To look into this for myself, I configured Caddy (abiosoft/caddy:latest) and qBittorrent (wernight/qbittorrent:latest) in Docker containers.
I found that with no header_upstream subdirectives at all, the page loaded, but static assets (CSS, JS, an SVG) returned a 401.
Some issues from the qBittorrent Github page turned up in a quick search, they appear to be related to this problem:
- NGINX as reverse proxy is receiving 401 Unauthorized error from qBittorrent
- Remote Access Web UI not working on any Client after 3.3.11
Some different configurations were attempted as well. Notably, sending header_upstream Origin '' or header_upstream Referer '' resulted in 401s for the index document!
Given that the discussions on their Github indicated the Origin and Referer headers needed to be surpressed, and that the X-Forwarded-Host needed to match what was seen in the browser, the configuration I ended up with fully working was this:
qbt.whitestrake.net {
proxy / qbittorrent:8080 {
header_upstream X-Forwarded-Host {host}:443
header_upstream -Origin
header_upstream -Referer
}
}
The port (443 above, as I used standard HTTPS during these tests) needs to match the port shown in the browser, so a working config for you will likely be:
localhost:4488, 192.168.1.205:4488 {
proxy / 127.0.0.1:9292 {
header_upstream X-Forwarded-Host {host}:4488
header_upstream -Origin
header_upstream -Referer
}
}