bug - "unauthorized" when accessing webui

[dadoblake]

Information

thans for the amazing image!
the initialization goes fine, at least the log seems to say that...
suddenly, it says
To control qBittorrent, access the Web UI at http://localhost:8080 (that is under nat to 8088 on the host due to existing binding, maybe it's the cause?)
and then accessing from fqdn:8088 gives me Unauthorized

Current setup

python image on Docker version 19.03.11, on Ubuntu 20.04.1 LTS kernel 5.4.0-54

docker-compose.yml file or docker run command

$ docker run --cap-add=NET_ADMIN -d \ -v xxx:/downloads \ -v xxx:/config \ -v /etc/localtime:/etc/localtime:ro \ -e OPENVPN_PROVIDER=PUREVPN \ -e OPENVPN_CONFIG=de2-ovpn-tcp \ -e OPENVPN_USERNAME=xxx \ -e OPENVPN_PASSWORD=xxx \ -e PUID=1000 \ -e PGID=1000 \ -e LAN=192.168.0.0/24 \ -p 8088:8080 \ guillaumedsde/alpine-qbittorrent-openvpn:python

[guillaumedsde]

Hi, you can fix this with this solution

[dadoblake]

i modified the conf file, but still getting the same error

[Network]
Cookies=@Invalid()

[Preferences]
Connection\PortRangeMin=5900
Queueing\QueueingEnabled=false
WebUI\Port=8080
WebUI\HostHeaderValidation=false

am i missing something else?

[guillaumedsde]

Hum....

perhaps also try adding these lines to your config:

WebUI\ServerDomains=*
WebUI\Address=*

If that fixes it for you, I might need to add these to the default configuration

[dadoblake]

mmm no :(
i got the same error... i thought it could be also the nat i'm doing with docker, so i left the 8080 mapped as requested but nothing to do.
i don't know what else may you need to see

[dadoblake]

this is what i get from the chrome console, maybe it can help
Refused to create a worker from 'blob:http://ubuntuserver:8080/f91e7fdd-1f76-4d77-8651-8aba197174b3' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

[ajaskiewiczpl]

I had the same problem. I changed settings to the following and now it works:

[Preferences]
Connection\PortRangeMin=6279
Queueing\QueueingEnabled=false
WebUI\Port=8080
WebUI\ServerDomains=*
WebUI\Address=*
WebUI\HostHeaderValidation=false

[dadoblake]

I had the same problem. I changed settings to the following and now it works:

[Preferences]
Connection\PortRangeMin=6279
Queueing\QueueingEnabled=false
WebUI\Port=8080
WebUI\ServerDomains=*
WebUI\Address=*
WebUI\HostHeaderValidation=false

unfortunately this doesn't work for me
this is what "WebUI" section looks on my conf file:

WebUI\Address=*
WebUI\AlternativeUIEnabled=false
WebUI\AuthSubnetWhitelist=192.168.0.0/24
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\BanDuration=3600
WebUI\CSRFProtection=true
WebUI\ClickjackingProtection=true
WebUI\CustomHTTPHeaders=
WebUI\CustomHTTPHeadersEnabled=false
WebUI\HTTPS\CertificatePath=
WebUI\HTTPS\Enabled=false
WebUI\HTTPS\KeyPath=
WebUI\HostHeaderValidation=false
WebUI\LocalHostAuth=true
WebUI\MaxAuthenticationFailCount=5
WebUI\Port=8080
WebUI\RootFolder=
WebUI\SecureCookie=true
WebUI\ServerDomains=*
WebUI\SessionTimeout=3600
WebUI\UseUPnP=true
WebUI\Username=admin

[dadoblake]

i see, within the logs, the line
To control qBittorrent, access the Web UI at http://localhost:8080
this is "suspicious" to me. on a docker environment you'll never be able to reach a container at its own localhost but at least at host's hostname. but this is just a geek idea :D feel free to throw it
anyway can be related to this? maybe the instance expects to be reachable on localhost and not on docker's machine physical hostname
@guillaumedsde is this a reasonable idea?

[dadoblake]

UPDATE:
it works pointing to http://ip-address:port but not pointing to http://server-name:port

[guillaumedsde]

It looks like these lines might be the problem, you might want to disable them

WebUI\CSRFProtection=true
WebUI\ClickjackingProtection=true

if you wanted to configure all of this "correctly", you might want to set WebUI\Address to the hostname you want to access the container with (server-name in your example config above for instance)

[dadoblake]

It looks like these lines might be the problem, you might want to disable them

WebUI\CSRFProtection=true
WebUI\ClickjackingProtection=true

if you wanted to configure all of this "correctly", you might want to set WebUI\Address to the hostname you want to access the container with (server-name in your example config above for instance)

Amazing! It works fine now. I removed the lines.
Really thank you for the time spent!

[guillaumedsde]

No problem :)

[jos149]

I am getting an unauthorized message too. Have not been able to succesfully start the container yet.
I changed my qbittorent.conf to WebUI\Port=8888 and because this is 8888 now my docker compose is also mapped as port = 8888:8888

Anything suspicious?

[appletonzzzz]

I get the "unauthorized" error in Safari but I can login with the same URL in Firefox

[achmetinternet]

Same here, I get "unauthorized" in my Brave Browser but in Edge it works. Maybe try cleaning your cache in Safari @rimclean

[ZiqiChai]

I use qBittorrent in a freenas jail and meet the same problem. I fix this by manually entering the URL into the address bar, such as: 192.168.1.123:8080, instead of using the hyperlink of manage button in the jail.

[weirlive]

It looks like these lines might be the problem, you might want to disable them

WebUI\CSRFProtection=true
WebUI\ClickjackingProtection=true

if you wanted to configure all of this "correctly", you might want to set WebUI\Address to the hostname you want to access the container with (server-name in your example config above for instance)

Amazing! It works fine now. I removed the lines. Really thank you for the time spent!

how do I do this and make it a persistent fix? I can change the qB.conf file but when I restart the image it changes the file back.

[fisherd80]

It looks like these lines might be the problem, you might want to disable them

WebUI\CSRFProtection=true
WebUI\ClickjackingProtection=true

if you wanted to configure all of this "correctly", you might want to set WebUI\Address to the hostname you want to access the container with (server-name in your example config above for instance)

Amazing! It works fine now. I removed the lines. Really thank you for the time spent!

how do I do this and make it a persistent fix? I can change the qB.conf file but when I restart the image it changes the file back.

Afternoon, Is there any update on this as every time I change the qB.conf and restart the docker container, it reverts back.

I am having the same issue regarding not being able to access the Web UI as its saying "Unauthorized".

[Fr33dan]

how do I do this and make it a persistent fix? I can change the qB.conf file but when I restart the image it changes the file back.

I don't know if this is your issue, but it seems that while running the container caches the config (I'm guessing to avoid reading it repeatedly if the forwared port should change). It then writes it's cached version (as it existed when the docker started) when you exit. The solution is you edit your config file while the container is stopped.