Hide "No Authentication Warning" when external auth already exists

Hello there,

I have Syncthing behind Traefik as a reverse proxy (in a docker swarm cluster in my LAN), and I have already configured SSO with Authelia. Is it possible to hide the danger warning complaining about no set credentials?

I found a post in this forum specifying after acknowledging this warning it should be gone, however, I have no options to hide it. Also, I looked if there is maybe an option to configure in the container, but I did not found one.

P.S: Thanks four all of your work on Syncthing, it is really an amazing project and I really like the aspect that you don’t need a public IP for it and you basically simulate cloud sync behavior.

Suggest you configure auth and get traefik to use that as basic auth.

There is a flag in the advanced config, but I my memory serves me right, it still triggers a prompt on every restart.

Wouldn’t that basically kill the SSO functionality by authelia? Since I would have to use different credentials again.

The suggestion is to have Traefik pass a set of (static) credentials to Syncthing. That way Syncthing is happy, and there is some sort of protection against someone talking directly to it. Or, indeed the “insecure admin access” flag among the advanced GUI options, which mostly silences the complaint.

You mean like configuring traefik basic auth for Syncthing for a user like “user:password”? I still don’t get it, this would results in me typing in a password twice.

Traefik would pass the credentials in a header, so you would not need to type in anything twice.

Hmm, Traefik already passes the Authorization header from Authelia to the respective backend, e.g. Authorization: Basic HERE_THE_HASH.

So configure Syncthing to expect those credentials?

Isn’t this like a standard RFC-compliant header which should be normally processed by the application itself? However, where can I configure this? Search — Syncthing v1 documentation does not return useful information.

The basic auth header is just username:password in base64. You configure the username and password in the settings dialog in Syncthing.

So I went with enabling Insecure Admin Access since I ran into the following problem:

  • I configured Authelia to use the basic auth header for the Syncthing host
  • This worked fine, the Authorization basic header was submitted with the correct credentials (checked with base64 decode) by Traefik
  • However, the frontend took ages to load and was broken, and I checked the network console. A lot of resource requests for Javascript files failed with 500 errors.
  • I thought maybe it’s because I need to configure these credentials in the GUI, however, no luck, it also failed in the same way after that (also 500 errors for external resource requests)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.