[Bug]: Socket failed to connect when logging in with authelia #3021

New issue

Open

opened 2026-02-20 03:04:27 -05:00 by deekerman · 8 comments

deekerman commented 2026-02-20 03:04:27 -05:00

Owner

Copy link

Originally created by @SamsiFPV on GitHub (Jun 12, 2025).

What happened?

When I am logging in with authelia, the notification pops up "Socket failed to connect".
If I log in with password, everything works.

The only differences I can see on those two requests is the authelia session cookie.

What did you expect to happen?

I expect the app to work with the authelia login

Steps to reproduce the issue

1. Log in with authelia
2. Website displays "Socket failed to connect" after a few seconds.

Audiobookshelf version

v2.24.0

How are you running audiobookshelf?

Other (list in "Additional Notes" box)

What OS is your Audiobookshelf server hosted from?

Other (list in "Additional Notes" box)

If the issue is being seen in the UI, what browsers are you seeing the problem on?

None

Logs

Additional Notes

abs is running on truenas, accessed via a reverse proxy made with nginx.

Originally created by @SamsiFPV on GitHub (Jun 12, 2025). ### What happened? When I am logging in with authelia, the notification pops up "Socket failed to connect". If I log in with password, everything works. The only differences I can see on those two requests is the authelia session cookie. ### What did you expect to happen? I expect the app to work with the authelia login ### Steps to reproduce the issue 1. Log in with authelia 2. Website displays "Socket failed to connect" after a few seconds. ### Audiobookshelf version v2.24.0 ### How are you running audiobookshelf? Other (list in "Additional Notes" box) ### What OS is your Audiobookshelf server hosted from? Other (list in "Additional Notes" box) ### If the issue is being seen in the UI, what browsers are you seeing the problem on? None ### Logs ```shell ``` ### Additional Notes abs is running on truenas, accessed via a reverse proxy made with nginx.

deekerman added the

bug

waiting

unable to reproduce

labels 2026-02-20 03:04:27 -05:00

deekerman commented 2026-02-20 03:04:28 -05:00

Author

Owner

Copy link

@Vito0912 commented on GitHub (Jun 12, 2025):

Shows symptoms of a crash.
Please check the crash log if available, which should be located under the metadata folder.
If you use docker, check the docker logs as an alternative.

@Vito0912 commented on GitHub (Jun 12, 2025): Shows symptoms of a crash. Please check the crash log if available, which should be located under the metadata folder. If you use docker, check the docker logs as an alternative.

deekerman commented 2026-02-20 03:04:28 -05:00

Author

Owner

Copy link

@SamsiFPV commented on GitHub (Jun 13, 2025):

The container logs from TrueNAS:

2025-06-13 06:11:49.605180+00:00[2025-06-13 08:11:49.604] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144
2025-06-13 06:11:57.859700+00:00[2025-06-13 08:11:57.859] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144
2025-06-13 06:19:24.409802+00:00[2025-06-13 08:19:24.409] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144

Logs from the metadata/logs/daily folder:

{"timestamp":"2025-06-13 08:11:49.605","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2}
{"timestamp":"2025-06-13 08:11:57.859","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2}
{"timestamp":"2025-06-13 08:19:24.409","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2}

Also tried switching log level to debug, but nothing interesting there either. The application doesn't seem to crash, it just doesn't like the websocket request with the authentication cookie

I think it's the size of the cookie, my request is 1.7kB big. It works with a request size of 700 Bytes.

@SamsiFPV commented on GitHub (Jun 13, 2025): The container logs from TrueNAS: ``` 2025-06-13 06:11:49.605180+00:00[2025-06-13 08:11:49.604] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144 2025-06-13 06:11:57.859700+00:00[2025-06-13 08:11:57.859] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144 2025-06-13 06:19:24.409802+00:00[2025-06-13 08:19:24.409] INFO: [Auth] User "samsi" logged in from ip ::ffff:192.168.1.144 ``` Logs from the metadata/logs/daily folder: ``` {"timestamp":"2025-06-13 08:11:49.605","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2} {"timestamp":"2025-06-13 08:11:57.859","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2} {"timestamp":"2025-06-13 08:19:24.409","source":"Auth.js:892","message":"[Auth] User \"samsi\" logged in from ip ::ffff:192.168.1.144","levelName":"INFO","level":2} ``` Also tried switching log level to debug, but nothing interesting there either. The application doesn't seem to crash, it just doesn't like the websocket request with the authentication cookie I think it's the size of the cookie, my request is 1.7kB big. It works with a request size of 700 Bytes.

