Sonarr Reverse Proxy problem

sadpanda · September 28, 2016, 11:17am

After the latest update, I’m having trouble accessing sonarr from the Quickbox Menu. Although I did check the port prior to updating, I believe it may have something to do the authentication method. Currently, the sonarr config is set to Basic whereas the reverse proxy is set to Digest. I’ve altered both configs to match. Digest and Basic but still cant access my Sonarr page. Not sure how to fix it or at least disable the apache sonarr redirect so I can get into sonarr and adjust settings.

<Config>
  <Port>8989</Port>
  <UrlBase>sonarr</UrlBase>
  <BindAddress>localhost</BindAddress>
  <SslPort>8989</SslPort>
  <EnableSsl>False</EnableSsl>
  <ApiKey></ApiKey>
  <AuthenticationMethod>Basic</AuthenticationMethod>
  <LogLevel>Info</LogLevel>
  <Branch>master</Branch>
  <LaunchBrowser>False</LaunchBrowser>
  <SslCertHash></SslCertHash>
  <UpdateMechanism>BuiltIn</UpdateMechanism>
  <AnalyticsEnabled>False</AnalyticsEnabled>
</Config>

< Location /sonarr>
ProxyPass http://localhost:8989/sonarr
ProxyPassReverse http://localhost:8989/sonarr
AuthType Digest
AuthName "rutorrent"
AuthUserFile '/etc/htpasswd’
Require user sadpanda

RXWatcher · September 28, 2016, 12:41pm

What do you get when you try to access Sonarr? Just a version number?

I experienced just the version number over this past weekend running the mods. How I corrected it: I connected to the server via x2go, did a http://localhost:8989/ to connect into Sonarr and edited the URL Base to /sonarr

sadpanda · September 28, 2016, 12:55pm

At the moment, after entering credentials, the page fails to load and at the bottom of my browser, you see it alternating between “Connecting…” and “Trying to establish a secure connection” and just loops between the two.

When I edit the config.xml file and change the url base to /sonarr, I get the credential popup and after entering, it just re-appears asking for login details again over and over.

Update
I changed the auth type to None in the config.xml and I was able to access the Sonarr interface. However, when using the webgui, I am unable to save any edit for example (turning on debug logs) on the configuration page. Looking at the logs I see the error
Invalid request Validation failed: – Must contain wildcard () or a valid IPv4 Address

is this normal behaviour when a reverse proxy is enabled?

RXWatcher · September 28, 2016, 2:26pm

I think you have something amiss in your config. I just changed my log level via the Sonarr app and it changed it in the config.xml.

~/.config/NzbDrone$ more config.xml
<Config>
  <LogLevel>Debug</LogLevel>
  <Port>8989</Port>
  <UrlBase>/sonarr</UrlBase>
  <BindAddress>*</BindAddress>
  <SslPort>9898</SslPort>
  <EnableSsl>False</EnableSsl>
  <ApiKey></ApiKey>
  <AuthenticationMethod>None</AuthenticationMethod>
  <LaunchBrowser>True</LaunchBrowser>
  <Branch>master</Branch>
  <SslCertHash></SslCertHash>
  <UpdateMechanism>BuiltIn</UpdateMechanism>
</Config>

/etc/apache2/sites-enabled script:

sonarr.conf

<Location /sonarr>
ProxyPass http://localhost:8989/sonarr
ProxyPassReverse http://localhost:8989/sonarr
AuthType Digest
AuthName "rutorrent"
AuthUserFile '/etc/htpasswd'
Require user rxwatcher
</Location>

sadpanda · September 28, 2016, 2:46pm

Thanks for the configs RXWatcher!

Turns out the bind address in the sonarr settings page was set to localhost instead of * .
My settings on the web gui are getting saved and everything is working as it should be.

I had a quick check in the quickbox labs because I don’t remember ever manually setting this address to localhost.

sed -i “s/./sonarr</UrlBase>/g" /home/${username}/.config/NzbDrone/config.xml
sed -i "s/./localhost</BindAddress>/g” /home/${username}/.config/NzbDrone/config.xml

It seems the newest updates didn’t overwrite/change my current existing config.xml which basically was the problem. Thanks for the tips and directing me into the right direction.

liza · September 28, 2016, 7:18pm

I only changed the configuration relative to the changes that we needed to make. The change to localhost was a security consideration given that people might feel safe when Apache asks for a password when in reality you can access the application unprotected directly from the port.

You’re saying that you could access sonarr when bind was localhost, but you couldn’t save any settings?

sadpanda · September 28, 2016, 7:26pm

Yep that was correct. I could in the end access the config page, but no setting would save as it kept mentioning bind address error. Not sure where localhost came from and why It was set in the bind address. Replacing it back to * fixed the issue along with /sonarr

RXWatcher · September 28, 2016, 7:44pm

I would want it all to localhost only or firewall all the ports. You arent using the built in app security so if it’s using * then its listening without any security at all.

liza · September 28, 2016, 7:59pm

–Unfortunately it seems that I was able to reproduce this on a fresh install. Guess this is a bug with sonarr - I’ll see if I can bring it up with the dev.–

–I’ve reverted the bind address change and simultaneously disabled apache realm authentication for Sonarr.–

–https://lab.quickbox.io/QuickBox/quickbox_packages/commit/941800449627eb5baf911ba6c80b69c64acf0839--

127.0.0.1 works fine but localhost doesn’t. Thanks for the error log @sadpanda