Rest-server in reverse proxy behind apache - authentication issue

Getting Help
1

I’m running Ubuntu 24.04 LTS using the latest rest-server v0.12.1 in reverse proxy behind apache. The /files part of the URL of my webapp is referring to rest-server.

All is working well if I don’t use authentication, so when running the server with argument --no-auth. In this case I can do an init of a new repo with my restic client from a remote server and I can do a backup.

But when I turn on authentication, I run into an error I can’t solve so far.

This is the status of my rest-server process running at server1:

root@server1:/etc/systemd/system# systemctl status rest-server
● rest-server.service - Rest Server
     Loaded: loaded (/etc/systemd/system/rest-server.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-07-04 14:12:53 CEST; 1s ago
   Main PID: 3887 (rest-server_0.1)
      Tasks: 7 (limit: 9443)
     Memory: 1.3M (peak: 1.8M)
        CPU: 7ms
     CGroup: /system.slice/rest-server.service
             └─3887 /usr/local/bin/rest-server_0.12.1_linux_386 --path /home/data/rest-server --debug --private-repos --append-only --log /var/log/rest-server/rest-server.log

Jul 04 14:12:53 server1 systemd[1]: Started rest-server.service - Rest Server.
Jul 04 14:12:53 server1 rest-server_0.12.1_linux_386[3887]: Data directory: /home/data/rest-server
Jul 04 14:12:53 server1 rest-server_0.12.1_linux_386[3887]: Authentication enabled
Jul 04 14:12:53 server1 rest-server_0.12.1_linux_386[3887]: Loaded htpasswd file /home/data/rest-server/.htpasswd
Jul 04 14:12:53 server1 rest-server_0.12.1_linux_386[3887]: Private repositories enabled
Jul 04 14:12:53 server1 rest-server_0.12.1_linux_386[3887]: start server on :8000

Let’s create user lullo and add it’s password to the .htpasswd file at the default location:

rest-server@server1:/home/data/rest-server~$ htpasswd -B -c .htpasswd lullo
New password:
Re-type new password:
Adding password for user lullo

This is how the data directory looks like:

rest-server@server1:/home/data/rest-server~$ ls -la
total 24
drwx------ 3 rest-server rest-server 4096 Jul  4 13:50 .
drwxr-xr-x 4 root        root        4096 Jul  3 15:25 ..
-rw-rw-r-- 1 rest-server rest-server   67 Jul  4 13:50 .htpasswd
drwx------ 2 rest-server rest-server 4096 Jul  4 11:31 lullo

It all looks OK, but this happens when I do an init from the remote server with my restic client:

root@server2:/root/restic-test# restic -r rest:https://lullo:password@server1.com/files/lullo -p pwd.txt init
Fatal: create repository at rest:https://lullo:password@server1.com/files/lullo failed: Fatal: server response unexpected: 401 Unauthorized (401)

When I check the status of the process of rest-server for additional debugging info, this is what I see:

Jul 04 14:07:39 server1 rest-server_0.12.1_linux_386[3789]: HEAD /lullo/config
Jul 04 14:07:39 server1 rest-server_0.12.1_linux_386[3789]: checkConfig()
Jul 04 14:07:39 server1 rest-server_0.12.1_linux_386[3789]: stat /home/data/storage-ssd/rest-server/lullo/config: no such file or directory
Jul 04 14:07:39 server1 rest-server_0.12.1_linux_386[3789]: POST /lullo?create=true

Any help would be appreciated, cheers!

2

What happens if you directly connect to rest-server (avoiding the indirection through apache) are you then able to access the rest-server repository? If yes, then there’s a problem with the apache configuration. Make sure that Apache does not interfere with the Authentication header included in the http requests sent by restic.