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@advplyr commented on GitHub (Jul 8, 2025):

Did you resolve this?

@advplyr commented on GitHub (Jul 8, 2025): Did you resolve this?

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@SamsiFPV commented on GitHub (Jul 9, 2025):

Negative.
I tried again now, and now it brings me this error:

@SamsiFPV commented on GitHub (Jul 9, 2025): Negative. I tried again now, and now it brings me this error: <img width="281" height="83" alt="Image" src="https://github.com/user-attachments/assets/3dbda954-f887-40b5-bead-3dec7aa4862c" />

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@Vito0912 commented on GitHub (Jul 9, 2025):

Can you please provide the status code of the request and any other information connected to the request.

Idk if we do something special for cookies, but iirc cookies should be fine up to 4kb. The header is not allowed to be bigger than 8kb (So maybe you have other values in the header maybe?)

@Vito0912 commented on GitHub (Jul 9, 2025): Can you please provide the status code of the request and any other information connected to the request. Idk if we do something special for cookies, but iirc cookies should be fine up to 4kb. The header is not allowed to be bigger than 8kb (So maybe you have other values in the header maybe?)

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@SamsiFPV commented on GitHub (Jul 9, 2025):

Okay, this is weird. I have tried again, this time with a clean chromium browser.
After logging in with Authelia, I get a "This site can't be reached".

These are the failed requests:

The first failed request had this request URL:

https://abs.example.ch/auth/openid/callback?code=authelia_ac_RqagEsjAer-PfhV-nsIJkfK2tY6rxmnu7QZjcOqTm3Q.ULPwy_tX2jyw2rzPeyvtsSsUmmTtkuq25RxTLhqJ6zs&iss=https%3A%2F%2Fauth.example.ch&scope=openid+profile+email&state=LYFvk6R2q4PdoPLEi_HTSqEXIqO75DTpTezn-HGdMGc

And these request headers:

:authority
abs.example.ch
:method
GET
:path
/auth/openid/callback?code=authelia_ac_RqagEsjAer-PfhV-nsIJkfK2tY6rxmnu7QZjcOqTm3Q.ULPwy_tX2jyw2rzPeyvtsSsUmmTtkuq25RxTLhqJ6zs&iss=https%3A%2F%2Fauth.example.ch&scope=openid+profile+email&state=LYFvk6R2q4PdoPLEi_HTSqEXIqO75DTpTezn-HGdMGc
:scheme
https
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
accept-encoding
gzip, deflate, br, zstd
accept-language
en-GB,en-US;q=0.9,en;q=0.8
cache-control
no-cache
cookie
auth_method=openid; openid_id_token=MYTOKEN
authelia_session=$_Szi-KCRKgXfSmE6jgVLoMa7fjDByiz; auth_cb=https%3A%2F%2Fabs.example.ch%2Faudiobookshelf%2Flogin%2F
pragma
no-cache
priority
u=0, i
sec-ch-ua
"Not)A;Brand";v="8", "Chromium";v="138"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Linux"
sec-fetch-dest
document
sec-fetch-mode
navigate
sec-fetch-site
same-site
sec-fetch-user
?1
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

On Firefox I no longer get the Axios error, instead it logs me in and again: "Socket failed to connect"

That looks like this:

The first response is NS_ERROR_UNKNOWN_HOST, the rest is NS_ERROR_CONNECTION_REFUSED:

