Bypass http auth from internal network

Hi there, I have the swag docker setup along with sonarr, radarr and organizr and set the reverse proxy subfolders for each. It works great so when I go to my domain, it loads up organizr which has its own authentication, but if I go to domain.com/sonarr there is no authentication.

I solved this by enabled http auth for it which solves the problem but creates another. Now when I go to domain.com which loads organizr, it doesn’t use the http auth, which is good, but when I click the sonarr tab, it prompts for http auth.

I understand why it’s doing that since organizr just uses iframe.

So I am wondering about possible solutions to this.

Can I disable http auth from my internal network (i’m fine with the extra auth when i’m not at home)?

Or is there a better way to implement authentication?
My end goal is to access everything via organizr which has it’s own authentication. I’m okay signing into organizr on my local network as it uses a cookie and doesn’t make me sign in very often.
Granted, nginx within swag has fail2ban, which I don’t think organizr is using. Maybe that’s not a concern? I’d like my site secure, but I don’t believe it’s a huge risk?

I hope someone has some ideas on this. I’ve been searching and couldn’t find anything, but I might be using the wrong terms.

Thanks in advance.

1 Like

I can’t give too many details just now and I’m sure someone will offer more concise help but I used the details here https://docs.organizr.app/books/setup-features/page/serverauth

Any attempt to access https://sonarr.mydomain.com is redirected to a 401 page but it’s still accessible through Organizr.

This is through Nginx-proxy-manager but I’m sure the instructions will be almost identical.

I’ll be able to post more details of the setup later.

Yes, more detail on this would be fantastic! I’m not able to follow along that organizr doc too well.

I’m also interested in ldap or some other kind of authentication if there is something better.

I like the idea of fail2ban working, although I’m sure of how necessary that would be for running sonarr, radarr, home assistant.

Hello,

Just to share my experience and how I’ve done this. I have several docker containers, sonarr, radarr, nginx with letsencrypt, etc. All web inetrfaces are published through nginx, accessible from inernet and LAN. Authentication is done using Authelia, also docker container. It is configured to allow access from LAN without authentication and with 2FA from internet. User base can be local users in Authelia or some LDAP.
It’s not too hard to configure it.

Regards,
Marjan

1 Like

Hi Marjan, that sounds exactly like what I would like to do. Can you provide more detail on how to do this?

1 Like

Sorry for the delay. If anyone is interested in my nginx-proxy-manager setup with Organizr auth I’ll post it up tonight. I haven’t had a minute to go near my computer much lately.

Yes please! I would appreciate that.

If anyone as steps for doing Authelia I’d love to try that too/

1 Like

Sorry for the delay. I’ve been watching so many movies lately and neglecting my computer.

So here goes. Nothing special going on in my setup. I have Nginx-Proxy-Manager running in docker along with all my services (sonarr, radarr, tautulli, plex etc etc).

My setup uses subdomains on my own domain that cannot be reached unless authorised through Organizr.

The following is all carried out through nginx-proxy-manager - https://nginxproxymanager.com/ (thanks guys)

Main Page

Choose Hosts > Proxy Hosts > Add Proxy Host

Details

Domain: yourdomain.xyz
Scheme http
Forward Hostname / IP internal.ip.of.organizr
Forward Port internal port for Organizr

Enable required features > Save

Custom locations

location: ~ /auth-(.*)
Forward Hostname / IP: 192.168.1.234/api/?v1/auth&group=$1

auth&group=$1 will use the co-admin group within Organizr and authenticate users that are part of that group.

Click gear icon and input the following into the expanded box
internal;
proxy_set_header Content-Length "";

Save

Your domain name that Organizr is reachable on, enable the features you require then move one.

xW5H5ZZK4Y

The Advanced section is empty on the Organizr reverse proxy but will be populated for each service.

So that covers the initial Organizr setup.

Next we’ll add a service. Sonarr is widely used so we’ll go for that.

Domain Names sonarr.yourdomain.xyz
Forward Hostname / IP sonarr.internal.ip
Forward Port Internal port for Sonarr

Enable required features > Save

Define location ~ ^/auth-(.*) (notice how similar it is to the Organizr location but not quite the same)
Forward Hostname / IP 192.168.1.234/api/?v1/auth&group=$1
Forward Port Organizr Port - NOT THE SONARR PORT

Click the gear and input: proxy_set_header Content-Length "";

SSL

Add domain i.e. sonarr.yourdomain.xyz
Enable options > Save

Advanced

Input auth_request /auth-1; which tells Organizr the groups allowed to access this particular service.

Save

I think at this point you should be operational. If not, restart the relevant containers and try it out.

When you attempt to access https://sonarr.yourdomain.xyz you should be met with a 401 error page until you sign in to Organizr.

When I used Caddy I had a rewrite rule to send the user straight to Organizr but I just haven’t bothered with this setup as I’m the only user anyway.

I’ll check over my other services to see if there’s any major differences that need addressed.

I’m no expert but if you have any questions please ask away and I’ll see what I can do. If I’ve left out anything please let me know.

1 Like

I think it set it up the way you instructed, but I get a 500 Internal Server error on the subdomain.
Organizr homepage via organizr.domain.com works. but going to sonarr.domain.com does not load sonarr. Here are my configs.

Organizr Config

Screenshot_3 ![Screenshot_4|473x500]

Sonarr Config

(upload://ewB93W4hsTllmByzfQ48dGcWvDd.png)

Screenshot_8 Screenshot_10

Can you access Sonarr through Organizr after logging in? Or is it inaccessible from anywhere?

And do you have another instance of nginx running anywhere?

1 Like

Well I got it working now!
So I was using the linuxserver organizr image. I loaded up the official organizrv2 image and had it running in just a few min.

This is fantastic!

Thank you so much for your help

1 Like

Excellent. Glad it helped.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.