PureLoneWolf 6 Posted February 11 Posted February 11 Hi I have just setup the Skill and connected it to my server via remote proxy. I've only tested on my phone so far, but seems to be working without issue. The next step for me is to add Authelia into the mix, which I do for all of my internal services that I expose via remote proxy. I was googling around and have bypassed the following in Authelia: - '^/emby/Alexa($|/.*)' - '^/emby/Audio($|/.*)' - '^/emby/Items($|/.*)' - '^/emby/Items/.*/Images($|/.*)' - '^/emby/Users($|/.*)' - '^/emby/Search($|/.*)' - '^/emby/System($|/.*)' - '^/emby/embywebsocket($|/.*)' Which leaves the web client protected. However, Alexa can't login as my connect user when I enable the config. Would someone know what I should be bypassing to allow the skill to work, but keep my web client protected? Thanks in advance
PureLoneWolf 6 Posted February 11 Author Posted February 11 I was looking at my Authelia logs and spotted that /api and /Sessions is also being called. So I updated the bypass to include those: - '^/emby/Alexa($|/.*)' - '^/emby/api($|/.*)' - '^/emby/Audio($|/.*)' - '^/emby/Connect($|/.*)' - '^/emby/Items($|/.*)' - '^/emby/Items/.*/Images($|/.*)' - '^/emby/Users($|/.*)' - '^/emby/Sessions($|/.*)' - '^/emby/Search($|/.*)' - '^/emby/System($|/.*)' - '^/embywebsocket($|/.*)' And it has moved me further on, now Alexa is responding "Error getting device sessions"
Solution PureLoneWolf 6 Posted February 11 Author Solution Posted February 11 I managed to solve it - Thought I would drop what worked for me in here, in case it helps anyone else. Here are the Authelia access control rules that I am using: - domain: "sub.domain.com" policy: bypass resources: - '^/emby($|/.*)' - '^/embywebsocket($|/.*)' - '^/websocket($|/.*)' - '^/api/verify($|/.*)' - domain: "sub.domain.com" policy: two_factor With this, the Alexa skill authenticates correctly and can play music to my Echo devices but the webui needs Authelia authentication before it gives me the Emby login screen
sh0rty 714 Posted February 11 Posted February 11 (edited) 57 minutes ago, PureLoneWolf said: I managed to solve it - Thought I would drop what worked for me in here, in case it helps anyone else. Here are the Authelia access control rules that I am using: - domain: "sub.domain.com" policy: bypass resources: - '^/emby($|/.*)' - '^/embywebsocket($|/.*)' - '^/websocket($|/.*)' - '^/api/verify($|/.*)' - domain: "sub.domain.com" policy: two_factor With this, the Alexa skill authenticates correctly and can play music to my Echo devices but the webui needs Authelia authentication before it gives me the Emby login screen At the end of the day, it should be the same as in this thread. Other Auth solution but same purpose. Just in case you don't want to open the whole /emby path. Edited February 11 by sh0rty 1
PureLoneWolf 6 Posted February 11 Author Posted February 11 Thanks for the tip - Although, doesn't your ruleset expose everything below web too? Or am I misreading?
sh0rty 714 Posted February 12 Posted February 12 On 2/11/2026 at 3:18 PM, PureLoneWolf said: Thanks for the tip - Although, doesn't your ruleset expose everything below web too? Or am I misreading? Yes, but the Web Client path is just */web without */emby in front. My exposed path is */emby/web.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now