Enabling authelia for vaultwarden.subdomain.conf will cause the session to expire immediately
jdancouga opened this issue · 3 comments
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
After updating the swag container to the lastest (02/13/2023), I could no longer log into vaultwarden properly.
Upon logging in, vaultwarden will say "your login session has expired" immediately.
After some trial and error, I discovered disabling authelia for vaultwarden will fix the problem.
I did not find any meaningful messages in both authelia's and swag's log.
I found these in vaultwarden's log when session expired
[2023-02-13 11:47:38.737][auth][ERROR] Unauthorized Error: No access token provided
[2023-02-13 11:47:38.737][][WARN] Request guard Headers failed: "No access token provided".
[2023-02-13 11:47:38.737][][WARN] No 401 catcher registered. Using Rocket default.
[2023-02-13 11:47:38.737][response][INFO] (revision_date) GET /api/accounts/revision-date => 401 Unauthorized
Expected Behavior
session shouldn't expire immediately after log in.
Steps To Reproduce
enable authelia in the vaultwarden.subdomain.conf file.
Can you add
location ~ (/vaultwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}Inside the server block of your config? (Right around where the notification location is). See if that solves the issue.
Can you add
location ~ (/vaultwarden)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; }Inside the server block of your config? (Right around where the notification location is). See if that solves the issue.
Yes, this solves the issue. Thank you.
I'll update our configs to include this in the next release.