# FreshRSS API Status & Next Steps ## Current Configuration ✅ API enabled in FreshRSS ✅ API password set in user profile ✅ Tinyauth SSO removed ✅ Nginx configured with PATH_INFO ✅ Nginx configured to pass Authorization header ✅ Traefik configured to pass host header ## Issue The API compatibility check still fails: `FAIL get HTTP Authorization header!` This means the HTTP Authorization header isn't reaching PHP's `$_SERVER['HTTP_AUTHORIZATION']` variable. ## What We've Tried 1. ✅ Removed Tinyauth middleware (was blocking API) 2. ✅ Added fastcgi_param HTTP_AUTHORIZATION to nginx 3. ✅ Added PATH_INFO support (required by FreshRSS API) 4. ✅ Set API password in web interface 5. ✅ Configured Traefik pass host header ## The Root Cause The nginx → PHP-FPM authorization header passthrough isn't working correctly in the LinuxServer.io FreshRSS image. ## Solution: Try Reeder Now Anyway Even though the compatibility check fails, **Reeder might still work**. The check uses a different method than actual client authentication. ### Test in Reeder: 1. **Delete** existing FreshRSS account in Reeder 2. **Add New Account** → FreshRSS or Self-hosted 3. Enter: - Server: `https://feeds.fig.systems` - Username: `eddie` - Password: `[YOUR API PASSWORD FROM WEB INTERFACE]` 4. **Try to sync** The password should be the one you typed into the "API password" field in FreshRSS Profile settings. ## Alternative: Use Fever API Instead Fever API uses different authentication and might work better. ### Your Fever Settings: **Fever API URL:** `https://feeds.fig.systems/api/fever.php` **Fever Key:** `b82fc4a3c3ff610ff270798ef6f93b13` ### In Reeder: 1. **Add Account** → **Fever** 2. Server: `https://feeds.fig.systems/api/fever.php` 3. Email: `eddie` 4. Password: `[YOUR WEB PASSWORD]` ← Uses web password, NOT API password! Fever API doesn't require the Authorization header in the same way, so it might bypass this nginx issue. ## If Both Fail: Advanced Fix Required If neither Google Reader API nor Fever API works, we need to: 1. **Switch to official FreshRSS Docker image** (not LinuxServer.io) - Official image: `freshrss/freshrss:latest` - Has proper nginx config out of the box 2. **Or: Use Apache instead of nginx** in LinuxServer image - LinuxServer allows switching web servers - Apache handles Authorization headers differently 3. **Or: Check Traefik logs** to see if header is being stripped there ```bash docker logs traefik | grep -i authorization ``` ## Recommended Action Plan 1. **TRY REEDER NOW** - might work despite compatibility check failure 2. **TRY FEVER API** - different auth method 3. **If both fail:** Check logs while attempting: ```bash tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log ``` Look for the API requests and their response codes ## Debug Commands ### Check what Reeder sends: ```bash # Watch access log while connecting from Reeder tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log ``` ### Test API manually: ```bash # Replace with your actual API password curl -v -d "Email=eddie" -d "Passwd=YOUR_API_PASSWORD" \ "https://feeds.fig.systems/api/greader.php/accounts/ClientLogin" ``` ### Test Fever API: ```bash curl -v -d "api_key=b82fc4a3c3ff610ff270798ef6f93b13" \ "https://feeds.fig.systems/api/fever.php?api" ``` ## Sources & References - [FreshRSS Authorization Header Issue #2308](https://github.com/FreshRSS/FreshRSS/issues/2308) - [FreshRSS Apache/Nginx Configuration](https://freshrss.github.io/FreshRSS/en/admins/10_ServerConfig.html) - [FreshRSS Mobile Access Guide](https://freshrss.github.io/FreshRSS/en/users/06_Mobile_access.html) - [Nginx API 401 Discussion #6183](https://github.com/FreshRSS/FreshRSS/discussions/6183) --- **Bottom Line:** Try Reeder with the API password now. If it doesn't work, try Fever API. Both might work even though the compatibility check fails.