Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Type
Purpose
Overseerr URL
URL for your Server's Overseerr Instance
Token
API Key for Overseerr
Overseerr Fallback User
If your user doesn't have an Overseerr account, Organizr will use this account
Overseerr Password
Password for the above account
Enable
Enable Overseerr SSO
Plex Single Sign On
If you are using Plex as the main driving factor for your Organizr instance, you will want to enable Plex as backend choice to login via Plex credentials.
Change the Authentication type to Organizr DB + Backend. Choose Plex as the Authentication Backend. Use the Retrieve button to fill in the Plex Token and Plex Machine.
The other two toggles are optional:
Now that Plex is setup to be the backend for Organizr, you can head over to the SSO section for Plex
If Plex account was made using Facebook/Google - YOU HAVE TO USE OAUTH to sign in
Plex SSO will only work with Plex reverse proxied as a subdirectory and not as a subdomain. Fill out the Plex Token and Plex Machine (They should already be filled in if you did the above step). You can use the retrieve buttons to fill these out. Toggle the enabled switch to turn it on.
If not using Plex OAuth - For Admin Account - Make sure passwords match in Organizr and Plex
Plex SSO doesn't work if Plex Reverse Proxy is a subdomain - It must be on the same domain as Organizr
Type
Purpose
Enable Plex oAuth
This will bring up a Plex login screen that will flow credentials through plex.tv
Strict Plex Friends
Enabling this option will only allow people from your friends list that have access to the server that you selected for Plex Machine
Type
Purpose
Plex Token
Token to authenticate with Plex Servers
Plex Machine
Plex Machine ID for your specific server
Admin Username
Username or Email for Organizr and Plex Admin account
Enable
Enable Plex SSO
location /plex/ {
proxy_pass http://ip-of-plex:32400/;
include /path/to/proxy.conf;
}
if ($http_referer ~ /plex/) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";Tautulli Single Sign On
The Tautulli SSO module works best if you are using Plex as your Organizr Backend.
You first need to make sure that Allow Plex Admin & Allow Guest Access to Tautulli are enabled in the Web Interface portion of the Settings page.
To enable Tautulli SSO for your users, head to Tautulli Users page and click Edit mode and click the Lock Icon for each user you want to enable SSO for.
NZBHydra2 Single Sign On with Proxy Auth
NZBHydra has as of version 2.13.13 the ability to authorize using a similar method as Grafana.
In NZBHydra's settings we need to set a few values. The Auth header has to have the same as the one in the NGINX reverse proxy (example to follow), while the Secure ip ranges should be set to the nginx ip.
Type
Purpose
Multiple URL's
Tautulli URL's for multiple instances
Enable
Enable Tautulli SSO
Proxy Auth Single Sign On
Using SSO with Proxy Auth allows you to access an apps UI using only one sign in.
All of these type of apps work the same way. For the reverse proxy you need to add the following:
auth_request /organizr-auth/X; #Change the X to whatever group you want to allow access
auth_request_set $auth_user $upstream_http_x_organizr_user;
proxy_set_header X-WEBAUTH-USER $auth_user;You need to flip the enabled to true (it's disabled by default) and you should set the whitelist to the IP of your Organizr install so the header can only come from it. To read more about this, see Grafana's docs.
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username
auto_sign_up = true
;ldap_sync_ttl = 60
whitelist = 172.27.1.131
;headers = Email:X-User-Email, Name:X-User-Name-e GF_AUTH_PROXY_ENABLED=true \
-e GF_AUTH_PROXY_HEADER_NAME="X-WEBAUTH-USER" \
-e GF_AUTH_PROXY_HEADER_PROPERTY="username" \
-e GF_AUTH_PROXY_AUTO_SIGN_UP=true \
-e GF_AUTH_PROXY_LDAP_SYNC_TTL=60 \
-e GF_AUTH_PROXY_WHITELIST="172.27.1.131" \
-e GF_AUTH_PROXY_HEADERS="Email:X-User-Email, Name:X-User-Name"Type
Purpose
Ombi URL
URL for your Server's Ombi Instance
Token
API Key for Ombi
Ombi Fallback User
If your user doesn't have an Ombi account, Organizr will use this account
Ombi Fallback Password
Password for the above account
Enable
Enable Ombi SSO
Fill out the URL for your Ombi install (it can be the local IP or local DNS and port) and copy your API key from Ombi's settings to the Token box. Toggle the enabled switch to turn it on.
If you are doing a subdomain for Ombi, go to your tabs and set the Tab URL to:
Proxy Type
URL
Subdomain (ombi.domain.com)
Directory (domain.com/ombi)
https://domain.com/ombi
Please make sure that you have the following options enabled in Ombi.
By enabling those options, your users under User Management should have the User Type as Plex User now.
Petio Fallback User & Petio Password not used yet.
Type
Purpose
Petio URL
URL for your Server's Petio Instance
Token
API Key for Petio
Petio Fallback User
If your user doesn't have an Petio account, Organizr will use this account
Petio Password
Password for the above account
Enable
Enable Petio SSO
You will need to update your calibre.conf file as documented on the Proxy Auth SSO page.
Here is an example calibre.conf file for a subdomain of https://domain.com/calibre
location /calibre {
proxy_bind $server_addr;
proxy_pass http://127.0.0.1:8083;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre; # IMPORTANT: path has NO trailing slash
auth_request /organizr-auth/4; #Change the X to whatever group you want to allow access
auth_request_set $auth_user $upstream_http_x_organizr_user;
proxy_set_header X-WEBAUTH-USER $auth_user;
}Type
Purpose
URL
URL for your Server's Komga Instance
Minimum Authentication
Group Needed to use SSO
Enable
Enable Komga SSO
Komga needs a specific Tab URL in order to function
Tab URL
http://komga-domain/?xAuthToken={komga}
Replace komga-domain with the actual domain of your Komga instance.
Type
Purpose
Jellyfin API URL
URL for your Server's Jellyfin API Instance
Jellyfin SSO URL
URL for to pass to Jellyfin for SSO
Enable
Enable Jellyfin SSO
SSO Values
misc.oAuthLogin = Current Login used oAuth
misc.rememberMe = Remember me button was toggle on login
misc.rememberMeDays = Cookie Length in days
%SSO_TYPE%.enabled: false = SSO module enable status
%SSO_TYPE%.cookie: false = Cookie status
%SSO_TYPE%.url: false = URL of SSO module
%SSO_TYPE%.api: false = The API key status if set
%SSO_TYPE%.backend: false = Plex Backend is not enabled
%SSO_TYPE%.machineID = Used for Plex - machineID status
misc:
oAuthLogin: true
rememberMe: true
rememberMeDays: 7
plex:
enabled: true
cookie: true
machineID: true
token: true
plexAdmin: email
strict: true
oAuthEnabled: true
backend: true
ombi:
enabled: true
cookie: true
url: http://docker.home.lab:3579/
api: true
tautulli:
enabled: true
cookie: false
url: http://docker.home.lab:8181%SSO_TYPE%.token = The API key status if set
%SSO_TYPE%.plexAdmin = Either username or email
%SSO_TYPE%.strict = Status of Plex Friends status
%SSO_TYPE%.oAuthEnabled = oAuth enable status
