i have the swag docker container from linuxserver and the organizr and more.
my domain is from duckdns.
i have installed organizr, radarr etc as subfolder.
i have installed homeassistant and deemix as subdomain.
the auth is working for all subfolders.
the auth is not working for the subdomains.
when investigating i have seen that the cookies for the auth tokens are filtered out because the domain is wrong.
organizr is on: www.my.duckdns.org
deemix is on: deemix.my.duckdns.org
the cookies are set to: .www.my.duckdns.org
therefor it says that deemix.my.duckdns.org is not a valid subdomain of www.my.duckdns.org
i have tried all kinds of differend configs in nginx but none is working
DuckDns dont alllow us to set the cookie properly. Along with a few others
DuckDns dont alllow us to set the cookie properly. Along with a few others
from what i see in that function is that you need to see if www. is in front of the domain and substract that wright?
like if domain = bad domain duckdns then if domain starts with www. substract that
you already know that all those duckdns domains will have my.duckdns.org to start with so you know that you can always set the domain variable to substract everything but the 1st thing before the second last . and the thing before the last . and the thing behind the last .
DuckDns doesnt allow setting a wildcard cookie for the sub subdomain, which is what we need.
DuckDns doesnt allow setting a wildcard cookie for the sub subdomain, which is what we need.
for me to understand it right.
when you alter the code you linked to give the outcome .my.duckdns.org instead of .www.my.duckdns.org it will still not work because of duckdns?
Yes, it will not work at all. This is a DuckDns limitation.
so it is not possible to use organizr authentication when using subdomains when you have a duckdns domain name?
maybe its a thought to mention this in the docs. it had spared me 4 days of editing config files according to your docs and the linuxserver docs and debugging and all.
You can switch to https://freedns.afraid.org/
they allow wildcard on domain i believe
i just tested it and it works by removing the www at the parsedomain function
if ($check >= 3) {
if (is_numeric($Domain[0])) {
$Domain = '';
} else {
if (in_array(strtolower(explode('.', $Domain)[2] . '.' . explode('.', $Domain)[3]), $badDomains)) {
$Domain = '.' . explode('.', $Domain)[1] . '.' . explode('.', $Domain)[2] . '.' . explode('.', $Domain)[3]; //removed the explode('.', $Domain)[0]
}
only thing i need to do now is stopping the docker container from downloading the normal-function.php again at restart and everything is working fine now with subdomain and subfolder auth with the duckdns domain name
Yes, it will not work at all. This is a DuckDns limitation.
I have it working now by editing the parsedomain function to give .my.duckdns.org instead of .www.my.duckdns.org
I have tested all my sites and works perfectly now. When going to deemix.my.duckdns.org without logged in i get 401 auth required and after logging it it shows the deemix site. Same is still true for all other sites so it did not break anything. Now i am able to use the auth on subdomains and on subfolders simultaniously.
You need to take the most top level domain for the cookie domain so all subdomains and sub subdomains and also all subfolders will always work.
In case of a my.com domain you need to take .my.com
And for all your bad domains (free domains) you need to add one sub domain because those domains will always start at my.duckdns.org so you need to take that as most top domain setting it to .my.duckdns.org
This way it will be correct for all subdomains, sub subdomains and all subfolders.
Why are you stating that it wont ever work while i have it working now?
Then DuckDns has changed their cookie rules, as per #785 it didn't work, and has shown no change on revisitsm leading towards them not ever changing it. But if you are telling me they have changed their rules, thats great news :)
Can you remove duckdns from the bad domains so i can restart my pc without losing my alterations?
they finally fixed it? whoa - after more than 2 years. I will make the change and you can test it.
tested the develop branch but that brakes it giving 500 error.
removed the duckdns.org from the bad domain list in master branch and it works
now that i switched the docker container from develop back to master homepage and settings page are giving 404 searching for /api/v2 which doesn't excist
the auth locations are different for versions on master and develop.
https://docs.organizr.app/books/setup-features/page/organizr-20--%3E-21-migration-guide
oke, will check that in the morning and changevit to test it out on develop branch
ok, i changed the environment variable of the docker container to v2-develop.
restarted the container and the log said changed to branch develop and you are up to date.
i changed the auth configs in swag to use v2 instead of ?v1
restarted swag and keep getting 500 status codes for all sites.
i looked at the swag log and it sais 404 not found for the auth request.
when looking at the directories of the organizr container there is no v2 folder in the api folder while on github there is a v2 dir there.
i pulled the whole develop branch through the website config menu and now the v2 directory is there but still not working.
i get a lot of these messages in the error log:
*131 "/ombi" does not match "https://www.my.duckdns.org/"
*131 "/plex" does not match "https://www.my.duckdns.org/"
and this one:
*131 auth request unexpected status: 404 while sending to client, client: 34.456.45.9, server: _, request: "GET /jackett HTTP/2.0", host: "www.my.duckdns.org", referrer: "https://www.my.duckdns.org/"
ip is not my real ip.
swag auth location is:
location ~ /auth-([0-9]+) {
internal;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_auth_app organizr;
set $upstream_auth_port 80;
set $upstream_auth_proto http;
proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port/api/v2/auth&group=$1;
proxy_set_header Content-Length "";
# Do not uncomment the lines below, these are examples for usue in other proxy configs
#auth_request /auth-0; #=Admin
#auth_request /auth-1; #=Co-Admin
#auth_request /auth-2; #=Super User
#auth_request /auth-3; #=Power User
#auth_request /auth-4; #=User
#auth_request /auth-998; #=Logged In
#auth_request /auth-999; #=Guest
}
when i go to www.my.duckdns.org/api/v2/auth&group=0
i get this:
{
"response": {
"result": "error",
"message": "Endpoint Not Found or Defined",
"data": {
"endpoint": "/api/v2/auth&group=0",
"method": "GET"
}
}
}
What does your compose/run look like?
PUID | 1000
-- | --
PGID | 117
TZ | Europe/Amsterdam
PATH | /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PS1 | $(whoami)@$(hostname):$(pwd)\$
HOME | /root
TERM | xterm
S6_REL | 2.0.0.1
S6_ARCH | amd64
S6_BEHAVIOUR_IF_STAGE2_FAILS | 2
fpm | true
branch | v2-develop
started with this docker compose:
organizr:
image: organizr/organizr:latest
container_name: organizr
environment:
- PUID=1000
- PGID=117
- TZ=Europe/Amsterdam
volumes:
- /home/appiekap653/docker/organizr:/config
- /home/appiekap653/docker/shared:/shared
ports:
- 8585:80
restart: always
then changed env branch to v2-develop and fpm to true
can i reset the container and restore only my settings? which folder do i need to copy out of the container and back in for that?
You didn't fully change the auth url: /api/v2/auth&group=0 should be /api/v2/auth?group=0
lol thanks, that fixed it. it is now working with auth on subdomains and subfolders simultaniously.
removing duckdns from the bad domain list is a succses. you can alter the message in the docs for the develop branch.
thank you very much for the change.
Most helpful comment
You didn't fully change the auth url:
/api/v2/auth&group=0should be/api/v2/auth?group=0