. And by the settings i've configured it should be passing the headers, but it's not. What config specifically are you looking for? Authentik is huge and configs are not contained in a single file, as far as i know xD |
Okay, you can enable more logging in OliveTin to help you out; logDebugOptions:
singleFrontendRequests: true
singleFrontendRequestHeaders: true Then you can see exactly what OliveTin is being sent by your proxy. |
This was originally the design for auth support in #30 - which grew too big. Moving the discussion here. See #30 (comment) for context.
As @jacksgt points out - I did get half way through implementing this (in 0335e58 and probably some other commits), but it needs docs support, and some testing.
@jacksgt - it would be good if you're able to test this with you setup - I don't have a reverse proxy currently configured that supports auth via headers (I will set one up - but I'm limited on time!).
The text was updated successfully, but these errors were encountered: