Need help : redirect loop using silverbullet with authelia

nasdaa · July 13, 2024, 7:10pm

Hi everyone,
I’ve recently deployed silverbullet in my home lab but i’m having some trouble using authelia with it. I whitelisted some subfolders as described here : Authelia
but when i access silverbullet after logging out i can’t access to the offline version of silverbullet. Authelia’s logs report many redirects, but silverbullet seems to be refreshing while using a lot of CPU. Here are the logs :

authelia     | time="2024-07-13T21:03:01+02:00" level=debug msg="Check authorization of subject username= groups= ip=192.168.112.2 and object https://silverbullet.local.marvyn-rioux.fr/service_worker.js (method GET)."
authelia     | time="2024-07-13T21:03:01+02:00" level=debug msg="Check authorization of subject username= groups= ip=192.168.112.2 and object https://silverbullet.local.marvyn-rioux.fr/SETTINGS.md (method GET)."
authelia     | time="2024-07-13T21:03:01+02:00" level=info msg="Access to https://silverbullet.local.marvyn-rioux.fr/SETTINGS.md (method GET) is not authorized to user <anonymous>, responding with status code 401 with location redirect to https://auth.local.marvyn-rioux.fr/?rd=https%3A%2F%2Fsilverbullet.local.marvyn-rioux.fr%2FSETTINGS.md&rm=GET" method=GET path=/api/verify remote_ip=192.168.112.2
authelia     | time="2024-07-13T21:03:01+02:00" level=debug msg="Check authorization of subject username= groups= ip=192.168.112.2 and object https://silverbullet.local.marvyn-rioux.fr/index.json (method GET)."
authelia     | time="2024-07-13T21:03:01+02:00" level=info msg="Access to https://silverbullet.local.marvyn-rioux.fr/index.json (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://auth.local.marvyn-rioux.fr/?rd=https%3A%2F%2Fsilverbullet.local.marvyn-rioux.fr%2Findex.json&rm=GET" method=GET path=/api/verify remote_ip=192.168.112.2
authelia     | time="2024-07-13T21:03:01+02:00" level=debug msg="Check authorization of subject username= groups= ip=192.168.112.2 and object https://silverbullet.local.marvyn-rioux.fr/index.json (method GET)."
authelia     | time="2024-07-13T21:03:01+02:00" level=info msg="Access to https://silverbullet.local.marvyn-rioux.fr/index.json (method GET) is not authorized to user <anonymous>, responding with status code 401 with location redirect to https://auth.local.marvyn-rioux.fr/?rd=https%3A%2F%2Fsilverbullet.local.marvyn-rioux.fr%2Findex.json&rm=GET" method=GET path=/api/verify remote_ip=192.168.112.2
authelia     | time="2024-07-13T21:03:02+02:00" level=debug msg="Check authorization of subject username= groups= ip=192.168.112.2 and object https://silverbullet.local.marvyn-rioux.fr/service_worker.js (method GET)."

Can someone help me figure out why silverbullet doesn’t effectively redirect me to the login page ?
Thank you for your help

i_am_dangry · July 16, 2024, 10:46pm

You’re not alone, I also have this problem and haven’t had the energy to make a post or dive into it further. Although I don’t use synced mode, I feel it might be the same problem.

From what I’ve observed, if the Authelia session cookie times out/is destroyed, you get stuck in a refresh loop thanks to the SB Service Worker constantly refreshing the page looking for the server (before I assume it times out and goes into offline mode) and it seems to refresh faster than Authelia can redirect.

If you force refresh the page (ctrl + shift + r) or deregister the service worker, Authelia will then redirect as expected. This work around is fine if you’re on a desktop, but on mobile (iOS in my case), there is no easy way to deregister the service work or force refresh when running as a PWA so you end up in refresh hell.

zef · July 17, 2024, 3:51am

There are a few people who use or at least used Authelia successfully with SB. There was even a more elaborate guide and configuration posted multiple times. However I cannot find it. And I forgot who set this up. It may have been on discord, and not finding stuff there was one of the reasons to move away from it.

So let’s do a loud yell and hope that somebody sees it and can help. Otherwise I finally have to do this myself…

paletochen · July 30, 2024, 9:39pm

That probably was me

The guide you are referring to, I believe it is still published: Deployments.
This one is based in: docker + authelia + caddy

I moved to another reverse proxy shortly after that guide, to Nginx Proxy Manager (NPM), and since a couple of months to SWAG, not without trying Traefik first.

The only reason for jumping so much between reverse proxies is due to a very specific service that I have (unrelated to Silverbullet) and that I could only find ways to configure it using either pure nginx or SWAG in this case.

@nasdaa Let me know which reverse proxy you are using, I may be able to help as I still keep all my notes… guess where… in Silverbullet

edison23 · January 7, 2025, 10:34pm

Hi, I know this is a pretty old post, but I had the infinite redirect loop issue in Android Brave just now and the mention of the sync mode here led me to a very simple (albeit a shortly annoying) solution - between the refreshes, ie., after tapping OK in the modal informing me that I’m unauthorized and will be hopefully redirected to login form, I managed to tap the sync button to get out of the sync mode. After that, I got to the proper login screen. I hope I won’t need this again, but I thought it may be useful to someone looking for a simple way out of the refresh hell.