Open danshat opened 1 week ago
can you try it without https to see if it's ssl's issue?
After some google, I think this is a problem with Caddy proxying the wss protocol. Maybe changing the Authelia authentication method from http headers to cookies will help. Or open the wss protocol in Authelia (no authentication required)
can you try it without https to see if it's ssl's issue?
Authelia does not allow HTTP traffic: Target URL 'http://metube.example.com/' has an insecure scheme 'http', only the 'https' and 'wss' schemes are supported so session cookies can be transmitted securely
.
After some google, I think this is a problem with Caddy proxying the wss protocol.
Caddy's official documentation states:
example.com {
@websockets {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy @websockets localhost:6001
reverse_proxy localhost:8080
}
Meaning that WSS is supported by Caddy. This header configuration correlates with other reverse proxies configurations.
Weirdly enough, even without these directives and proper matchers in Caddyfile, the issue has been corrected after deleting browser cookies, but only temporarily:
In a couple minutes I restarted Authelia without changing anything else and once again requests to /socket.io are dropped. So relogging to Authelia solves this, but only for a short time.
Apparently after (relatively) recent updates Metube fails to work correctly while running behind Authelia and a reverse proxy.
This is how the page looks, showing "Connection to server" message.
Network tab shows the following.
docker-compose.yml:
Authelia logs show this repeatedly:
Caddyfile configuration:
I understand this is likely an issue with misconfigured Caddy instance. However if someone could possibly help me with this it would be great.