ashhh
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
Thanks for the heads up and me wasting time hacking together a solution that would probably be insecure and buggy at best 🙂
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
I would like to disable password authentication and use the header passed from Authelia to login as a specific user. If you could point me to the relvant sections of code I will have a crack at making this happen. I'm also open to any ideas as I know that sometimes I take a convoluted approach to something that can be achieved more easily.
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
This is how it currently works
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
If I make changes to https://github.com/coder/coder/blob/3e6e1e6f1014435578411a86b7dd514ec2db16b4/coderd/userauth.go#L317 and https://github.com/coder/coder/blob/3e6e1e6f1014435578411a86b7dd514ec2db16b4/coderd/users.go#L389 to use the $user header returned by Authelia and have it not perform password auth can I essentially have my Authelia user signed in automatically after performing login and MFA using Authelia? I have only had a very brief look and iundertand there may be some more complexities involved hence why I am asking you for advice.
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
Authelia will pass headers from auth_request_set
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email
and if CODER_DISABLE_PASSWORD_AUTH=true is set then perhaps the $user or $email could be used for automatically logging the user in23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
So if you're interested in implementing MFA with Coder using Authelia I can confirm that it does work and an instructional would be very easy to write up and I would be willing to do so as a means to contribute back to the community. Please let me know.
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
I am running coder from behind Authelia and Authelia has a proxy.conf include below
## Basic Proxy Configuration
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ## Timeout if the real server is dead.
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
proxy_set_header Connection "";
## Trusted Proxies Configuration
## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
# set_real_ip_from 10.0.0.0/8;
# set_real_ip_from 172.16.0.0/12;
# set_real_ip_from 192.168.0.0/16;
# set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
## Advanced Proxy Configuration
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
I commented out proxy_set_header Connection ""; and thought everything would be okay but I was wrong.
I commented out Authelia's use of coder's nginx example and appended them below the proxy_pass in the location block.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
After the build logs would display in the UI.23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
I've tried everything I can think of
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
Bump on this ...
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
from nginx access log I'm revieving 403 for this request
23 replies
CCoder.com
•Created by ashhh on 2/23/2024 in #help
Error on getting the build logs
SERVERIP - - [23/Feb/2024:00:55:28 +0000] "GET /api/v2/workspacebuilds/3f26a902-63f6-45e8-8d46-5d763af4c986/logs?follow=true&after=-1 HTTP/1.1" 403 262 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" "-" "/api/v2/workspacebuilds/3f26a902-63f6-45e8-8d46-5d763af4c986/logs?follow=true&after=-1"174 0 B 21 m
23 replies