When using Nginx proxy manager with Authelia (specifically the location block) the checkboxes under Details are ignored so we need to enable websockets manually where needed.
💡 On Unraid, I've placed the snippets in
/mnt/user/appdata/NginxProxyManager/nginx/snippets
# Authelia https://www.authelia.com/integration/proxies/nginx-proxy-manager/
include /config/nginx/snippets/authelia-location.conf;
location / {
include /config/nginx/snippets/proxy.conf;
include /config/nginx/snippets/authelia-authrequest.conf;
include /config/nginx/snippets/hsts.conf;
proxy_pass $forward_scheme://$server:$port;
}
location /sonarr {
# Authelia https://www.authelia.com/integration/proxies/nginx-proxy-manager/
include /config/nginx/snippets/proxy.conf;
include /config/nginx/snippets/authelia-authrequest.conf;
# Security Headers https://securityheaders.com/
include /config/nginx/snippets/hsts.conf;
proxy_pass http://sonarr:8989;
# If you use "Basic auth" on the service, see below
proxy_set_header Authorization "Basic dGVzdDp0ZXN0";
# Upgrade websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
If you want to enable basic auth on for example Sonarr, but not have to enter the credentials when Authelia is protecting access, we can set an Authorization header to send to the application. This would mean that no one can be on your local network and access your Sonarr instance.
You can generate the hash by running btoa("test:test123") in the browser console. This would mean the username is test and the password is test123. It has to match whatever you inputed into Sonarr.