Exempt Ombi from PGShield

Messenger

Noob
Original poster
Local time
11:14 AM
Nov 3, 2018
1
0
PG Version
8.6.5
Server Type
Remote - Dedicated Server
Hi there, I've gotten my server up and running and it's all working incredibly well! PGBlitz is really amazing, thanks for everything.

The final thing I'd like to figure out is to exempt ombi from PGShield, so that my users don't have to use OAuth. Strangely, Ombi does not show up in the exempt section.

How can I exempt Ombi from PGShield?

?️ PG Shield ~ App Exemption | http://pgshield.pgblitz.com
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
? Potential Apps to Exempt

airsonic alltube avidemux bazarr beets bitwarden booksonic
cadvisor calibre-web cloudcmd ddclient deezloaderremix deluge-vpn deluge
domoticz dozzle duplicati embystats filebot filezilla firefox
flexget flextv gazee gitea handbrake headphones heimdall
home-assistant htpcmanager jd2-openvpn jdownloader2 kitana logarr makemkv
mariadb mcmyadmin mediainfo medusa mellow mkvtoolnix monitorr
muximux mylar nextcloud nowshowing nzbget-mp4 ombi4k ombiHDR
organizr pyload qbittorrent-vpn radarr4k radarrhdr rclonebrowser rdp-calibre
resilio rflood-vpn rutorrent-vpn sharesite shoko sonarr4k sonarrhdr
speedtest subsonic synclounge syncthing teamspeak3 thelounge traktor
transmission-vpn ubooquity unifi varken vnc-xfce xteve zammad


Many thanks!
 

Sejrup

Respected Member
Local time
12:14 PM
Jan 11, 2019
91
32
I had the same issue. Think it's because core apps cannot be excluded? Anyways, what I did was to copy the ombi.yml file from the core apps folder to /opt/mycontainers/ and then install it via the community in plexguide. In the menu, press 5, 2, 1 select and install. Then it showed up for me at least
 

vampzfreak

Junior Member
Local time
6:14 AM
Jun 21, 2019
8
0
i just came here for this reason, would be nice if it was in the expempt list
 

dallensmith

Full Member
Local time
6:14 AM
Feb 15, 2019
39
1
i was able to exempt ombi last week, but I can't and am having the same issue.
I dont know what changed but I need ombi excluded too
 

SteveCliff

Junior Member
Local time
11:14 AM
Jun 23, 2019
12
0
i was able to exempt ombi last week, but I can't and am having the same issue.
I dont know what changed but I need ombi excluded too
Not sure if it helps but I literally just did this about 2 hours ago - lol! I had installed "ombi" initially and couldn't exclude it - but then I noticed "ombi4k" was in the list so installed that instead. Voila - excluded that fine no problem.

I am very much a newb though so there could be a way with ombi too :)
 
Assists Greatly with Development Costs

UncleBuck

Senior Member
Staff
Local time
5:14 AM
Dec 21, 2018
176
43
Houston, TX
I am in the middle of moving to a new host and having the exact same issue. I can exempt Ombi4k but not Ombi as I had on my previous server. Same goes for tautulli.
 

JBM88

Junior Member
Local time
12:14 PM
Jun 30, 2018
12
3
A temporary workaround until this is fixed is to go to Portainer -> local -> Choose the containers you want to PW protect -> Duplicate / Edit -> Labels -> +add label ->

name = traefik.frontend.auth.basic | value = username:$md5hash


you can generate a username:md5hash combination at http://www.htaccesstools.com/htpasswd-generator/ for example or locally if you are paranoid.

I like oauth way more but if I can't except what I want it's no use for me. So having an extra layer of basic authentication and control over what is accessible by others and what not without auth is enough for now for me personally.
 
T

TheShadow

Guest
The reason why it's not in the list is because ombi is already exempted..

It won't show stuff already exempted, which is why plex isn't in the list.

If you reset your exemptions and go back to exempt you'll see ombi show up again.

You'll have to redeploy the apps when you change PGShield settings.
 

dallensmith

Full Member
Local time
6:14 AM
Feb 15, 2019
39
1
The reason why it's not in the list is because ombi is already exempted..

It won't show stuff already exempted, which is why plex isn't in the list.

If you reset your exemptions and go back to exempt you'll see ombi show up again.

