93b9c883a1
Add comprehensive guides for debugging and resolving FreshRSS API authentication issues with mobile apps. Includes: - API password setup instructions - iOS app configuration (Reeder, NetNewsWire, etc.) - Google Reader API vs Fever API comparison - nginx Authorization header troubleshooting - Debug logging locations and commands - Common error patterns and solutions Covers both successful resolution and known limitations.
3.9 KiB
FreshRSS API Status & Next Steps
Current Configuration
✅ API enabled in FreshRSS ✅ API password set in user profile ✅ Tinyauth SSO removed ✅ Nginx configured with PATH_INFO ✅ Nginx configured to pass Authorization header ✅ Traefik configured to pass host header
Issue
The API compatibility check still fails: FAIL get HTTP Authorization header!
This means the HTTP Authorization header isn't reaching PHP's $_SERVER['HTTP_AUTHORIZATION'] variable.
What We've Tried
- ✅ Removed Tinyauth middleware (was blocking API)
- ✅ Added fastcgi_param HTTP_AUTHORIZATION to nginx
- ✅ Added PATH_INFO support (required by FreshRSS API)
- ✅ Set API password in web interface
- ✅ Configured Traefik pass host header
The Root Cause
The nginx → PHP-FPM authorization header passthrough isn't working correctly in the LinuxServer.io FreshRSS image.
Solution: Try Reeder Now Anyway
Even though the compatibility check fails, Reeder might still work. The check uses a different method than actual client authentication.
Test in Reeder:
- Delete existing FreshRSS account in Reeder
- Add New Account → FreshRSS or Self-hosted
- Enter:
- Server:
https://feeds.fig.systems - Username:
eddie - Password:
[YOUR API PASSWORD FROM WEB INTERFACE]
- Server:
- Try to sync
The password should be the one you typed into the "API password" field in FreshRSS Profile settings.
Alternative: Use Fever API Instead
Fever API uses different authentication and might work better.
Your Fever Settings:
Fever API URL: https://feeds.fig.systems/api/fever.php
Fever Key: b82fc4a3c3ff610ff270798ef6f93b13
In Reeder:
- Add Account → Fever
- Server:
https://feeds.fig.systems/api/fever.php - Email:
eddie - Password:
[YOUR WEB PASSWORD]← Uses web password, NOT API password!
Fever API doesn't require the Authorization header in the same way, so it might bypass this nginx issue.
If Both Fail: Advanced Fix Required
If neither Google Reader API nor Fever API works, we need to:
-
Switch to official FreshRSS Docker image (not LinuxServer.io)
- Official image:
freshrss/freshrss:latest - Has proper nginx config out of the box
- Official image:
-
Or: Use Apache instead of nginx in LinuxServer image
- LinuxServer allows switching web servers
- Apache handles Authorization headers differently
-
Or: Check Traefik logs to see if header is being stripped there
docker logs traefik | grep -i authorization
Recommended Action Plan
- TRY REEDER NOW - might work despite compatibility check failure
- TRY FEVER API - different auth method
- If both fail: Check logs while attempting:
Look for the API requests and their response codestail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log
Debug Commands
Check what Reeder sends:
# Watch access log while connecting from Reeder
tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log
Test API manually:
# Replace with your actual API password
curl -v -d "Email=eddie" -d "Passwd=YOUR_API_PASSWORD" \
"https://feeds.fig.systems/api/greader.php/accounts/ClientLogin"
Test Fever API:
curl -v -d "api_key=b82fc4a3c3ff610ff270798ef6f93b13" \
"https://feeds.fig.systems/api/fever.php?api"
Sources & References
- FreshRSS Authorization Header Issue #2308
- FreshRSS Apache/Nginx Configuration
- FreshRSS Mobile Access Guide
- Nginx API 401 Discussion #6183
Bottom Line: Try Reeder with the API password now. If it doesn't work, try Fever API. Both might work even though the compatibility check fails.