@SamsiFPV commented on GitHub (Jul 9, 2025): Okay, this is weird. I have tried again, this time with a clean chromium browser. After logging in with Authelia, I get a "This site can't be reached". These are the failed requests: <img width="709" height="152" alt="Image" src="https://github.com/user-attachments/assets/d7809a1a-9de9-4e92-a2b2-e30d21c39ae1" /> The first failed request had this request URL: ``` https://abs.example.ch/auth/openid/callback?code=authelia_ac_RqagEsjAer-PfhV-nsIJkfK2tY6rxmnu7QZjcOqTm3Q.ULPwy_tX2jyw2rzPeyvtsSsUmmTtkuq25RxTLhqJ6zs&iss=https%3A%2F%2Fauth.example.ch&scope=openid+profile+email&state=LYFvk6R2q4PdoPLEi_HTSqEXIqO75DTpTezn-HGdMGc ``` And these request headers: ``` :authority abs.example.ch :method GET :path /auth/openid/callback?code=authelia_ac_RqagEsjAer-PfhV-nsIJkfK2tY6rxmnu7QZjcOqTm3Q.ULPwy_tX2jyw2rzPeyvtsSsUmmTtkuq25RxTLhqJ6zs&iss=https%3A%2F%2Fauth.example.ch&scope=openid+profile+email&state=LYFvk6R2q4PdoPLEi_HTSqEXIqO75DTpTezn-HGdMGc :scheme https accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 accept-encoding gzip, deflate, br, zstd accept-language en-GB,en-US;q=0.9,en;q=0.8 cache-control no-cache cookie auth_method=openid; openid_id_token=MYTOKEN authelia_session=$_Szi-KCRKgXfSmE6jgVLoMa7fjDByiz; auth_cb=https%3A%2F%2Fabs.example.ch%2Faudiobookshelf%2Flogin%2F pragma no-cache priority u=0, i sec-ch-ua "Not)A;Brand";v="8", "Chromium";v="138" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" sec-fetch-dest document sec-fetch-mode navigate sec-fetch-site same-site sec-fetch-user ?1 upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 ``` On Firefox I no longer get the Axios error, instead it logs me in and again: "Socket failed to connect" That looks like this: <img width="1709" height="792" alt="Image" src="https://github.com/user-attachments/assets/12448031-2cf5-49fd-9573-d3a96a64761c" /> The first response is NS_ERROR_UNKNOWN_HOST, the rest is NS_ERROR_CONNECTION_REFUSED: <img width="199" height="145" alt="Image" src="https://github.com/user-attachments/assets/63dc9e31-89bf-4917-981d-7e585a951eb5" />

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@SamsiFPV commented on GitHub (Jul 9, 2025):

Note: The connection refused was because of fail2ban, my bad.

I still get this though after (successfully) logging in with authelia:

@SamsiFPV commented on GitHub (Jul 9, 2025): Note: The connection refused was because of fail2ban, my bad. I still get this though after (successfully) logging in with authelia: <img width="1486" height="213" alt="Image" src="https://github.com/user-attachments/assets/aa6510dc-3616-433e-8b9e-a5b94175811d" />

deekerman commented 2026-02-20 03:04:29 -05:00

Author

Owner

Copy link

@SamsiFPV commented on GitHub (Jul 9, 2025):

@SamsiFPV commented on GitHub (Jul 9, 2025): <img width="915" height="833" alt="Image" src="https://github.com/user-attachments/assets/97b9e41d-d82d-4cc2-8107-599d29f6176d" />

