Closed mahogl closed 1 year ago
Thanks! I believe I can reproduce your issue - mine is open to the world as well and it wasn't before. Let us look into this :)
We definitely weren't ignoring you... but some of these changes take time. We're about to release an update that will allow toggling between the Oauth (eg, Google Single Sign On) and basic authorization (username/password) for the applications that support it (Traefik, Radarr, etc.).
Unfortunately, as this involves some changes to the underlying structure of OmniStream this may also require some manual edits for our early testers. Normally, we'd script this out but since we're talking about only a handful of users at this stage, it seems like a lot of extra effort for something that can be described in a post to those who need it.
Expect an update on July 3 or 4 (US). There may be some earlier updates for alpha testing but I'll respond directly to your inquiry here when it's truly ready to go. Thank you for your patience!
No worries, i was troubleshooting another issue, and did and update and got the latest version of Omnistream and looks like basic auth is now enabled and working. I had to rerun the Traefik setup, because I had forgotten what password i configured it up with. One tip that might be added when you type you password is to avoid letters like "$" since that will not work.
When it ready, to go for the Oauth part will test it out, but for now it looks like basic auth is working.
I've added the temporary command "cred" which will toggle between Oauth and basic user/pass authentication so we can easily toggle the two. This will eventually be more user friendly and allow creation of user IDs as well.
Excellent that is a nice option for testing, think i will try to configure up the Oauth myself now.
Hey Ken, I was adding a new container today (I wanted to test out the Watchstate server) and picked up your latest update. I'm now having this issue with quite a few of my containers. Some work some don't. Most of the Arrs work except Prowlarr which is strange - it has the same authentication settings as the others. The media servers and deluge also work.
Netdata, Jackett, Organizr, Ombi, and a few other all present with basic user auth prior to server login screen. So far no user/pwd combination works. Noting mahogls output and your input above I have a couple of questions. Can you manually add users to the traefik users file? Is this the route to go with the basic authentication? Can you change the password for the admin user? Is oauth viable to try yet? I haven't moved that way but I'm capable.
I also noticed that addition, modifying a user in the user file does not update the users in the traefik_secure.toml file. Is this a chicken and egg situation or is it a manual edit of both. Additionally, re-running the traefik setup didn't fix my issue.
Thanks Ken.
@kelinger @TechPerplexed
Apologies for the very very late reply... it's once again not that we are ignoring you, but it takes time to sort this bug and implement Oauth. We're in a sort of transition period trying to get Omni as bug free and "finished" as possible and as you no doubt know, the last 1% is 99% of the effort :)
No worries, I always have plenty to do. Core functionality works. Right now I’m taking a foray into NextCloud. I’m digging it so far.
I am in the process of migrating from Gobby to Omnistream, but i have run into a problem with Traefik i can’t get authentication to work. When i access the traefik.webpage.com i don’t get prompted for a password so the page is open for everyone. This is a new install, and not and upgrade so i just followed the steps in the installer. Everything is working fine, it just the BasicAuth for the traefik dashboards that is not working,
Here is the configuration files i use for Traefik:
#########################################################################################
docker_compose.yaml
traefik: image: traefik:latest container_name: ${TRAEFIKNAME} hostname: ${TRAEFIKNAME} domainname: ${MYDOMAIN} restart: unless-stopped ports:
HTTP-to-HTTPS Redirect
{host:.+}
)"HTTP Routers
${TRAEFIKNAME}.${MYDOMAIN}
)"Services - API
Middlewares
Uncomment the next line for testing
- --certificatesresolvers.lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory # Uncomment for testing
Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
#########################################################################################
traefik.tom
[entryPoints.web] address = ":80" [entryPoints.web.http.redirections.entryPoint] to = "websecure" scheme = "https" [entryPoints.websecure] address = ":443"
[api] dashboard = true [certificatesResolvers.lets-encrypt.acme] email = "email@webpage.com" storage = "acme.json" [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
[providers.docker] watch = true network = "web"
[providers.file] filename = "traefik_secure.toml"
#########################################################################################
traefik_secure.toml
[http.middlewares.simpleAuth.basicAuth] users = [ "admin:$$apr1$$qnjf.xOu$$cU537QW3Mu3u5NquRz.Ft1" ]
[http.routers.api] rule = "Host(
traefik.webpage.com
)" entrypoints = ["websecure"] middlewares = ["simpleAuth"] service = "api@internal" [http.routers.api.tls] certResolver = "lets-encrypt"#########################################################################################
So if you have some input on what can be wrong I would really appreciate the feedback. Else I would say that Omnistream so far is a huge upgrade from Gobby. Keep up the god work.