FeedMe / TT-RSS sub-domain "Auth Failed"

[jame25]

I get an "OK" for https://ttrss.mydomain.com/plugins.local/freshapi/api/greader.php but a cloudflare "Argo Tunnel error" when I try https://mydomain.com/plugins.local/freshapi/api/greader.php

"Auth Failed" is the error message.

[eric-pierce]

Thanks - it looks like folks using FreshRSS may have run into similar issues due to cloudflare automatically compressing traffic. I just made some updates both to support compressed output in more scenarios and to (hopefully) tell cloudflare not to change the output of the API. Would you update and see if this resolves the issue?

If it doesn't fix it do you have any details you can provide about the cloudflare setup you're using so I can try to re-create?

[jame25]

I tried with gzip (compression) disabled in Nginx Proxy Manager. Same 'Auth Failed' error.

Some info about my setup:

Nginx Proxy Manager: (no advanced configuration)

Cloudflare: Page Rules (Type A, Proxied, TTL: Auto) (no advanced configuration)

Docker-Compose: (I forgot to mention previously I run an unsupported version of TTRSS)

tt-rss:
    image: wangqiru/ttrss:latest
    container_name: ttrss
    ports:
      - 32768:80
    environment:
      - SELF_URL_PATH=https://ttrss.mydomain.com # please change to your own domain
      - DB_PASS=******
      - ENABLE_PLUGINS=auth_internal,auth_remote,fever,mercury,freshapi
      - PUID=1000
      - PGID=1000
    volumes:
      - feed-icons:/var/www/feed-icons/
    networks:
      - public_access
      - service_only
      - database_only
    stdin_open: true
    tty: true
    restart: always

[eric-pierce]

@jame25 thanks for providing your docker-compose, that helps a lot. It looks like the Awesome-TTRSS docker container isn't up to date with TT-RSS, and does not support PATH_INFO, which the google reader API relies on. I just opened a pull request: https://github.com/HenryQW/Awesome-TTRSS/pull/527 to add support for FreshAPI.

Who knows how long it'll be before that pull request is merged, so if you want to fix right now you can either use the standard TT-RSS images, or patch the nginx.conf file to support. If you want to patch nginx.conf, create a new file in your docker directory called nginx.conf, and put the following in it:

daemon           off;
pid              /run/nginx.pid;
worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include      mime.types;
    default_type application/octet-stream;

    sendfile          on;
    keepalive_timeout 65;
    gzip              off;

    server {
        listen 80;
        root /var/www;

        index index.php index.html;

        location ~ /\. {
            return 404;
        }

        location / {
            try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_index index.php;
            include fastcgi_params;
        }
        location ~ /plugins\.local/.*/api/.*\.php(/|$) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_index index.php;
            include fastcgi_params;
        }
    }
}

Then modify your docker-compose file to include "- nginx.conf:/etc/nginx/nginx.conf" in the volumes section as is outlined below.

tt-rss:
    image: wangqiru/ttrss:latest
    container_name: ttrss
    ports:
      - 32768:80
    environment:
      - SELF_URL_PATH=https://ttrss.mydomain.com # please change to your own domain
      - DB_PASS=******
      - ENABLE_PLUGINS=auth_internal,auth_remote,fever,mercury,freshapi
      - PUID=1000
      - PGID=1000
    volumes:
      - feed-icons:/var/www/feed-icons/
      - nginx.conf:/etc/nginx/nginx.conf
    networks:
      - public_access
      - service_only
      - database_only
    stdin_open: true
    tty: true
    restart: always

Reboot the image and you should be good to go.

One thing I noticed - as freshapi isn't currently loaded into the default Awesome-TTRSS image are you cloning it in each time, or do you have a volume mapper set up for the plugins.local directory? If you're cloning it in each time, I'd recommend adding "- plugins.local:/var/www/plugins.local" to your volume directory and then adding freshapi to the version of that folder outside the container so it'll persist across reboots - that or move to the official images.

[jame25]

Thank you for the very detailed response and solution. I patched the nginx.conf and that resolved my issue. Also, you are correct, I've been cloning freshapi each time I restart the container. A little history: I started out using Awesome-TTRSS unaware that is was unofficial. Then I changed the offical images; however if I recall correctly - could not get support for the mercury_fulltext plugin working. I gave up and returned to Awesome-TTRSS. I so rarely reboot the container that I just left things at that.

[eric-pierce]

@jame25 Glad to hear all is working! The pull request I opened for Awesome-TTRSS was merged, so that project now supports and is packaged with FreshAPI. You should be able to get rid of the patch you put together and use the official image! Let me know if you have any other problems