Cannot push nzb's to sabnzbd

alibayram · November 4, 2016, 6:32am

Hello everyone,

I am having a problem with the current setup of reverse proxies. Not really a problem, but a question regarding the setup. The way it is configured right now with Let’s Encrypt certificates is close to perfection and I’d like to congratulate the team for the awesome work done on Quickbox

Some usenet indexers have an option to integrate with newsreaders through the latter’s API key, enabling the option to push NZB’s to the newsreader directly from the indexer’s website. This is done by putting, let’s say, sabnzbd’s api and IP/domain:port in the account’s settings of the indexer.

But I understand that access to [serverdomain]/sabnzbd (or server_ip:sab_port) is protected by the digest authentication setup up in apache even before reaching authentication in sabnzbd and hence before the API access.

So my question is this: is there a way to be able to use that indexer/newsreader integration? Without compromising the security given by the digest log-in that is.

It’s not really that big of an issue since sabnzbd itself has the access required for everything to work, and what I am asking about is just a little extra not worth the effort of implementing it in case it is not already. I’m asking just because I’m curious about this.

Thanks in advance for any input from you guys

liza · November 4, 2016, 9:12am

Yes: anything setup on your server can still use localhost to connect which essentially bypasses the proxy. The ports aren’t bound to be visible remotely so if you use the machine IP instead, you’ll likely receive an error.

http://localhost:65080/sabnzbd

Is the address exposed by apache and should be accessible by any locally installed program

alibayram · November 4, 2016, 10:24am

Yes locally, usenet indexers are remote. Is there a way to make them communicate with sabnzbd?

liza · November 4, 2016, 7:05pm

If it can’t support digest authentication then probably not. I’m not very familiar with sab and newsgroups but there may be some authentication options built into sab you could use instead and disable the digest.

alibayram · November 6, 2016, 3:09pm

well thanks @liara, This is what I kinda figured out.
I’ll stick to digest auth for the time being since pushing NZB files to sab isn’t a top priority for me.
Thank you very much for the input though

alienhead · November 17, 2016, 3:42pm

I changed the bound IP address in sab from localhost to my static IP, this allowed pushing nzb’s to sab to work. However, whenever I reboot, the IP is changed back to localhost. I would like to know how to stop that.

alibayram · November 17, 2016, 6:26pm

Well that’s interesting it explains why it still wouldn’t work for me even after I disabled the digest auth for SAB. Thanks !

As for the IP change after reboot, I guess it is because of how the service is setup in systemd

[Unit]
Description=sabnzbd
After=network.target

[Service]
Type=forking
KillMode=process
User=%I
ExecStart=/usr/bin/screen -f -a -d -m -S sabnzbd python SABnzbd/SABnzbd.py --browser 0 --server 127.0.0.1:65080 --https 65443
ExecStop=/bin/kill -HUP 
WorkingDirectory=/home/%I/

[Install]
WantedBy=multi-user.target

I think the problem lies in the ExecStart line, each time the service is started, it is set to listen on localhost.

But I am in no way a linux connoisseur, not even an amateur so it could be totally unrelated

NemyMongus · May 22, 2017, 11:22pm

I know this is an old thread but I thought I would update with info on how to get this going for anyone interested. Thanks to those in this thread who provided some of the clues I needed to figure it out. Here are the steps:

Modify “etc/systemd/system/[email protected]” and remove “–server 127.0.0.1:65080” from the ExecStart line.
You might be able to run " sudo systemctl daemon-reload" and have it work but I just restarted my server
Next go to your Sabznbd interface and get to the General tab in Config.
Change the “SABnzbd Host” to “0.0.0.0” This will make SABnzbd respond to traffic that doesn’t come through the reverse proxy. We’ll secure it back down in the rest of the steps though.
Change the “External internet access” setting to “API (no config)”. This makes it so that anything that isn’t local traffic can only use the API to manage downloads and they need the API key to even do that.
Change the “List of local network addresses” to “127.0.0.1”. This makes it so that anything coming through the reverse proxy will be treated as being on the local network and will be given the full web interface.
Save the settings and restart it.
You can then point your NZB provider at your host/ip with either port 65080 for http or 65443 for https.