Issue logging into nzbget, sonarr - and getting plex to work (bad gateway 502)

[falcomm6]

Hi team, I have tried to upgrade twice, with no luck. I cant seem to work out why or where the basicauth or authentication is coming from for nzbget sonarr radarr. I have tried every combination related to the server, and cant seem to work it out. I got into traefik with admin (which is new to me), but couldnt work out nzbget or sonarr.

AS for plex, i get error 502. Is this because I have a client certificate set up for Plex? Not sure.

Weirdly enough, I could use portainer fine and even organizr - however my settings for organizr disappeared. Ill revert back to gooby for now. If you can shine some light on this ill give it another crack.

Thank you for your time Matt

[falcomm6]

Just for context, I went through all the closed issues. One had the below:

"As for NZBGet, any app that supports a single log-on is now served by the login you created when you installed - which is probably admin as your username (can be changed) and the password you picked when you installed Omni"

admin with the password I used when installing omni definitely didnt work for nzbget, sonarr and radarr - but it did work for Traefik no problems. Which added to the confusion.

Will consider a fresh install - just have a LOT of plex data lol. Can certainly see the improvements. Hopefully can work it out.

[kelinger]

@falcomm6 when I run through the install, NZBget is the one service that also gives me trouble (one of the reasons I'm using SABnzbd). My issue was that there was first the Traefik authentication and then the NZBget authentication. So, for NZB, I had to use their default credentials (user "user" and password "tegbzn6789"). Once in NZBget, I could then go to the settings and disable their authentication entirely.

[falcomm6]

Hmm. Thanks for this. I tried changing the credentials in the config, but even when I remake the container it seems to not work for me. I will give this another shot after some more coffee. hahaha.

as for the plex part, I know I didnt supply enough information -sorry. Im back on Gooby and its working as it did. Perhaps I need to delete all my DNS/certificates and let Traefik do it all from scratch via api.

[falcomm6]

Darn, same exact issue when trying to upgrade a third and lucky time. I cant log in to sonarr, or radarr. Plex goes straight to 502. Will play a little more, then rollback and close the ticket. Appreciate trying to help - understand that each deployment is different. My knowledge is also very limited.

Is there a way to disable basic auth for certain containers? ive tried doing this fromd docker-compose.yaml but it always resets back. definitely doing something wrong lol.

[falcomm6]

Update: I got into NZBget and the other arr apps by removing the basicauth from the container in Portainer then redeploying. Can you let me know how I can achieve this automatically ? Also, plex still gives me a cloudflare host error. Confusing as everything else works and I can ping the subdomain.

Appreciate your time.

Confirming that plex is working locally. I can test from sonarr to plex and ping it. Just cant access it at all due to 502 gateway error.

[falcomm6]

Ok. so ive managed to get plex working by exposing port 32400. This only works via IP address unsecured - domain name still gives 502 error.

If I can get this last thing fixed im 100% operational haha. Cheers!

[falcomm6]

Big thread of a newbie talking to himself, but we got there lol. Appreciate you guys are busy and have limited info. Posting here in case someone else has this issue.

I found the issue. I had to change the plex server's secure connections from "required" to "preferred" - then wallah, Traefik resolved and the website loaded through https. Thanks again, fantastic product. Will be donating on payday.

[TechPerplexed]

Haha nooo we're never too busy to help you - it's just that we were discussing what could be happening there with you 😄

However, exposing port 32400 (how exactly did you do that?) isn't making us happy at all. In fact it opens up a lot of vulnerabilities that you probably wouldn't want to. So, with that out of the way, what exactly wasn't working other than that the port didn't show as open? You see, I'm having the same "issue" that the port shows as open only intermittently... but it doesn't seem to affect anything. In fact that is what @kelinger and I were discussing this morning, so don't think you were being ignored here 😉

[kelinger]

Yes, and my apologies for the slow response. Opening 32400 will, of course, work but then you're bypassing Traefik (for better or worse). I believe that the issue you faced was because Traefik, as a proxy, would pull from local IPs and the certificates wouldn't match the DNS reverse lookup. Of course, even as "preferred" the local and Internet traffic is still encrypted.

@TechPerplexed - Maybe an FAQ or something to call out in the documentation (setting Plex to a non-required security model here).

[falcomm6]

Thank you both. Sorry, I didnt mean to sound needy! I just meant I posted my problem, but slowly made progress - which made my posts look more insistent than intended.

I have since closed the port - it was just a temp measure so I could play with plex. Only problem im facing now is the mobile version isnt working

I have custom certificate domain as the plex subdomain, along with :443. Same for Custom server access URLs with the port. Im trying to mix and match in case one fixes it without the other.

Thanks again!

