search

erickok / transdroid

Manage your torrents from your Android device
GNU General Public License v3.0
1.28k stars 201 forks source link

Getting http status 401 before connection #105

Closed kecksk0enig closed 6 years ago

kecksk0enig commented 10 years ago

Hi! I am using transdroid with transmission behind apache2 (ssl) proxy. Today i looked at the logs and found something like this:

xx.156.xx.218 - - [11/Feb/2014:19:28:30 +0100] "POST /transmission/rpc HTTP/1.1" 401 6078 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:30 +0100] "POST /transmission/rpc HTTP/1.1" 200 1962 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:30 +0100] "POST /transmission/rpc HTTP/1.1" 401 426 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:30 +0100] "POST /transmission/rpc HTTP/1.1" 200 18830 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:31 +0100] "POST /transmission/rpc HTTP/1.1" 401 426 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:31 +0100] "POST /transmission/rpc HTTP/1.1" 200 1962 "-" "Transdroid Torrent Connect"
xx.156.xx.218 - - [11/Feb/2014:19:28:31 +0100] "POST /transmission/rpc HTTP/1.1" 401 426 "-" "Transdroid Torrent Connect"

every refresh on transdroid results in those lines. it looks like it first tries to connect withoud required user. Is there a way to fix this?

erickok commented 10 years ago

It is hard to tell -- I do not have a setup like that to test against at the moment. I expect a 401 on the very first request (because I do not use preemptive authentication with Transmission), but not on successive calls. I use the Apache HttpClient to connect, which should remember to send the credentials directly after a first time it identified authentication is required.

axelsimon commented 10 years ago

Hi there, just to let you know I'm getting the same error using Deluge 1.3.x behind lighttpd as a SSL proxy.

I can see in the Trandroid log lines such as :

 6917 -- Sat May 31 03:38:31 GMT+02:00 2014 -- 3 -- Deluge daemon: Error: AuthenticationFailure exception: Password error? Server time difference? No (valid) cookie in response and JSON was: <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>

The Deluge web interface is working, that I can confirm. The webif is running without SSL and Lighttpd is proxying and adding SSL. I've added the SHA1 print for the self-signed certificate in Transdroid too.

I'd be happy to help figure a way to debug this :)

And thanks for Transdroid, it's been a lot of fun to use!

Self-Perfection commented 9 years ago

One more vote for this issue. I have transmission behind nginx as a proxy, and I see that each request Transdroid sends without auth data, gets 401 and then retries.

PaulW commented 8 years ago

Have you enabled SNI on nginx/lighttpd? I had a similar issue with haproxy to begin with, however making sure haproxy uses SNI for identification solved it for me.

I changed:

frontend public
  bind *:443 ssl crt /etc/.......
  reqadd X-Forwarded-Proto:\ https
  redirect scheme https code 301 if !{ ssl_fc }
  # 16000000 seconds: a bit more than 6 months
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
  acl deluge01 hdr(host) -i deluge01.myhost.com
  use_backend deluge01_server if deluge01

to:

frontend public
  bind *:443 ssl crt /etc/.......
  reqadd X-Forwarded-Proto:\ https
  redirect scheme https code 301 if !{ ssl_fc }
  # 16000000 seconds: a bit more than 6 months
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
  use_backend deluge01_server if { ssl_fc_sni deluge01.myhost.com }```

Not sure if this may be the same issue you are experiencing...
skorokithakis commented 8 years ago

I have the same problem now with Caddy, except I can't connect at all. It always gives me a 401, it doesn't send the auth header at all.

tetsumaki commented 7 years ago

Hi, same problem with nginx and transmission-cli.

I do not have this problem with other clients but they are less sexy.

Tested with authentication requested by nginx or transmission-cli and the problem is the same.

Exemple output from my access.log nginx :

XX.XX.XX.XX - - [03/May/2017:01:36:00 +0200] "POST /transmission/rpc HTTP/1.1" 401 188 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - mylogin [03/May/2017:01:36:00 +0200] "POST /transmission/rpc HTTP/1.1" 200 10711 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - - [03/May/2017:01:36:00 +0200] "POST /transmission/rpc HTTP/1.1" 401 188 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - mylogin [03/May/2017:01:36:00 +0200] "POST /transmission/rpc HTTP/1.1" 200 1585 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - - [03/May/2017:01:36:03 +0200] "POST /transmission/rpc HTTP/1.1" 401 188 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - mylogin [03/May/2017:01:36:03 +0200] "POST /transmission/rpc HTTP/1.1" 200 1585 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - - [03/May/2017:01:36:03 +0200] "POST /transmission/rpc HTTP/1.1" 401 188 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - mylogin [03/May/2017:01:36:03 +0200] "POST /transmission/rpc HTTP/1.1" 200 1585 "-" "Transdroid Torrent Connect"
XX.XX.XX.XX - - [03/May/2017:01:36:03 +0200] "POST /transmission/rpc HTTP/1.1" 401 188 "-" "Transdroid Torrent Connect"

I usually use the https but I prefer to simplify the configuration of the file to better understand the problem :

server {
    listen 80;
    server_name my.url.net;

    auth_basic "Restricted";
    auth_basic_user_file /path/to/my/file;

    location / {
        return 301 https://$server_name/transmission/web/;
    }

    location ^~ /transmission {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "";
        proxy_pass_header X-Transmission-Session-Id;
        proxy_pass http://XX.XX.XX.XX:9091/transmission;
    }
}
HorlogeSkynet commented 6 years ago

Exactly same problem as the OP here... Any news on this ?

(Thanks for this wonderful app btw)

Bye ! 👋

erickok commented 6 years ago

I am looking into preemptive authorization (like than with the old Vuze adapter).

HorlogeSkynet commented 6 years ago

Perfect ! Keep us posted, I'd be personally glad to test some things if needed :ok_hand:

erickok commented 6 years ago

@HorlogeSkynet Could you try to install https://github.com/erickok/transdroid/releases/download/v2.5.10-dev/transdroid-2.5.10-dev.apk and test your connection?

HorlogeSkynet commented 6 years ago

Yes, let me finish something, and I'll set up the reverse proxy again :crossed_fingers:

HorlogeSkynet commented 6 years ago

Oh god, it just works like a charm :ok_hand: :tada: :bowing_man:

I've got some 403 still randomly thrown by Apache, but maybe it's only my configuration... I'll try to debug this

EDIT : It looks like this message appears when Apache throws 403 :

client denied by server configuration: proxy:http://localhost:9091/transmission/rpc

But I don't see what can cause this, and why it's not the case for each query...

EDIT 2 : Working configuration posted here !

erickok commented 6 years ago

Excellent! I'll merge and let's hope we did not break any other people's auth (like digest auth)... 😬

HorlogeSkynet commented 6 years ago

:rofl:

I hope too :crossed_fingers:

If I manage to fix my issue, I'll post the solution here (it looks like an issue when reverse proxy-ing with Apache 2.4 ...)

Bye, thanks again :wave:

skorokithakis commented 5 years ago

Plus the problem isn't fixed. I keep getting the same every time, and trying to add a new torrent gives me an error in the UI (because of the 401). I have to refresh or retry (not sure which, I do both) before it will work. This bug is five years old at this point :(