search

immense / Remotely

A remote control and remote scripting solution, built with .NET 8, Blazor, and SignalR.
GNU General Public License v3.0
4.49k stars 1.61k forks source link

Remotely and Authelia #615

Open Yel-vnk opened 1 year ago

Yel-vnk commented 1 year ago

Hi everyone , i need your help please , I have a issue with remotely and authelia My setup is :

Client => Ngnix Reverse Proxy => Authelia => remotely

When i try to acces remotely a get authelia to authenticate nice but : when i try to connect a remote agent it can't see remtely web site

is anyone make remotely work with authelia ?

Thank you for your support ,

bmcgonag commented 1 year ago

I think something like Authelia will create an issue as Remotely works off of WebRTC and the normal websocket ports that Authelia is also using. So when the client tries to reach https://your-remotely.com it will hit the authelia wall. You could try to make authelia only look for the specific login request page instead of the base url. So if you navigate to https://your-remotely.com/identity/auth/login then it would show the authelia page, but not when you visit https://your-remotely.com for instance.

The other alternative would be a Single Sign On, but that would have to be something Immy-bot as a company wanted to invest time into.

pr0927 commented 9 months ago

So I am also facing this issue. I am running Remotely on TrueNAS SCALE via Truecharts app, with a Traefik reverse proxy.

I have Authelia setup, and when I put Remotely behind Authelia I have the same problem as OP - works perfectly on the login page, but prevents any remote connections.

When I look at what @bmcgonag said, I see the following URL:

https://remote.mydomain.tld/Identity/Account/Login

This would be great to specifically designate for Authelia, but - at the risk of betraying my inexperience - what about a bad actor doing some kind of traversal attack? Meaning if they look at the URL https://remote.mydomain.tld/downloads or https://remote.mydomain.tld/server-logs aren't you unprotected?

I see that the downloads page may be intended to be accessible publicly. I also note that putting Remotely behind a Cloudflare proxy (versus just "DNS only" on their domain controls page), blocks functions of Remotely's configuration and at a minimum prevents settings from being saved.

baumheld commented 2 months ago

Having the same problem. I'm still scratching my head