[falcomm6]

Ok all working now. I removed the certificate details within plex and the domain from there, only populating "Custom server access URLs" . Now it all works. When both were populated, I could see the library from mobile but couldnt play anything. Might have been a coincodence not sure.

Anyway, now everything important is working. I still have issues with basicauth - not sure how to add new users or how to get it working for anything other than traefic. All others seem to bug out for me, even when I turn off normal authentication first.

Either way, beautiful system. Great work guys - truly doing Gods work here.

[kelinger]

@falcomm6 no offense taken. I just pride myself (and I know @TechPerplexed does as well) on usually replying faster.

Right now, we don't support multiple users (via an interface) but it certainly can be done. The user/password file for Traefik is stored in the Traefik configs directory in a file called "users."

You can add multiple users here via the editor. Each user must be on a separate line and you can see from the admin entry (hopefully) that the format is "usernameencrypted-password"

To create an encrypted password, run from the shell htpasswd -nb username password For example:

$ htpasswd -nb ken dumbPa$$word
ken:$apr1$Ai1iH..u$V5JvRNSCn0z527kY/gkC00

This gives me the line I need to add to that "users" file. Note that all users are basically admins when it comes to Traefik so just keep that in mind. Any container that you also have using the global authentication will be accessible by these users as well.

[falcomm6]

Thank you SO much. Being honest, I enjoy the tinkering involved with getting things working - however things like this there's no way I would have worked it out haha. Encrypted passwords - horah.

Thank you both! I'll play with the users and arr programs a bit.

[falcomm6]

Last question I promise. Is there a way to choose which apps basic auth is applied to? I tried removing from the yaml in components but it looks like traefik keeps writing basic auth back into them.

ie: I took it off radarr and sonarr but a day later they were magically back.

[kelinger]

@falcomm6 no worries... this topic has probably come up the most (though with different applications).

The "short" version is this:

We wrote OmniStream with the goal of giving users a lot of control via scripts, menus, etc. but not as much as you'd get from, say, building everything from scratch (Docker or otherwise). I see a lot of things, like the request for multiple users, as "registry hacks" are to Windows. They definitely change things and definitely help you out but most users don't want or even think to ask about those types of features. Building robust menus takes time away from more standard features and requests. As such, you see that multiple users are possible but there isn't a user editor or anything else like that (at this time).

In order to make it as turnkey as possible, the app profiles (ie, the YAML) are set. For everyone who uses those, we can post an update (say if there's a new Plex that completely destroys your configs) that adds new parameters or changes target directories and have it be as seamless as we can to the user base. Fortunately, both of us also use some non-standard configurations so we made that easily possible for the advanced users.

In the "components" directory of OmniStream are all the YAML files (whether used or not). By default, anything in the 800s is reserved for your personal customizations, extra containers, etc. These will not be deleted or replaced when Plex is updated and we will not publish any official containers in the 800 range. So, the trick is:

• Copy or create a 8xx-mycontainer.yaml file
• Make sure it follows the same framework as all the other YAML files. You don't need to use all the variables if you don't want; hardcoding is OK since you'll be the only one using this profile.
• Activate the new file and (optionally) deactivate the original OmniStream provided file

Why optionally? Some people may want to have multiple copies of the same application running (think of multiple websites being hosted but all using an Apache container pointing to different target config directories).

Quick example (using a lot of shortcuts that were installed and not using menus) Run these 4 commands from the shell:

omni apps
cp 101-plex-hw.yaml 801-plex-hw.yaml
o- 101-plex-hw.yaml
o+ 801-plex-hw.yaml

When done, you'll have the exact same system you have now and, if it previously worked, it should still be working because the full YAML really hasn't changed yet. However, you can now edit the 801...yaml as much as you want and those changes will be permanent.

(Note that if the o+ command doesn't work, just run it by itself without any options first. This will tell it to refresh the list of available apps to install)

[falcomm6]

Thank you very much, guys. With this I can work out the rest on my own. Truly appreciate what youve made - honestly, before Gooby I never even used Linux before. There was once a stage where I couldnt fix anything with mounts etc, so had to restore backup each time something went wrong. Now i still dont know a whole lot but can work things out lol.

Anyway, thanks again. Made a small donation - hopefully you can get a coffee and a small breakfast each. Maybe not in today's economy ^^

[kelinger]

Thanks for the donation, @falcomm6. Each one is appreciated. We do this for fun (and for ourselves as users) but it's nice to see that others can benefit from the project.

[falcomm6]

Didnt want to open a new issue, as its more feedback than an issue. Would you consider making apps Ombi and Organizr not controller by basicauth?

These are typically multi user frontend apps, and especially for me I find having to turn the auth off each boot or make custom YAML a bit of a task.

I might be missing something so be sure to correct me - If theres a difference of opinion ill make custom YAML.

Cheers Matt