Caddy: Auth cookie is not used by other subdomains

This is caused by Caddy not adding the necessary headers when forwarding the login request to Organizr.

Using the "transparent" preset or manually adding the necessary headers solves the issue.

For example: {
  proxy / http://organizr.internal {


Docker: Showing Update available even though up to date

Remove index.lockif it tells you to.
Restart container.

Forgot my Organizr account password

If you find yourself in the situation where you've forgotten the password to your Organizr account (ONLY if you have auth set to Org DB ONLY and NOT using Plex or Emby backend), and did not yet setup the PHPMailer Plugin to be able to reset your password, you can use the following instructions to configure the PHPMailer Plugin and regain the ability to reset your forgotten password.

Starting with Organizr Version 2.1.165 you can now use the API to enable PHP Mailer with Organizr's SMTP account

In order to enable PHP Mailer you will need to know your Organizr API Key.  This is inside your /api/config/config.php file under the variable:

'organizrAPI' => 'qefeh7de0poey7c87w0a',

Once you have the API Key you can navigate to URL: http://organizr/api/v2/help/smtp?apikey=12345678901234567890

Make sure to replace organizr with your IP address of your own Organizr instance as well as you API Key.

Once that is complete you should see the following:

    "response": {
        "result": "success",
        "message": "SMTP activated with Organizr SMTP account",
        "data": true

Now you can go to Organizr and use the Forgot Password link.... That is it!


For versions below 2.1.165, If you do not have your own mail server to use, You can use Organizr's server... Click Me!

Open up the Organizr config file, /config/www/Dashboard/api/config/config.php, in a text editor and setup the PHPMailer settings like so, with your own SMTP Server information:

'PHPMAILER-enabled' => true,
'PHPMAILER-logo' => '',
'PHPMAILER-smtpHost' => '',
'PHPMAILER-smtpHostAuth' => true,
'PHPMAILER-smtpHostPort' => '587',
'PHPMAILER-smtpHostSenderEmail' => '',
'PHPMAILER-smtpHostSenderName' => 'Organizr',
'PHPMAILER-smtpHostType' => 'tls',
'PHPMAILER-smtpHostUsername' => '',
'PHPMAILER-template' => 'light',
'PHPMAILER-verifyCert' => true

You will need to check with your e-mail provider for all of the correct settings for this to work with your e-mail account.

Make sure that, if the last line of the above code is the last line in the file, that there is NO comma at the end and that the new code is inside the PHP block, before the ending );.

For example, if you're appending the code to the end of your config file, it would end up looking like this:

'PHPMAILER-enabled' => true,
'PHPMAILER-logo' => '',
'PHPMAILER-smtpHost' => '',
'PHPMAILER-smtpHostAuth' => true,
'PHPMAILER-smtpHostPort' => '587',
'PHPMAILER-smtpHostSenderEmail' => '',
'PHPMAILER-smtpHostSenderName' => 'Organizr',
'PHPMAILER-smtpHostType' => 'tls',
'PHPMAILER-smtpHostUsername' => '',
'PHPMAILER-template' => 'light',
'PHPMAILER-verifyCert' => true


You will need the hashed value of the password, so, to get hashed value for PHPMAILER-smtpHostPassword, you need to create a PHP file in root of Organizr, IE: /config/www/Dashboard/hash_password.php, and then put this code:

include 'api/functions.php';
$Organizr = new Organizr();
echo $Organizr->encrypt('PASSWORDHERE');

Replacing PASSWORDHERE with your SMTP account password. Browse to the domain/system you're running Org on and hit that PHP file, IE:, to get the hashed password.

If you do not want to create a php file, you can use Organizr's... Click Me!

Put the hashed password into the config.php file and then you SHOULD be able to recover/reset your Organizr account password.

Redirect Looping - SameSite Errors

Are you getting stuck in a redirect loop?  Are you seeing some console errors in your browser about SameSite Cookies?  


Browsers are starting to enforce strict rules on Cookies set by web apps.  The issue here is when an application is not hosted on the same host as Organizr.  You have three options...

  1. If you are browsing locally, you can add host records to your network or machine that you are browsing with.  
  2. If you are browsing from WAN, you can create reverse proxies.
  3. Depending on your browser software you can just turn off this check.


Option #1

We will use windows as an example.

Host file location

The Hosts file in Windows is located at the following location:


Here you will see the Hosts file. Right-click on it and select Notepad. Make the changes and Save.

But sometimes, even when you are logged on with administrative credentials, you may receive the following error message:

Access to C:\Windows\System32\drivers\etc\ hosts was denied


Cannot create the C:\Windows\System32\drivers\etc\hosts file. Make sure that the path and file name are correct.

In this case, type Notepad in Start search and right-click on the Notepad result. Select Run as administrator. Open the Hosts file, make the necessary changes, and then click Save.

The changes you need to make are like below:       hostname

The left value is the IP address and the right value is the hostname or text you want to tie to that IP address. For this fix everything needs to be on the same domain (basically like how subdomains work when reverse proxying).

Note: They must be on the same subdomain for this to work. You can't just do <service>.tld, they have to be <service>.something.tld


Depending on your Router you will need to lookup how to achieve this.  Routers usually utilize using Dnsmasq.


Option #2

Depending on your webserver - you can just lookup your webserver and reverse proxy to achieve this.  


Option #3



Access this page from your browser  chrome://flags

Search for SameSite and disable it.

Note: This was only supposed to be a temporary setting and it seems like Chrome is starting to ignore what this is set to so you'll have to use one of the other options if you try and it doesn't work.


Access this page from your browser edge://flags/

Search for SameSite and disable it.



Access this page from your browser about:config

Search for SameSite and disable it.



Application Errors

Jackett and Tautulli seem to hardcode the SameSite cookie as Lax
Sonarr/Radarr/Lidarr are starting to hardcode the SameSite cookie as Strict

The only way to bypass that is to use Option #1 or Option #2





Read more about SameSite

Login Error - API Connection Failed

This seems to be coming up more frequently lately. The Organizr logs will look like there was a successful login. If you are reverse proxying Organizr, you may see the following error in your NGINX logs:

2020/05/12 15:52:05 [error] 439#439: *1502 upstream sent too big header while reading response header from upstream, client:, server: org.*, request: "POST /api/v2/login HTTP/2.0", upstream: "", host: "", referrer: ""

With a reverse proxy, this seems to be a two step process to fix. If you're not using a reverse proxy skip to the next one. First adding (or increasing the limits if you have this set already, check your proxy.conf) like the following:

proxy_buffer_size          128k;
proxy_buffers              4 256k;
proxy_busy_buffers_size    256k;

The second part and the part if you're not reverse proxying and just running it native, you may see this in the logs:

2020/05/20 11:58:31 [error] 130009#130009: *87200 upstream sent too big header while reading response header from upstream, client: 172.xx.xx.xx, server:, request: "POST /api/v2/login HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "", referrer: ""

And this needs to go in the NGINX config where your Organizr is in the PHP block (if you are on the new organizr/organizr container, we have added this now):

fastcgi_buffers 32 32k;
fastcgi_buffer_size 32k;