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

book_tags_genres_dedupe

episode_download_fallback

Issue-4540-SortBy-StartedDate-and-FinishedDate

episode_meta_tagging

fix_authorize_race_condition

redirect_transcode_requests

progress_updated_sort

fix_ereader_socket_event

fix_change_empty_root_password

fix_podcast_session_track_index

fix_set_token

session_modal_user

localize_durations

fix_oidc_create_user

jwt_auth_refactor

fix_scanner_deleting_single_file_books

fix_mediaprogress_updatedat_2

experimental_next_client

podcast_episode_duration

episode-timestamps-clickable

book_author_secondary_sort_title

podcast_useragents

pathexists_user_access

fix_pathexists_join

book_author_secondary_sort

clean_duplicate_mediaprogress

sanitize_html_description

trix_prevent_attachments

check_path_api_fix

fix_mediaprogress_updatedat

increase_express_json_limit

fix_dockerfile_nunicode

search_episodes

audiobook_tools_update

episode_secondary_sorts

hls_stream_url_update

new_session_track_endpoint

audiobook_tools_enhancements

watcher_rescans_update

player_track_tooltip

fix_exclude_prefixes_crash

socket_item_events

fix_podcast_episode_scanner_promise

new_stats_controller

count_cache_for_userpermissions

parsing-opf-v3

validate_migration_files

fix-quick-match-all-crash

fix-chapter-end-sleep-timer

stringify_sequelize_query

remove-col-ambiguity

fix_next_prev_edit_description

details_trim_whitespace

fix_content_url_basepath

fix_logger_fatal

progress_bar_visibility

batch-edit-populate-map-details

feed_generator_updates

bookmark-modal-updates

migrate-library-item-in-scanner

migrate-new-library-items

migrate-podcasts-new-library-item-2

migrate-podcasts-new-library-item

fix-remove-episode-from-playlist

playback-session-use-new-library-item

refactor-library-item

fix-heatmap-caption

feed-episodes-upsert

share-media-player-media-session-api

remove-old-playlist

remove_old_collection_object

plugin-implementation-demo

feed_migration

refactor-feeds-from-item

fix_remove_authors_no_books

v2.17.3-fk-constraints-migration

migrations-first-upgrade

sqlite_2

feature/nuxt-target-server

waveform

sqlite

playlists

video

v2.32.1

v2.32.0

v2.31.0

v2.30.0

v2.29.0

v2.28.0

v2.27.0

v2.26.3

v2.26.2

v2.26.1

v2.26.0

v2.25.1

v2.25.0

v2.24.0

v2.23.0

v2.22.0

v2.21.0

v2.20.0

v2.19.5

v2.19.4

v2.19.3

v2.19.2

v2.19.1

v2.19.0

v2.18.1

v2.18.0

v2.17.7

v2.17.6

v2.17.5

v2.17.4

v2.17.3

v2.17.2

v2.17.1

v2.17.0

v2.16.2

v2.16.1

v2.16.0

v2.15.1

v2.15.0

v2.14.0

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.0

v2.10.1

v2.10.0

v2.9.0

v2.8.1

v2.8.0

v2.7.2

v2.7.1

v2.7.0

v2.6.0

v2.5.0

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.23

v2.2.22

v2.2.21

v2.2.20

v2.2.19

v2.2.18

v2.2.17

v2.2.16

v2.2.15

v2.2.14

v2.2.13

v2.2.12

v2.2.11

v2.2.10

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.24

v2.0.23

v2.0.22

v2.0.21

v2.0.20

v2.0.19

v2.0.18

v2.0.17

v2.0.16

v2.0.15

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.5

v1.5.0

v1.4.11

v1.4.9

v1.4.7

v1.4.6

v1.4.4

v1.4.2

v1.4.1

v1.4.0

v1.3.4

v1.3.3

v1.3.1

v1.2.8

v1.2.6

v1.2.5

v1.2.4

v1.2.1

v1.1.15

v1.1.14

v1.1.13

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.0.0

0.9.61-beta.0

0.9.61-beta

Labels

Clear labels   

authentication

  

awaiting release

  

backlog

  

bug

  

chapter editor

  

config-issue

  

ebooks

  

encoding/embedding

  

enhancement

  

help wanted

  

listening sessions & progress

  

planned

  

possible plugin

  

progress sync

  

sorting/filtering/searching

  

unable to reproduce

  

upload

  

users & permissions

  

waiting

No labels

authentication

awaiting release

backlog

bug

chapter editor

config-issue

ebooks

encoding/embedding

enhancement

help wanted

listening sessions & progress

planned

possible plugin

progress sync

sorting/filtering/searching

unable to reproduce

upload

users & permissions

waiting

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/audiobookshelf#3021

No description provided.