Clarification of GPodder support

[gardiol]

Clear and concise description of the problem

I want to add gpodder support, according to docs i need to set either BASIC_AUTH or OIDC_AUTH, but i use reverse-proxy authentication and PodFetch will not start when i enable REVERSE_PROXY and none of the other two.

Is there a way to enable GPODDER_INTEGRATION_ENABLED with proxy auth?

Suggested solution

Allow GPodder with proxy auth

Alternative

No response

Additional context

No response

Validations

• [X] Follow our Code of Conduct
• [X] Read the Contributing Guide.
• [X] Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

[SamTV12345]

You need these two env variables set to true and then it should start. Could you please share your docker-compose file?

[gardiol]

I run it on bare-metal and this is my startup script:

#!/bin/bash

export SERVER_URL=https://xxxxxx/podfetch/

export DATABASE_URL=sqlite:///xxxxx/podfetch/db/podcast.db

export REVERSE_PROXY=true
export REVERSE_PROXY_HEADER=X-WEBAUTH-USER
export REVERSE_PROXY_AUTO_SIGN_UP=true

export TELEGRAM_BOT_TOKEN=xxxxxxx
export TELEGRAM_BOT_CHAT_ID=xxxxxxx
export TELEGRAM_API_ENABLED=true

#export GPODDER_INTEGRATION_ENABLED=true

cd /xxxxx/podfetch/
./podfetch_amd64 &> /data/daemons/podfetch/podfetch.log

When i uncomment the GPODDER_INTEGRATION_ENABLED i get the message:

Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-3afafe70fe582c1d/out/built.rs
GPODDER_INTEGRATION_ENABLED activated but no BASIC_AUTH or OIDC_AUTH set. Please set BASIC_AUTH or OIDC_AUTH in the .env file.

[SamTV12345]

Oh. I see. You downloaded the binary from the release tab. I just released a new version. This one also contains the reverse proxy auth support. With the new version it should work.

[gardiol]

Ok, i see, i will upgrade as soon as i can. I do not like Docker, specially for something as simple as Podfetch to setup. Kudos to creating such a streamlined app! There are devs out there that for simpler tasks come up with such complex architectures that docker ends up being mandatory for no real reason.

Anyway, i have a question: my set-up is dual. When connecting from "outside" i get proxy auth, when connecting from "inside" (home) i do not have proxy auth. So opening podfetch from outside result in proxy login/user set, while when at home i need no login at all to enter. This works for me because all my services are setup not to require "personal" configuraitons (with few exceptions). So far podfetch just handles it perfectly, would this cause issues with gpodder integration?

(to be clear: i do not need multiple users, that's the point, but i don't want to authenticate twice when connectiong from outside, this is why i setup proxy auth in podfetch)

[gardiol]

Mmm something still not working, i downloaded and started latest binary release (4.6.0) from github and still get:

Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-3afafe70fe582c1d/out/built.rs
GPODDER_INTEGRATION_ENABLED activated but no BASIC_AUTH or OIDC_AUTH set. Please set BASIC_AUTH or OIDC_AUTH in the .env file.

when i uncomment that one line above. Env setup is identical as before.

EDIT: i guess the correct version would be 4.6.1, but binaries are still missing, so please ignore my comment and i will wait :)

[SamTV12345]

Sorry my bad. I put the wrong tag for the relase. Should work now.

[gardiol]

Yes, i can confirm it works now! Will test and report more if needed.

[gardiol]

Mmm i get always a 404 Not Found when connecting from AntennaPod. In my setup i have podfetch exposed trough NGINX reverse proxy as "https://mydomain/podfetch", which works great for the web UI, maybe this is not working properly for the gpodder integration and it needs to be on root path? Or i am missing something?

To be clear: i used the same URL https://mydomain/podfetch in antennaPod, and correct username/password for the reverse proxy auth.

[SamTV12345]

Mmm i get always a 404 Not Found when connecting from AntennaPod. In my setup i have podfetch exposed trough NGINX reverse proxy as "https://mydomain/podfetch", which works great for the web UI, maybe this is not working properly for the gpodder integration and it needs to be on root path? Or i am missing something?

To be clear: i used the same URL https://mydomain/podfetch in antennaPod, and correct username/password for the reverse proxy auth.

Oh yeah. That is a problem. GPodder always expects PodFetch to be hosted at /. So /podfetch won't work for GPodder. Because the app wants to access / you get a 404.

[gardiol]

That's what i thought. I will spin a subdomain for podfetch then, but is it a limitation that could be avoided in the future? Also, maybe it should be documented for future reference.

