this post was submitted on 21 Nov 2025
22 points (95.8% liked)

Selfhosted

53408 readers
162 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
22
navidrome sso with traefik/authentik (piefed.social)
submitted 2 weeks ago by immobile7801@piefed.social to c/selfhosted@lemmy.world
5 comments fedilink hide all child comments
 

Has anyone gotten navidrome mobile apps to work with traefik and authentik sso? I used this article to get the webapp sso to work, but mobile apps won't work even with the /rest path supposedly being bypassed. the traefik config was copied/modified for my setup, so I think the article is still missing something.

I've tried a couple navidrome apps: dsub, tempo, tempus.

top 5 comments
sorted by: hot top controversial new old
[–] Jakeroxs@sh.itjust.works 4 points 2 weeks ago (1 children)

I am not sure how it works with authentik and the navidrome mobile apps, but I with Authelia and Immich, I basically had to add a header bypass to the traefik config and in the immich mobile app, maybe something similar is possible?

[–] immobile7801@piefed.social 3 points 2 weeks ago

Thanks, I will look into this

[–] clmbmb@lemmy.dbzer0.com 4 points 2 weeks ago

Here's my config for Authelia, maybe it helps:

    - domain: music.server.home
      policy: bypass
      resources:
        - '^/rest.*'
        - '^/api.*'
    - domain: music.server.home
      policy: one_factor
[–] starshipwinepineapple@programming.dev 4 points 2 weeks ago* (last edited 2 weeks ago)

I have mine only internal so i haven't ran into that. But check console. You mention mobile so if you're on android you can hook it up to your pc and use debugging through chrome.. In the past I've had success looking at error messages to see why my requests were failing. Usually because i wasn't passing headers correctly.

I use symfonium and it looks like it let's you pass custom headers if needed. Good luck

[–] gezero@lemmy.bowyerhub.uk 3 points 2 weeks ago* (last edited 2 weeks ago)

In the end, when I was setting it up, I realized that the only apps I use to connect and listen are using the rest API and I never got that one to work when I was setting it up. I had to bypass rest API endpoints like other poster here and create internal users in navidrome to keep some kind of security.

I would love someone posting up to date guide how to do it properly.

In the end problem was with the Subsonic Api and and the fact that I did not know how to implement subsonic authentication scheme on my proxy (caddy).

https://www.navidrome.org/docs/usage/reverse-proxy/