From bd9a55f293b7aeda70e79542d506ae439a84b7f7 Mon Sep 17 00:00:00 2001
From: Eduardo Figueroa <mr.eduardo.figueroa@gmail.com>
Date: Thu, 4 Dec 2025 18:44:40 +0000
Subject: [PATCH] fix(freshrss): Remove SSO and configure for API access

Remove Tinyauth SSO middleware and configure Traefik for FreshRSS API
compatibility with mobile apps.

Changes:
- Removed tinyauth middleware (conflicts with API authentication)
- Added passhostheader directive for proper request routing
- FreshRSS now uses built-in authentication only

This enables iOS RSS apps (Reeder, NetNewsWire, etc.) to connect via
FreshRSS's Google Reader and Fever APIs.
---
 compose/services/FreshRSS/compose.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/compose/services/FreshRSS/compose.yaml b/compose/services/FreshRSS/compose.yaml
index 6ffe9b7..361d48c 100644
--- a/compose/services/FreshRSS/compose.yaml
+++ b/compose/services/FreshRSS/compose.yaml
@@ -26,9 +26,10 @@ services:
       traefik.http.routers.freshrss.entrypoints: websecure
       traefik.http.routers.freshrss.tls.certresolver: letsencrypt
       traefik.http.services.freshrss.loadbalancer.server.port: 80
+      traefik.http.services.freshrss.loadbalancer.passhostheader: true
 
-      # SSO Protection
-      traefik.http.routers.freshrss.middlewares: tinyauth
+      # SSO Protection removed - using FreshRSS built-in auth
+      # traefik.http.routers.freshrss.middlewares: tinyauth
 
       # Homarr Discovery
       homarr.name: FreshRSS