search

linuxserver / reverse-proxy-confs

These confs are pulled into our SWAG image: https://github.com/linuxserver/docker-swag
GNU General Public License v3.0
1.37k stars 309 forks source link

Enabling authelia for vaultwarden.subdomain.conf will cause the session to expire immediately #528

Closed jdancouga closed 1 year ago

jdancouga commented 1 year ago

Is there an existing issue for this?

Current Behavior

After updating the swag container to the lastest (02/13/2023), I could no longer log into vaultwarden properly. Upon logging in, vaultwarden will say "your login session has expired" immediately.

After some trial and error, I discovered disabling authelia for vaultwarden will fix the problem.

I did not find any meaningful messages in both authelia's and swag's log. I found these in vaultwarden's log when session expired

[2023-02-13 11:47:38.737][auth][ERROR] Unauthorized Error: No access token provided [2023-02-13 11:47:38.737][][WARN] Request guard Headers failed: "No access token provided". [2023-02-13 11:47:38.737][][WARN] No 401 catcher registered. Using Rocket default. [2023-02-13 11:47:38.737][response][INFO] (revision_date) GET /api/accounts/revision-date => 401 Unauthorized

Expected Behavior

session shouldn't expire immediately after log in.

Steps To Reproduce

enable authelia in the vaultwarden.subdomain.conf file.

nemchik commented 1 year ago

Can you add

    location ~ (/vaultwarden)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

Inside the server block of your config? (Right around where the notification location is). See if that solves the issue.

jdancouga commented 1 year ago

Can you add

    location ~ (/vaultwarden)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app vaultwarden;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

Inside the server block of your config? (Right around where the notification location is). See if that solves the issue.

Yes, this solves the issue. Thank you.

nemchik commented 1 year ago

I'll update our configs to include this in the next release.