[gardiol]

Ok, i moved to https://podcast.mydomain.com but it's still not working. It doesn't give me any error but the login page stays on with "enter" and "cancel" buttons: doesnt move to the device creation page.

This is what i get in my nginx logs:

127.0.0.1 - willy [31/Jan/2024:14:03:05 +0100] "POST /api/2/auth/willy/login.json HTTP/1.1" 200 0 "-" "AntennaPod/3.2.0"
127.0.0.1 - - [31/Jan/2024:14:03:05 +0100] "GET /api/2/devices/willy.json HTTP/1.1" 401 179 "-" "AntennaPod/3.2.0"

willy user should exist, when i connect via web gui (same url) and i tap on the profile, i see username willy, of course i log in using reverse proxy auth in both cases.

(podfetch itself gives no output error message)

This is all podfetch output i have: Debug file located at /home/runner/work/PodFetch/PodFetch/target/release/build/podfetch-ce09e229467aae0a/out/built.rs 2024-01-31T13:59:44 ❌ - database is locked 2024-01-31T13:59:44 ❌ - database is locked

---

| _ \ _ _| | || | | | | |) / \ / ` | | / \ / | ' \ | / () | (| | | / || (| | | | || _/ _,|| \|____|| |_|

2024-01-31T13:59:45 ℹ - Settings already present

2024-01-31T13:59:45 ℹ - starting 4 workers 2024-01-31T13:59:45 ℹ - Starting with the following environment variables: 2024-01-31T13:59:45 ℹ - Actix runtime found; starting in Actix runtime 2024-01-31T13:59:45 ℹ - Public server url: https://podcast.mydomain.com/ 2024-01-31T13:59:45 ℹ - Polling interval for new episodes: 300 minutes 2024-01-31T13:59:45 ℹ - Developer specifications available at https://podcast.mydomain.com/swagger-ui/index.html#/ 2024-01-31T13:59:45 ℹ - GPodder integration enabled: true 2024-01-31T13:59:45 ℹ - Podindex API key&secret configured: false

[gardiol]

Hi, any hints on how to solve the 401 on devices?

[SamTV12345]

I'll take a Look at it today. I'm currently preparing for my exams.

[SamTV12345]

Do you have AntennaPod configured to point to your reverse proxy? If so is the username in the query and the currently logged in user the same? I faced a similar issue where I told Nginx that I want with username testuseradmin and I logged in as testadmin. This is the line in the code: https://github.com/SamTV12345/PodFetch/blob/cf56f686672c916c0f22f5ea9a784b5d7787570b/src/gpodder/device/device_controller.rs#L47

[gardiol]

In antennapod i added my full URL (https://podcast.mydomain.com) which is the same URL i access via web. In both cases i use the same username and password (which get's passed via PROXY_AUTH to PodFetch). As it works on the web gui, sohuld it work also via gpodder using antenna pod? Is the URL different in this case?

[gardiol]

I did some testing: if i disable proxy authentication i can successfully create the device and add gpodder to antennapod. When i re-enable proxy auth. gpodder sync from antennapod fails.

The issue seems to be between podfetch and the proxy auth.

I have also, via CLI, made sure that podfetch has one user with the correct name and password (beside the proxy auth) but nothing changes.

[gardiol]

Just pinging, i understand if you're busy with exams

[Tommy-01]

Hi, i got the same error message as described above. I am hosting PodFetch on my NAS as Container from Docker-Hub. Would be very nice, if you con solve this. Thank you in advance.

[gardiol]

Yes, using AntennaPod is not possible at this time. If you disable your proxy authentication it will work, but clearly that is not an option.

[Tommy-01]

Ah sorry, there was a "little" mistake on my side. I didn't use an proxy and nevertheless get this error. Should i open an new Ticket?

[SamTV12345]

Ah sorry, there was a "little" mistake on my side. I didn't use an proxy and nevertheless get this error. Should i open an new Ticket?

Sure better create a new ticket so we don't clutter this issue.

[gardiol]

What would i do to help investigate and fix this issue? It is indeed related to proxy auth...

[SamTV12345]

Sorry it's been a while. I finally have time tomorrow to work again on PodFetch. It's been a busy time. I'd need to replicate your nginx server with the user database and go from there. If I have the identical setup I should hopefully get the same errors 😃.

[gardiol]

Just setup proxy auth, that is enough for me to make gpodder unusable from antennapod...

[SamTV12345]

Alright. I'll check tomorrow again. I think last time I tried it it worked without a problem.