Help rTorrent-Pro never asks password to connect to Web UI when connect through ReverseProxy on localhost

altaroinj

Passing Basics
Beginner
Mar 31, 2018
14
1
3
43
QNAP
TS-x53
Ethernet
1 GbE
Hi all,

it seems that with last delivered version (0.9.6-0419) of rTorrent-Pro (which is a great piece of software by the way, thanks Silas ;)), the password is never asked when logging to Web UI.
I am currently connecting to rTorrent Web UI using an adress like https://subdomain.domain.com that redirects to https://localhost:6008 (by a NGinX remote proxy).
With previous versions I was asked for my password, but since today, even if I manually change it in Settings page, I am never asked for it.

Do you have an idea ?

Thanks.

Firmware version: 4.3.6.0895 Build 20190328
Model name: QNAP TS-253 Pro
 
OK, I’ll give it a try when I arrive at home.
I’ll keep you in touch.
Thanks.
 
So, I tried the beta version and still the issue.
But I also tried the direct access to url using https://ip:6008 because this time I was at home, and I was asked the password.
So I reinstalled version 0.9.6-0419 and tried access to https://ip:6008, and again I was asked the password.
So the issue is with my nginx configuration.

Thanks Silas for your quick answer and sorry for disturbing you.
Now I must find out what I did recently with my f*****g nginx conf. hmmm
 
Thats bit strange. Wanna test 0.9.7 Beta? Check PM.

Is RC2? With the ability to set the time and frequency of scanning
Well not yet.
0.9.7 is a new engine with several fixes, like better ipfilter list support and etc... but some 3rd party apps might not work like Avalanche UI.
 
So, I didn't have a lot of time to find out what was going on with basic authentication when using NGinx as a proxy.
But I finally looked at it today and I found out what was the issue.
So I'll explain it for those who have the same problem.

It seems that rtorrent doesn't ask for authentication if the request comes from the same machine.
And apparently, rtorrent does not use headers like 'X-Real-IP' or 'Host' to determine if request originated from the same machine but must, I think, use a method based on which network adapter was used to receive the request.

In my case, my nginx conf had this setup :

location / {
proxy_pass https://localhost:6008;
}

I just had to replace it by the following and voilà, I was asked for my login/password again :

location / {
proxy_pass https://192.168.0.1:6008;
}