You'll have to redeploy the apps when you change PGShield settings.
yeah i tried that and also tried it on a fresh gce install without ever making any exemptions and it didnt work
 
T

TheShadow

Guest
Are you using a fork of any apps?

Are you using a fork of PGSheild.

I literally just "reset" my exemptions and I see ombi in the list.

Remember you have to exempt, then you got to redeploy ombi, otherwise it won't have any affect.
 
T

TheShadow

Guest
You can easily test for oauth by going to the url in incognito mode. If you see Google sign in, PGShield is up for that app, otherwise you'll see ombi.
 
T

TheShadow

Guest
You can also try the beta 8.6.6 as that has some bug fixes for PGShield in relation to community apps.
 

UncleBuck

Senior Member
Staff
Local time
5:14 AM
Dec 21, 2018
176
43
Houston, TX
I just built a new server from scratch using only non-forked options. I can confirm that ombi does not show up as an option to exempt and is not exempted by default. I tried to reset my exemptions but since I don't have any it's not an option.

I updated to 8.6.6 and still having the same issue.

@MrDoob or @Admin9705 I think you have a bug in PG Shield.
 
T

TheShadow

Guest
Did you install ombi before doing this? It must be running beforehand

I literally tested this again and I see it under apps I unprotected and can protect again.

Screenshot_20190709-122043.png
 

UncleBuck

Senior Member
Staff
Local time
5:14 AM
Dec 21, 2018
176
43
Houston, TX
Fresh install.
Ombi and Tautulli installed among other applications.
Traefik deployed.
Ports closed.
PGShield Deployed.
Confirmed that Ombi and Tautulli are protected with Google Oauth by navigating to ombi.mydaomain.tld and tautulli.mydomain.tld.

Ombi is not listed on apps that can be disabled.
3555


No apps are currently disabled so cannot enable any.
3554
 

UncleBuck

Senior Member
Staff
Local time
5:14 AM
Dec 21, 2018
176
43
Houston, TX
I have done this twice on two different hosts; Hetzner VPS, and WholesaleInternet. Both times the same thing happens.
 

Cringely

Junior Member
Local time
3:14 AM
Sep 11, 2018
9
5
This is a bug with the way pgshield.sh is generating the app list:

The _appgen.sh script overwrites the file used to store app names and since the community version of appgen runs second those are the only apps which appear.
 

Cringely

Junior Member
Local time
3:14 AM
Sep 11, 2018
9
5
You can use my forks to get this working right now, you'll have to navigate a few menus to make it work though.

Bash:
pgblitz
5
1
2
1
Cringely
v8.6
2
exit
5
2
2
1
Cringely
v8.6
2
exit
3
2
1
Cringely
v8.6
2
Then continue through PGShield as you normally would.

What this is doing:
Copying my _appgen.sh files from both the Community and Core apps which I modified so they return values to the pipeline rather than a file
Copying my pgshield.sh file which I modified to pipe output to the app.list file which the menu generate from.

I would only use this as a short term solution/immediate fix (or just modify the label(s) in portainer for traefik.frontend.auth.forward.address) until a more proper fix is deployed.

Links:
 
Last edited:
  • Like
Reactions: vFlagR

fishtek

Junior Member
Local time
5:14 AM
Feb 8, 2019
9
2
Hey guys, I'll just add I ran into this bug as well, and the fix I went with (thanks to @Cringely pointing out the issue), is to edit the file /opt/communityapps/apps/_appsgen.sh
And then change line 11 to include the `>>` append instead of just clobbering the list of with a single `>` ... so it should look like this:
Bash:
# Generates App List
ls -la /opt/communityapps/apps/ | sed -e 's/.yml//g' \
| awk '{print $9}' | tail -n +4  >> /var/plexguide/app.list
 
  • Like
Reactions: pb1051

Cringely

Junior Member
Local time
3:14 AM
Sep 11, 2018
9
5
Ya, that's much simpler. You could add a pull request to the community repo, it should also fix the watchtower app list generation during new installs too since that uses the same scripts to generate it's initial list.
 
  • Like
Reactions: pb1051
Assists Greatly with Development Costs

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads


Maintenance Donations

 

Recommend NewsGroups

      Up To a 58% Discount!

Trending