[GH-ISSUE #46] How do I use the extension when TubeArchivist is behind Authelia? #29

New issue

Closed

opened 2026-03-23 20:31:51 +00:00 by mirror · 4 comments

mirror commented

2026-03-23 20:31:51 +00:00

Owner

Originally created by @tehniemer on GitHub (Sep 5, 2024).
Original GitHub issue: https://github.com/tubearchivist/browser-extension/issues/46

I have TubeArchivist behind Authelia and have the forward auth login working, but the extension is not connecting to my server, is there a way to get this working or do I need to disable Authelia to use the extension?

Originally created by @tehniemer on GitHub (Sep 5, 2024). Original GitHub issue: https://github.com/tubearchivist/browser-extension/issues/46 I have TubeArchivist behind Authelia and have the forward auth login working, but the extension is not connecting to my server, is there a way to get this working or do I need to disable Authelia to use the extension?

mirror closed this issue

2026-03-23 20:31:51 +00:00

mirror commented

2026-03-23 20:31:52 +00:00

Author

Owner

@Hanga7yr commented on GitHub (Oct 11, 2024):

Hi,
On my own experience, it is a bit of a pain using authelia and services that require direct access from outside.
There are a few options to allow access, such as VPNs, but in some cases, it is not an option.

The current way I do it, is allowing certain paths to pass directly towards the service adding it to the rules of access_control, for example:

- domain: service.example.net
  policy: bypass
  resources:
    - "^/bypass/.*$"

And then in my reverse proxy (haproxy), point directly towards that service modifying the path so that it points correctly where it should.

...
acl bypass_url path_beg -i /bypass/
use_backend service if bypass_url
...
http-request set-path / if bypass_url

While this certainly affects security, in the case of tubearchivist, you are using an API key so the effect is slightly diminished.
I am using examples here, not providing an answer as I don't know your setup, so modify it to your needs.

There are other options to fix this issue but this is the one I am currently using, once I find a better one I will probably change.

Hope this answer suites your needs and is on time.

@Hanga7yr commented on GitHub (Oct 11, 2024): Hi, On my own experience, it is a bit of a pain using authelia and services that require direct access from outside. There are a few options to allow access, such as VPNs, but in some cases, it is not an option. The current way I do it, is allowing certain paths to pass directly towards the service adding it to the rules of access_control, for example: ``` - domain: service.example.net policy: bypass resources: - "^/bypass/.*$" ``` And then in my reverse proxy (haproxy), point directly towards that service modifying the path so that it points correctly where it should. ``` ... acl bypass_url path_beg -i /bypass/ use_backend service if bypass_url ... http-request set-path / if bypass_url ``` While this certainly affects security, in the case of tubearchivist, you are using an API key so the effect is slightly diminished. I am using examples here, not providing an answer as I don't know your setup, so modify it to your needs. There are other options to fix this issue but this is the one I am currently using, once I find a better one I will probably change. Hope this answer suites your needs and is on time.

mirror commented

2026-03-23 20:31:53 +00:00

Author

Owner

@tehniemer commented on GitHub (Oct 11, 2024):

I have something similar that works for all my other services using APIs for app access, but it isn't working for the extension, I'm wondering if the url contains a different identifier instead of api, I just don't know how to figure out what it might be.

    - domain: '*.mydomain.com'
      policy: bypass
      resources:
      - '^/api([/?].*)?$'

@tehniemer commented on GitHub (Oct 11, 2024): I have something similar that works for all my other services using APIs for app access, but it isn't working for the extension, I'm wondering if the url contains a different identifier instead of `api`, I just don't know how to figure out what it might be. ``` - domain: '*.mydomain.com' policy: bypass resources: - '^/api([/?].*)?$' ```

mirror commented

2026-03-23 20:31:53 +00:00

Author

Owner

@Hanga7yr commented on GitHub (Oct 11, 2024):

I believe the APIs routes are on the /extension/background.js file.
For what I can see scanning quickly they are:

api/ping
api/download
api/channel
api/video
api/cookie

So allowing the /api route and subpaths should be sufficient.

@Hanga7yr commented on GitHub (Oct 11, 2024): I believe the APIs routes are on the /extension/background.js file. For what I can see scanning quickly they are: - api/ping - api/download - api/channel - api/video - api/cookie So allowing the /api route and subpaths should be sufficient.

mirror commented

2026-03-23 20:31:54 +00:00

Author

Owner

@tehniemer commented on GitHub (Oct 11, 2024):

Thanks for the help, but it seems that it's not Authelia as the source of my troubles, even with it disabled the extension is unable to access my instance. I'm going to close this and open an issue.

@tehniemer commented on GitHub (Oct 11, 2024): Thanks for the help, but it seems that it's not Authelia as the source of my troubles, even with it disabled the extension is unable to access my instance. I'm going to close this and open an issue.

mirror referenced this issue

2026-03-23 20:32:14 +00:00

[PR #29] [MERGED] updated the subscribe button styling to match the new youtube ui #49