invalid password spamming in copyparty log with reverse proxy #885
-
|
So I decided to run copyparty behind a proxy, I have read the readme and the reverse proxy section to setup the proxy server. I used nginx as the reverse proxy. Things seem to work as expected, but when I check copyparty console, I keep seeing a yellow line saying invalid password with random string whenever I try to access the site via the reverse proxy server. It is something that I should be concerned about? Or can I somehow stop it from appearing? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
I also face the same issue but it's always the same string of random characters. I have faced an IP ban from copyparty due to this problem so I would love to know how to solve it. |
Beta Was this translation helpful? Give feedback.
-
|
i am guessing you are hosting multiple services on the same domain, and another service is using basic authentication so the browser is sending that password to copyparty. Can you confirm this? if that is the case, and you do not plan to use basic-auth with copyparty, then you can disable basic-auth with [global]
no-bautha better solution is to run copyparty on its own subdomain where you have no other services if this is NOT the issue, then you need to inspect the request-headers from your reverseproxy with [global]
ihead: * |
Beta Was this translation helpful? Give feedback.
-
|
I am using basic HTTP auth but it's not the same password, copyparty is set up on its own subdomain. Thanks for the assistance though. |
Beta Was this translation helpful? Give feedback.
-
|
in that case do like I suggested with ihead and maybe also enable |
Beta Was this translation helpful? Give feedback.
-
|
I actually did set up a basic auth password with nginx, as I don't want anonymous IPs from accessing the Copyparty service, and yes, the password for the reverse proxy access is different from Copyparty's password, so after disabling the reverse proxy level password, the problem seemed to go away, and the logout problem was also gone. Also using the no-auth flag did also work. |
Beta Was this translation helpful? Give feedback.
i am guessing you are hosting multiple services on the same domain, and another service is using basic authentication so the browser is sending that password to copyparty. Can you confirm this?
if that is the case, and you do not plan to use basic-auth with copyparty, then you can disable basic-auth with
--no-bautha better solution is to run copyparty on its own subdomain where you have no other services
if this is NOT the issue, then you need to inspect the request-headers from your reverseproxy with
--ihead=*and hope that the value you see there gives you a good enough hint as to where the unwanted password is coming from;