Authelia/Nginx redirects to download the /assets/config.yml file rather than display the page

[poldim]

I have Nginx with Authelia 2FA. When I goto homer.TLD.com, I'm prompted for auth through Authelia. After successful login, I get a download prompt for my yml config file at https://homer.TLD.com/authelia/?rd=https://homer.TLD.com/assets/config.yml

From what I understand, Authelia just redirects back to the requesting site which nginx is just proxying to proxy_pass http://<LAN IP>:80;

Not sure what's causing this odd behavior.

[shaftspanner]

I started getting the same issue yesterday. Authelia authentication succeeded but it downloads the yml rather than displaying the page. If the Url is re-enter Ed, the page loads correctly.

[shaftspanner]

It looks like Authelia is redirecting to the wrong place. The URL that triggers the download for me is: https://homer.myurl.com/authelia/2fa/one-time-password?rd=https%3A%2F%2Fhomer.myurl.com%2Fassets%2Fconfig.yml

The URL entered that triggered the authelia authentication for me is https://homer.myurl.com

[poldim]

It looks like Authelia is redirecting to the wrong place. The URL that triggers the download for me is: https://homer.myurl.com/authelia/2fa/one-time-password?rd=https%3A%2F%2Fhomer.myurl.com%2Fassets%2Fconfig.yml

The URL entered that triggered the authelia authentication for me is https://homer.myurl.com

yea, I thought I was slick and tried to have nginx redirect me back to the original URL...but then that created a massive loop that would just crash the chrome window

[fitur]

Anyone figured out how to fix this? My Homer dashboard is behind Container Nursery, Authelia and Swag. Having the same issue as OP mentioned.

[sepffuzzball]

I'm also experiencing this issue using Authelia and Swag - glad to know it's not just me!

[poldim]

@bastienwirtz any thoughts on why this might be happening? I’m only experiencing this on homer and none of my other dozen or so self hosted apps

[FrouxBY]

I think this is likely due to the PWA parameters, that keep mostly everything as cache, except the config.yml, wich is then requested alone, and not as part of the whole page, which cause browsers to downlaod it. But beside this diagnostic, I haven't investigate on how to solve it

[deadbuzzard]

Anyone figured out how to fix this? My Homer dashboard is behind Container Nursery, Authelia and Swag. Having the same issue as OP mentioned.

Do you mind me asking what your setup in SWAG is? I can't get homer to show up as my homepage..I tried subbing homer for Heimdall in their docs

[bastienwirtz]

Hi there!

@poldim that's exactly what @FrouxBY identified. I definitely need to work on it, I'm not sure how I can keep offline capabilities and fix this problem. A first step could be to add a way to disable the service worker entirely.

[bemble]

Hi there!

@poldim that's exactly what @FrouxBY identified. I definitely need to work on it, I'm not sure how I can keep offline capabilities and fix this problem. A first step could be to add a way to disable the service worker entirely.

In my opinion, the best solution is to be able to enable/disable SW using a configuration or an environment variable. If I'm right, SW are set in Homer only to reduce network traffic (IE for caching purpose, but handled frontside). When using nginx or any other basic webserver, cache can be easily handled by the server.

As of today, I can't see how Homer can be used offline. Be able to handle local or remote access would be nice (IE add 2 addresses per service and use the right one, display only services with remote URL etc), but offline, because it just says "You're offline", is finally, useless for me.

By the way, thanks for Homer, it's the best homepage app I found, features are those I need, just this issue is a problem right now, mostly for mobile use (refresh without cache on iOS is not easy...).

[bastienwirtz]

Thanks for the feedback @pierrecle !

Regarding the pwa, the main goal was to make possible to "install" it on mobile, so you can have kind of an app for your services. I will make this optional!

[bemble]

Thanks for the feedback @pierrecle !

Regarding the pwa, the main goal was to make possible to "install" it on mobile, so you can have kind of an app for your services. I will make this optional!

Ok I understand but when the app is installed on a mobile. After taking a quicklook at the code, making PWA optional is not that easy due to build that will remove access to process.env.

[siancu]

I just got this with Authelia as well. Any news on an ETA for a fix?

Thanks!

[siancu]

I merged the PR #323 into my own fork and built my own image in the meantime. Just wanted to confirm that the fix works for me.

[robertr1229]

I forked your repo and tried building my own image. Behind Traefik this issues still occurs.

[mushuthecat]

HI,

Same issue, need to reload my cache manualy everytime when my authelia session expire :/

Any news about a fix ?

Regards

[egooner]

New to this thread just got both Homer and Authelia up and running and came across the same issue!! Hopefully there is a solution around the corner!

[Corbeno]

Just ran into this issue myself. Using Traefik here

[egooner]

HI,

Same issue, need to reload my cache manualy everytime when my authelia session expire :/

Any news about a fix ?

Regards

I tried this but instead have a shortcut to my auth server to manually re authenticate and then a simple page refresh did the job.

[cardinalfan1]

just wondering if the newest release (v22.02.1) addresses this issue. i'm still using the PR 323 fork listed above

[adyanth]

Wouldn't calling the alive endpoint before checking for config.yaml fix the redirect issue?

[IosifZ]

I saw 3 updates lately but no release notes and also this issue is not fixed. Any ideas?

Thanks.

LE: I am using Traefik with Google Authentication.

[bastienwirtz]

Hi there !

Sorry for the waiting on that, I'll get on it soon. @adyanth I think that could work. I'm gonna try to add an option in the config.yml (under the proxy section) to run a request with a query string that should bypass the service worker cache and trigger the redirection on the right URL.

[bemble]

@bastienwirtz I had a different approach in my PR #448 : auth proxy creates a proxy that redirect to the auth page only when necessary, for every request. In homer, it's, in my opinion, the only moment where a redirection can happen to ?alive request. So I detect, in this request, whether a redirect happened or not. If a redirect happens, using the right option to fetch (redirect), the response type changed to opaqueredirect, a you just have to reload the page (in this specific case).

Tested using Authelia, on Chrome/Brave/Safari mac, Safari iOS.

Feel free to test, checkout my repository, run npm run serve:

• configure Authelia/Nginx Proxy Manager/Traefik as you want (for me, in Nginx Proxy Manager, just a proxy, protected by authelia)
• connect to homer
• in an another tab, go on authelia, logout
• come back on homer tab, you should be on authelia to log in

[adyanth]

Oh that's a brilliant approach, since the service cards might need it to be logged in too.

[bemble]

For testing purpose, I pushed a docker image, bemble/homer:fix-auth, if you want to try.

Disclaimer, this image is based on today's latest version, it's for testing purpose, I won't maintain it along @bastienwirtz version. It will be deleted as soon as the issue is closed.

[Lungshot]

I am having this issue behind Authentik.