Failed to perform OAuth authentication using Authelia, Caddy, and Portainer

taiwan-king · August 16, 2024, 3:11am

1. The problem I’m having:

My environment is quite simple and should be easy to replicate. DNS is managed by Cloudflare, and Caddy is proxying Portainer and Authelia. Portainer and Authelia are supposed to perform OAuth with each other. The configuration follows the official Authelia example: Portainer | Integration | Authelia. The error is shown in the image below.

2. Error messages and/or full log output:

{"level":"debug","ts":1723776116.4199016,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.10.253:9092","duration":0.00093264,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Cookie":["REDACTED"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Method":["GET"],"request.headers.X-Forwarded-Proto":["https"],"request.headers.X-Forwarded-Uri":["/api/settings/public"],"request.host":"portainer.taiwan-homecloud.us.kg","request.method":"GET","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/authz/forward-auth","headers.Content-Length":["6"],"headers.Content-Type":["text/plain; charset=utf-8"],"headers.Date":["Fri, 16 Aug 2024 02:41:56 GMT"],"headers.Remote-Email":["crazyandy316945@gmail.com"],"headers.Remote-Groups":["admins,family"],"headers.Remote-Name":["king"],"headers.Remote-User":["crazyandy316945"],"status":200}

{"level":"debug","ts":1723776116.4199781,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.10.253:9092","duration":0.00093264,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Cookie":["REDACTED"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Method":["GET"],"request.headers.X-Forwarded-Proto":["https"],"request.headers.X-Forwarded-Uri":["/api/settings/public"],"request.host":"portainer.taiwan-homecloud.us.kg","request.method":"GET","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/authz/forward-auth","handler":0}

{"level":"debug","ts":1723776116.4207742,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.10.253:9000","duration":0.00063221,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Cookie":["REDACTED"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Remote-Email":["crazyandy316945@gmail.com"],"request.headers.Remote-Groups":["admins,family"],"request.headers.Remote-Name":["king"],"request.headers.Remote-User":["crazyandy316945"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Proto":["https"],"request.host":"192.168.10.253:9000","request.method":"GET","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/settings/public","headers.Content-Length":["635"],"headers.Content-Type":["application/json"],"headers.Date":["Fri, 16 Aug 2024 02:41:56 GMT"],"headers.X-Content-Type-Options":["nosniff"],"headers.X-Xss-Protection":["1; mode=block"],"status":200}

{"level":"debug","ts":1723776116.4484987,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.10.253:9092","duration":0.00117022,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Content-Length":["110"],"request.headers.Content-Type":["application/json"],"request.headers.Cookie":["REDACTED"],"request.headers.Origin":["https://portainer.taiwan-homecloud.us.kg"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Method":["POST"],"request.headers.X-Forwarded-Proto":["https"],"request.headers.X-Forwarded-Uri":["/api/auth/oauth/validate"],"request.host":"portainer.taiwan-homecloud.us.kg","request.method":"GET","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/authz/forward-auth","headers.Content-Length":["6"],"headers.Content-Type":["text/plain; charset=utf-8"],"headers.Date":["Fri, 16 Aug 2024 02:41:56 GMT"],"headers.Remote-Email":["crazyandy316945@gmail.com"],"headers.Remote-Groups":["admins,family"],"headers.Remote-Name":["king"],"headers.Remote-User":["crazyandy316945"],"status":200}

{"level":"debug","ts":1723776116.448545,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.10.253:9092","duration":0.00117022,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Content-Length":["110"],"request.headers.Content-Type":["application/json"],"request.headers.Cookie":["REDACTED"],"request.headers.Origin":["https://portainer.taiwan-homecloud.us.kg"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Method":["POST"],"request.headers.X-Forwarded-Proto":["https"],"request.headers.X-Forwarded-Uri":["/api/auth/oauth/validate"],"request.host":"portainer.taiwan-homecloud.us.kg","request.method":"GET","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/authz/forward-auth","handler":0}

