[BUG]: Proxy does not work with service that has basic auth

stanol commented 1 year ago

What happened?

If I try to proxy something like transmission web gui, cosmos gives me a blank loading page and there are a lot of requests with 401 code in cosmos logs.

What should have happened?

A form for entering your login and password should be displayed.

How to reproduce the bug?

Try to proxy service with basic auth.

Relevant log output

2023/05/10 11:52:17 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.342111ms

2023/05/10 11:52:18 [INFO] SmartShield: Request received

2023/05/10 11:52:18 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.093388ms

2023/05/10 11:52:18 [INFO] SmartShield: Request received

2023/05/10 11:52:18 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.94874ms

2023/05/10 11:52:18 [INFO] SmartShield: Request received

2023/05/10 11:52:18 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 1.963072ms

2023/05/10 11:52:19 [INFO] SmartShield: Request received

2023/05/10 11:52:19 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.042395ms

2023/05/10 11:52:19 [INFO] SmartShield: Request received

2023/05/10 11:52:19 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.271848ms

2023/05/10 11:52:19 [INFO] SmartShield: Request received

2023/05/10 11:52:19 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.235844ms

2023/05/10 11:52:19 [INFO] SmartShield: Request received

2023/05/10 11:52:19 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.651387ms

2023/05/10 11:52:20 [INFO] SmartShield: Request received

2023/05/10 11:52:20 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.453525ms

2023/05/10 11:52:20 [INFO] SmartShield: Request received

2023/05/10 11:52:20 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 1.997974ms

2023/05/10 11:52:20 [INFO] SmartShield: Request received

2023/05/10 11:52:20 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.264617ms

2023/05/10 11:52:20 [INFO] SmartShield: Request received

2023/05/10 11:52:20 "GET http://transmission.cosmos.example.com:8080/ HTTP/1.1" from [myIP]:62796 - 401 26B in 2.429382ms

Other details

No response

System details

OS: Debian (Docker)
Browser firefox
Version v0.4.1

azukaar commented 1 year ago

Same as the other issue you posted, I unfortunately cannot reproduce it (I just tried to expose Transmission with basic auth enabled) it works fine. The 401 is generated by Transmission not Cosmos (as seen in your logs) So I suggest double checking your Transissions settings (all in the settings.json of your Transmissions folder) :

Check the Transmissions logs for any errors
Make sure there are no character breaking the JSON files in your password, such as "
Make sure that hostname whitelisting is disabled OR that the right hostname is recorded in the whitelist
Make sure you are using the right username / password combination
Try in private mode in case you have saved a wrong credentials in your browser

stanol commented 1 year ago

I can expose transmission through nginx but not through cosmos. Therefore, I think the problem is not in bad transmission settings.

azukaar commented 1 year ago

Yes but it could be an issue with the hostnames for example, or cached auth settings in your browser. May be you have exposed the wrong ports? I see you are using 8080 but Transmission is 9091 The 401 you see in the logs are coming from Trasmission, not Cosmos, that's why it appears in the GET response from the reverse proxy

This is the config I am using that is working with Cosmos:

{
          "Name": "transmission",
          "Description": "Expose transmission to the internet",
          "UseHost": true,
          "Host": "transmission.****",
          "UsePathPrefix": false,
          "PathPrefix": "",
          "Timeout": 14400000,
          "ThrottlePerMinute": 10000,
          "CORSOrigin": "",
          "StripPathPrefix": false,
          "MaxBandwith": 0,
          "AuthEnabled": false,
          "AdminOnly": false,
          "Target": "http://transmission:9091",
          "SmartShield": {
            "Enabled": true,
            "PolicyStrictness": 0,
            "PerUserTimeBudget": 0,
            "PerUserRequestLimit": 0,
            "PerUserByteLimit": 0,
            "PerUserSimultaneous": 0,
            "MaxGlobalSimultaneous": 0,
            "PrivilegedGroups": 0
          },
          "Mode": "SERVAPP",
          "BlockCommonBots": true,
          "BlockAPIAbuse": false
        },

And then in Transmission's config file make sure you have properly setup:

    "bind-address-ipv4": "0.0.0.0",
    "bind-address-ipv6": "::",
    "rpc-host-whitelist": "",
    "rpc-host-whitelist-enabled": false,
    "rpc-port": 9091,
    "rpc-socket-mode": "0750",
    "rpc-url": "/transmission/",

stanol commented 1 year ago

The problem was caused by the password manager.

azukaar / Cosmos-Server