search

oxtyped / gpodder2go

gpodder2go is a simple self-hosted, golang, drop-in replacement for gpodder/mygpo server to handle podcast subscriptions management for gpodder clients
GNU Affero General Public License v3.0
103 stars 13 forks source link

Can't log in via cloudflare tunnel #35

Closed sev-b closed 2 months ago

sev-b commented 3 months ago

I setup a docker on my Unraid server with gpodder2go and am routing it through treafik and a cloudflare tunnel so I can reach it via something like https://podder.server.com (server.com would be changed to my actual domain that points to the tunnel).

After running /gpodder2go -d g2g.db accounts create user --email="email@email.com" --name="user" --password="8%zm!$c01kRd6OPg" trying to log in via AntennaPod using https://podder.server.com or podder.server.com just displays an error "Wrong username or password"

leaving out the treafik and unraid specific configuration my unraid docker config looks like this compose:

gpodder2go:
    image: ghcr.io/oxtyped/gpodder2go:main
    ports:
      - 3005:3005
    environment:
      - NO_AUTH=true // I did also try it with false
    volumes:
      - /mnt/user/appdata/gpodder2go:/data

The logs of the docker look like this:

2024/08/15 14:03:43 💻 Starting server at 0.0.0.0:3005
2024/08/15 14:02:46 [988dd16708e9/5sWA4rd1fN-000001] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 1.841944ms
2024/08/15 14:02:59 [988dd16708e9/5sWA4rd1fN-000002] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 339.988µs
2024/08/15 14:02:59 [988dd16708e9/5sWA4rd1fN-000003] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 593.261µs
2024/08/15 14:02:59 [988dd16708e9/5sWA4rd1fN-000004] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 475.507µs
2024/08/15 14:03:00 [988dd16708e9/5sWA4rd1fN-000005] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 607.985µs
2024/08/15 14:03:00 [988dd16708e9/5sWA4rd1fN-000006] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 292.786µs
2024/08/15 14:03:55 [988dd16708e9/OaUL0Z3nLg-000001] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 2.084872ms
2024/08/15 14:03:56 [988dd16708e9/OaUL0Z3nLg-000002] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 556.889µs
2024/08/15 14:03:56 [988dd16708e9/OaUL0Z3nLg-000003] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 656.044µs
2024/08/15 14:04:18 [988dd16708e9/OaUL0Z3nLg-000004] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 528.636µs
2024/08/15 14:04:18 [988dd16708e9/OaUL0Z3nLg-000005] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 458.358µs
2024/08/15 14:04:18 [988dd16708e9/OaUL0Z3nLg-000006] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 474.394µs
2024/08/15 14:04:18 [988dd16708e9/OaUL0Z3nLg-000007] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 377.907µs
2024/08/15 14:04:19 [988dd16708e9/OaUL0Z3nLg-000008] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 506.481µs
2024/08/15 14:04:19 [988dd16708e9/OaUL0Z3nLg-000009] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 410.054µs
2024/08/15 14:04:19 [988dd16708e9/OaUL0Z3nLg-000010] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 329.459µs
2024/08/15 14:04:19 [988dd16708e9/OaUL0Z3nLg-000011] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 517.326µs
2024/08/15 14:04:19 [988dd16708e9/OaUL0Z3nLg-000012] "POST http://podder.server.com/api/2/auth/user/login.json HTTP/1.1" from 172.18.0.2 - 401 0B in 401.562µs

every POST is one "Log in" click in the AntennaPod app 172.18.0.2 is the internal IP of the docker running the tunnel

Is a connection via https/cloudflare tunnel just not possible or do I need additional configuration to get it to work? Happy to provide more information

cstby commented 2 months ago

I have a very similar setup to yours (Unraid, Traefik, and Cloudflare tunnel), and I was able to log in through the Cloudflare tunnel (with NO_AUTH=false).

Here are the main differences from your configuration:

Here's the debug process I'd suggest:

I'll let you know that I'm encountering a strange error myself. When I'm connecting through the internet (rather than my local network), I cannot sync. When I sync on my local network, two things happen: (1) gpodder says that the sync was successful, and (2) the server logs add a new line. When trying to sync while on internet (through the Cloudflare tunnel), neither of these happen.

sev-b commented 2 months ago

I have a very similar setup to yours (Unraid, Traefik, and Cloudflare tunnel), and I was able to log in through the Cloudflare tunnel (with NO_AUTH=false).

Here are the main differences from your configuration:

  • I'm running the container on a custom docker network that traefik also runs on. (You're probably doing the same, even though you haven't specified it above.)
  • I've added the traefik labels needed for traefik to pick it up. (You're probably doing the same?)
  • I'm using AdGuard for a local DNS rewrite when I'm on wifi at home.
  • I have added VERIFIER_SECRET_KEY as an environment variable.

Here's the debug process I'd suggest:

  • Add VERIFIER_SECRET_KEY. I think this might be necessary.
  • Try connecting antennapod directly to the ip address of your docker container on the unraid machine (e.g. 192.168.1.100:3005). This will help you rule out that this is an issue with gpodder/antennapod.
  • If that works, and if you're running a local DNS server like AdGuard, try adding a local DNS redirect and connecting using https://podder.server.com/. This will rule out Traefik as the problem.

I'll let you know that I'm encountering a strange error myself. When I'm connecting through the internet (rather than my local network), I cannot sync. When I sync on my local network, two things happen: (1) gpodder says that the sync was successful, and (2) the server logs add a new line. When trying to sync while on internet (through the Cloudflare tunnel), neither of these happen.

I tried setting it up again with:

gpodder2go:
    image: ghcr.io/oxtyped/gpodder2go:main
    ports:
      - 3005:3005
    networks:
      - dockernet
    environment:
      - NO_AUTH=false // I did also try it with true
      - VERIFIER_SECRET_KEY=MySecretPlaceholder
    volumes:
      - /mnt/user/appdata/gpodder2go:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gpodder2go.entryPoints=https"
      - "traefik.http.routers.gpodder2go.rule=Host(`podder.mydomain.placeholder`)"

of course also on the same dockernet as my other containers (i.e. traefik) but still getting the exact same 401 when trying to connect via the DNS url

when I try to connect to the IP address directly on my network I get no log on the docker container at all and a "Handshake failed" in the AntennaPod app.... what?

cstby commented 2 months ago

Very strange. I ended up giving up on this one for other reasons, so I can't help you further.

sev-b commented 2 months ago

@oxtyped if you ever manage to look at this and can help out I would love to use it

When trying to connect with the local ip I get:

SSL handshake failed
Host requires authentication

EDIT: I forgot to use http with the local IP, I get the same "wrong username/password" and 401 error in the logs also with the local ip

EDIT 2:

...... my user had a special character in the password, I SQL injected myself.... Now it works