401 when accessing filebot:node from another host

[Piccirello]

I'm currently running the latest rednoah/filebot:node with Docker 19 on Ubuntu 18.04. When I try accessing filebot-node's webui from another machine (via the docker host's ip), I receive a 401.

$ curl -i http://10.0.0.12:5452/filebot/
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
Date: Fri, 17 Apr 2020 11:49:32 GMT
Connection: keep-alive
Content-Length: 0

Filebot does log the request:

------------------------------------------
Fri Apr 17 2020 11:49:32 GMT+0000 (America)
GET: /filebot/

There's currently no middleware (e.g. nginx) sitting between my system and the docker host, and I haven't yet configured basic auth. I suspect this issue is because of the hardcoded host 127.0.0.1 in filebot-node's start.sh. Is there any way to override this value via docker run? I'd prefer to administer access via ufw and my reverse proxy.

Edit: On startup filebot does seem to log that it's using 0.0.0.0

ENVIRONMENT {
...
  FILEBOT_VERSION: '4.9.0',
  PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
  FILEBOT_NODE_HOST: '0.0.0.0',
...
filebot-node listening at http://0.0.0.0:5452/

[rednoah]

Getting back HTTP/1.1 401 Unauthorized means that the connection itself works.

Here's the startup script used by the docker container: https://github.com/filebot/filebot-docker/blob/master/filebot-node

Based on the information so far, I'd expect HTTP/1.1 401 Unauthorized regardless of where the request comes form, localhost or otherwise.

If you'd like to further debug the issue, here's where I'd start: https://github.com/filebot/filebot-node/blob/master/server-nodejs/app.js#L367

[Piccirello]

Here's the startup script used by the docker container:

I missed that file, but that explains why filebot was logging 0.0.0.0.

I'm not entirely sure what changed overnight (sorry future readers) but it seems to be working now. I can access the UI and set up a task.

Unrelated, and I'm happy to open a separate issue, but sending email doesn't seem to be supported. I saw that in this thread you mentioned FileBot Node doesn't expose email functionality. Is there any hope of getting this added? If any difficulty stems from the fact that openjdk:13-alpine is the base image then you might even be able to use the nodemailer package rather than a mail binary.

[rednoah]

I recommend using PushBullet instead.

If you are keen on email logging, then you can use send-email-log to call filebot instead of calling filebot directly: https://www.filebot.net/forums/viewtopic.php?t=9801

[Piccirello]

Having used FileBot for several years now, the log file is considerably worse than the nicely formatted email output I'm used to. Why is email not an option only for filebot-node? This is the only thing keeping me from being able to move FileBot over to docker. The only other option I couldn't find was for -no-xattrs, but that I can live without.

[rednoah]

Just use PushBullet then. You'll get the same nicely formatted HTML reports.

[Piccirello]

PushBullet seems like it's for push notifications, which I don't want. And either way, I don't want to provide all of my download information to some additional third party service. Why can't I just use FileBot's email feature that's already built in and that's supported in every other environment? Why the insistence on PushBullet?

[rednoah]

PushBullet is a separate service that is easy to use, just copy & paste your API key and it's done. If someone uses top to see your running processes, then only your PushBullet API key is compromised.

Email is not easy. Finding out the right SMTP settings & credentials is not easy. Most users end up using their Gmail account for simplicity, which means publishing your username and password for their master account, in plain text in some script file somewhere, promptly forgotten and published on GitHub, Support Forums, readable to other users on the same machine, readable to anyone who can use top to see your processes, or just hacked and stolen.

There's a reason ssh doesn't allow you to pass your password as a command-line option, even though it would be convenient. ;)

--def gmail was added by user request. Then --def email was added because if you have your own email server you need to configure lots and lots of things to make it work. Now half the amc script is about email reports.

You're welcome to fork FileBot Node and make things work for your needs. But adding email reports to the amc script was a major mistake in the first place, and it's not something I plan on doubling down on in FileBot Node.

[rednoah]

TL;DR Just use PushBullet. I insist on it because it works out of the box right now. You can test it right now. Try it for a week. See if it works for you. Make a new thread next week if you still insist on using --def email by then. ;)

[Piccirello]

I understand why you don't want to propagate the hell that is mail support any further. Unfortunately, the reason I don't want to use Pushbullet is because it's an additional third party service. Their privacy policy states that they don't sell data, which is great, but any company that were to purchase Pushbullet would then have a list of all my downloads . I run my own media server for exactly this reason- to eliminate third parties- and it's a risk I'm increasingly unwilling to tolerate in 2020.

It seems all the regretful logic is already accessible to filebot-node, it just lacks UI options. If the only change required for email support is adding the web UI options then I'd be happy to open a PR. My local mail server is standing by just waiting for filebot to say hi.

[rednoah]

How do you feel about adding FileBot Node support for the --def storeReport option?

--def storeReport already exists in the amc script and allows you to just save these HTML Reports to the local file system, instead of sending them via email: https://github.com/filebot/scripts/blob/master/amc.groovy#L556

[Piccirello]

In the process of testing storeReport, I realized I could manually add flags to my task's args file. Sure enough, specifying mail and mailto worked right out of the box. I was even able to add -no-xattr and get rid of that warning. This should be documented somewhere!

[rednoah]

Well, FileBot Node is just a wrapper for doing filebot calls, so yes of course you can easily add your own options if you have SSH access to the FileBot Node installation folder. If you modify app.js then you can even add default options to commands executed via the FileBot Node WebUI. :D

[Piccirello]

This seems obvious in hindsight, and of course it's obvious to the person that built this, but it definitely wasn't obvious to me a couple days ago. I've found other people online asking for mail support and other features (like -no-xattr) that FileBot-node lacks UI options for. I'd be willing to bet these people weren't aware how easy it was to manually enable the features. I strongly recommend documenting this ability somewhere, even if it includes a disclaimer recommending against it.

My issue is now resolved. Thank you for building such excellent tools.