How to get rid of SSO for a redirect app?

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.11
What app is this about: Redirect

Describe your issue

I am running Fossil on my server via a Redirect app in YunoHost, giving it its own subdomain. And that worked fine for many weeks.

Last, week, I update YunoHost. And since then, syncing with my Fossil server fails because Fossil’s http requests to the subdomain get redirected to SSO. I have no idea why, but I’d like to get rid of it. In fact, I’d prefer to opt out of SSO completely for this Redirect app. I didn’t find any such option, so I tried editing the various config files, commenting out those that seemed to refer to SSO. No success.

There are various similar-looking questions in this forum, but none has an answer that makes sense to me.

Share relevant logs or error messages

I get error messages from the Fossil client, not on the server. An example:

Sync with https://fossil.mydomain.tld/yunohost/sso/
server says: 405 Not Allowed

The https request was originally for https://fossil.mydomain.tld/

Check if the redirect app is allowed to visitors in the webadmin

Yes it does. And anyone can access the Fossil Web UI. It’s just syncing that gets redirected to SSO.

I don’t know which precise feature of sync is the problem. Fossil sync uses standard HTTP, but the access pattern is different. For example, sync starts doing a POST to initiate authentication.

Look at your nginx logs, try to filter out all the requests used by your software to access the server by client IP. Those logs might contain a hint on what is going on.

In /etc/nginx/conf.d/ you can look at the configuration. The sso is included in the configuration. You can backup the files for your redirect app and try changing them to not contain sso. Before any changes get active you need to check your configuration by running nginx -t and the restart the service systemctl reload nginx.

To restore the original configuration files you can also use yunohost tools regen-conf --help.

2 Likes

Thanks for all those hints. Their main immediate benefit for me was the reminder about backups. I had taken a backup of everything before updating. So I restored the backup for my redirect app - and everything worked again!

On one hand, this means that my problem is solved. On the other hand, I still have no idea what happened nor how I can prevent a similar issue in the future. I’ll keep a bookmark on this thread just in case…

1 Like