{"level":"debug","ts":1723776176.4583766,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.10.253:9000","duration":60.009642877,"request.client_ip":"122.146.84.180","request.headers.Accept":["application/json, text/plain, */*"],"request.headers.Accept-Encoding":["gzip, deflate, br, zstd"],"request.headers.Accept-Language":["zh-TW,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"],"request.headers.Content-Length":["110"],"request.headers.Content-Type":["application/json"],"request.headers.Cookie":["REDACTED"],"request.headers.Origin":["https://portainer.taiwan-homecloud.us.kg"],"request.headers.Priority":["u=1, i"],"request.headers.Referer":["https://portainer.taiwan-homecloud.us.kg/?code=authelia_ac_R3uqylNA0_os_rc5HrDnRckVHtF6dMBhSreUbNMWnXQ.s-5I9vipXD7aV_8aCRwH3QboVBgx8BylAkchMIOJ4tE&amp;iss=https%3A%2F%2Fauth.taiwan-homecloud.us.kg&amp;scope=openid+profile+groups+email&amp;state=ef9dbed8-29f1-482a-a1ce-f946a04cb17c"],"request.headers.Remote-Email":["crazyandy316945@gmail.com"],"request.headers.Remote-Groups":["admins,family"],"request.headers.Remote-Name":["king"],"request.headers.Remote-User":["crazyandy316945"],"request.headers.Sec-Ch-Ua":["&quot;Not)A;Brand&quot;;v=&quot;99&quot;, &quot;Microsoft Edge&quot;;v=&quot;127&quot;, &quot;Chromium&quot;;v=&quot;127&quot;"],"request.headers.Sec-Ch-Ua-Mobile":["?0"],"request.headers.Sec-Ch-Ua-Platform":["&quot;Windows&quot;"],"request.headers.Sec-Fetch-Dest":["empty"],"request.headers.Sec-Fetch-Mode":["cors"],"request.headers.Sec-Fetch-Site":["same-origin"],"request.headers.User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"],"request.headers.X-Forwarded-For":["122.146.84.180"],"request.headers.X-Forwarded-Host":["portainer.taiwan-homecloud.us.kg"],"request.headers.X-Forwarded-Proto":["https"],"request.host":"192.168.10.253:9000","request.method":"POST","request.proto":"HTTP/2.0","request.remote_ip":"122.146.84.180","request.remote_port":"15477","request.tls.cipher_suite":4865,"request.tls.proto":"h2","request.tls.resumed":false,"request.tls.server_name":"portainer.taiwan-homecloud.us.kg","request.tls.version":772,"request.uri":"/api/auth/oauth/validate","headers.Content-Length":["76"],"headers.Content-Type":["application/json"],"headers.Date":["Fri, 16 Aug 2024 02:42:56 GMT"],"headers.X-Content-Type-Options":["nosniff"],"headers.X-Xss-Protection":["1; mode=block"],"status":500}

3. Caddy version:

2.8.4

4. How I installed and ran Caddy:

docker-compose

a. System environment:

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

(auth_new) {
	forward_auth 192.168.10.253:9092 {
		uri /api/authz/forward-auth
		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
		import trusted_proxy_list
	}
}
portainer.taiwan-homecloud.us.kg {
	encode zstd gzip
	import auth_new
	reverse_proxy 192.168.10.253:9000 {
		import trusted_proxy_list
	}
}
auth.taiwan-homecloud.us.kg,
www.taiwan-homecloud.us.kg {
	encode zstd gzip
	reverse_proxy 192.168.10.253:9092 {
		import trusted_proxy_list
	}
}

5. Links to relevant resources:

taiwan-king · August 16, 2024, 4:08am

After resetting Portainer, it worked successfully. I don’t know the reason.

Thanks everyone for the help.

system · September 15, 2024, 4:08am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.