Basic Auth breaks github import or vice versa

When enabling a basic auth in nginx in front of bolt_diy, with something like this for nginx:

upstream bolt_src {
  ip_hash;
  server 10.64.201.1:5173;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name bolt.example.com;

    ssl_certificate /etc/nginx/ssl/live/example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/live/example.com-key.pem;
    
    location / {
      auth_basic "Restricted";
      auth_basic_user_file .htpasswd;
      proxy_pass http://bolt_src;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
    }
}

In my browser when the basic auth pops up I get this just before on the console:

ENOENT: no such file or directory, readdir '/home/project/.git'

At this point I can retype my user and pass for the basic auth as many times as I want it does not error but just redisplays the basic auth again, until I hit cancel multiple times.

This is what is in my container logs:

app-dev-1  |  INFO   LLMManager  Registering Provider:  Anthropic
app-dev-1  |  INFO   LLMManager  Registering Provider:  Cohere
app-dev-1  |  INFO   LLMManager  Registering Provider:  Deepseek
app-dev-1  |  INFO   LLMManager  Registering Provider:  Google
app-dev-1  |  INFO   LLMManager  Registering Provider:  Groq
app-dev-1  |  INFO   LLMManager  Registering Provider:  HuggingFace
app-dev-1  |  INFO   LLMManager  Registering Provider:  Hyperbolic
app-dev-1  |  INFO   LLMManager  Registering Provider:  Mistral
app-dev-1  |  INFO   LLMManager  Registering Provider:  Ollama
app-dev-1  |  INFO   LLMManager  Registering Provider:  OpenAI
app-dev-1  |  INFO   LLMManager  Registering Provider:  OpenRouter
app-dev-1  |  INFO   LLMManager  Registering Provider:  OpenAILike
app-dev-1  |  INFO   LLMManager  Registering Provider:  Perplexity
app-dev-1  |  INFO   LLMManager  Registering Provider:  xAI
app-dev-1  |  INFO   LLMManager  Registering Provider:  Together
app-dev-1  |  INFO   LLMManager  Registering Provider:  LMStudio
app-dev-1  |  INFO   LLMManager  Registering Provider:  AmazonBedrock
app-dev-1  |  INFO   LLMManager  Registering Provider:  Github
app-dev-1  |  INFO   LLMManager  Caching 0 dynamic models for OpenAILike
app-dev-1  |  INFO   LLMManager  Caching 0 dynamic models for Together
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Google : Missing Api Key configuration for Google provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Groq : Missing Api Key configuration for Groq provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Hyperbolic : Missing Api Key configuration for Hyperbolic provider
app-dev-1  |  INFO   LLMManager  Getting dynamic models for Ollama
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models LMStudio : TypeError: fetch failed
app-dev-1  |  INFO   LLMManager  Caching 25 dynamic models for Ollama
app-dev-1  |  INFO   LLMManager  Got 25 dynamic models for Ollama
app-dev-1  |  INFO   LLMManager  Caching 235 dynamic models for OpenRouter
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Google : Missing Api Key configuration for Google provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Groq : Missing Api Key configuration for Groq provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Hyperbolic : Missing Api Key configuration for Hyperbolic provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models LMStudio : TypeError: fetch failed
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Google : Missing Api Key configuration for Google provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Groq : Missing Api Key configuration for Groq provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models Hyperbolic : Missing Api Key configuration for Hyperbolic provider
app-dev-1  |  ERROR   LLMManager  Error getting dynamic models LMStudio : TypeError: fetch failed

Any idea on how to fix this? Is there any authentication methods that are being planned?

Hi @uberthoth,

these errors nothing have to do with your https/ssl setup. They are also there if you just do localhost:

image1082×319 28.3 KB

I think Auth coming in the future, but not fix planned at the moment.

I try to test it out myself with nginx. wanted to do a longer time, but didnt then cause I dont need

Addition: If you deploy on Cloudflare, you can use the auth from there (zero trust)

Just testet it out now and worked without any problems for me.

Here my nginx-config:

# Redirect all HTTP requests to HTTPS
server {
  listen 80;
  server_name bolt.xxxxxxx.cloud;
  return 301 https://$host$request_uri;
}

# HTTPS server block for bolt.diy
server {
  listen 443 ssl; # managed by Certbot
  server_name bolt.xxxxxxxx.cloud;

  ssl_certificate /etc/letsencrypt/live/bolt.xxxxxx.cloud/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/bolt.xxxxx.cloud/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  # Proxy all requests to the bolt.diy app running on port 5173
  location / {

    # Enable basic authentication
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;

    proxy_pass http://127.0.0.1:5173;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

So I just came up with a way to test outside of cloudflare and that indeed works. It must be cloudflare mucking it up.

The thing is the basic auth works just fine right up until I click the github clone at which point it loops.

Also, I have many other apps on this same nginx setup under different domains, they all seems to be just fine passing through cloudflare.

I think I will attempt an alternate using cloudflares oauth setup, or perhaps my own with authelia.