Rclone rcd WebUI setup not working with Nginx Proxy Manager and Authelia SSO

EnArvy · January 3, 2026, 2:51pm

What is the problem you are having with rclone?

I have started rclone rcd ui with no-auth.

What is happening → I open my rclone subdomain, authenticate with Authelia, reach the rclone login screen
What should happen → I press Login with empty creds and it works
What happens → I get 302 redirect to my authelia domain.
Weird edge case → If I enter my SSO basic auth creds, I get logged in to rclone.

Nginx config -

location /authelia {
    internal;
    proxy_pass {{ipaddr}}/api/authz/auth-request;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
    proxy_set_header X-Original-Method $request_method;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header X-Forwarded-For $remote_addr;
}

auth_request /authelia;
auth_request_set $target_url $scheme://$http_host$request_uri;
error_page 401 =302 {{authelia url}}/?rd=$target_url;

Run the command 'rclone version' and share the full output of the command.

rclone v1.72.1
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 6.8.0-1041-oracle (aarch64)
- os/type: linux
- os/arch: arm64 (ARMv8 compatible)
- go/version: go1.25.5
- go/linking: static
- go/tags: none

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone rcd \
    --rc-web-gui \
    --rc-addr :40404 \
    --rc-no-auth -vv

A log from the command that you were trying to run with the `-vv` flag

ubuntu@enarvy-server:/data$ ../home/ubuntu/Rclone/rclone-browser.sh
2026/01/03 14:50:41 DEBUG : rclone: Version "v1.72.1" starting with parameters ["rclone" "rcd" "--rc-web-gui" "--rc-addr" ":40404" "--rc-no-auth" "-vv"]
2026/01/03 14:50:46 DEBUG : Current tag: v2.0.5, Release tag: v2.0.5
2026/01/03 14:50:46 NOTICE: Web GUI exists. Update skipped.
2026/01/03 14:50:46 NOTICE: It is recommended to use web gui with auth.
2026/01/03 14:50:46 NOTICE: Serving Web GUI
2026/01/03 14:50:46 NOTICE: Serving remote control on http://[::]:40404/

asdffdsa · January 3, 2026, 4:00pm

welcome to the forum,

should be able to press Login without entering a username or password.

EnArvy · January 3, 2026, 6:08pm

Nope, that doesn't work. Like I said, my common username password that I reuse everywhere works here as well.

asdffdsa · January 3, 2026, 6:10pm

could be an issue with cookies in your web browser?

EnArvy · January 3, 2026, 6:11pm

Tried in a new browser as well, same behaviour

Animosity022 · January 3, 2026, 6:19pm

You’d want to try private/incognito or something as there is probably a cached cookie as it’s doesn’t clear it out. Just hit login without entering anything and you go right in.

EnArvy · January 3, 2026, 6:20pm

Like i said, I tried in a completely new browser but same behaviour. Is there some cache on the server as well? That I need to clear?

EnArvy · January 3, 2026, 6:26pm

I should mention that before removing auth, I had to enter auth twice, once as http basic auth popup and once in the screenshot UI.

Animosity022 · January 3, 2026, 7:02pm

If you have a password, you’d get:

When you hit login what happens? You’d get something in the debug log as well, but nada.

EnArvy · January 3, 2026, 7:18pm

Login with empty creds: No log output, UI shows:
Error connecting. Please check username password and verify if rclone is working at the specified IP.

Login with my creds:

2026/01/03 19:17:14 DEBUG : rc: "rc/noopauth": with parameters map[]
2026/01/03 19:17:14 DEBUG : rc: "rc/noopauth": reply map[]: <nil>
2026/01/03 19:17:14 DEBUG : rc: "core/version": with parameters map[]
2026/01/03 19:17:14 DEBUG : rc: "core/version": reply map[arch:arm64 decomposed:[1 72 1] goTags:none goVersion:go1.25.5 isBeta:false isGit:false linking:static os:linux osArch:arm64 (ARMv8 compatible) osKernel:6.8.0-1041-oracle (aarch64) osVersion:ubuntu 22.04 (64 bit) version:v1.72.1]: <nil>

Animosity022 · January 3, 2026, 7:23pm

Can you post the full log?

EnArvy · January 3, 2026, 7:48pm

Since there were no logs on rclone, I opened my Network tab and found that I am getting a 302 redirect from the login API to my Authelia which is failing due to CORS. What’s weird is that the authelia config is succesfully working on my other websites.

The response has the header -
www-authenticate Basic realm="Authorization Required"

Investigating further with chatgpt.

Animosity022 · January 3, 2026, 8:34pm

Do you have something in the middle? Proxy? Never heard of Authelia, but seems to be some SSO thing in the middle.

EnArvy · January 3, 2026, 8:36pm

Setup -

Nginx Proxy Manager for reverse proxy

Authelia for SSO [via config in reverse proxy]

Rclone Browser in a subdomain

I have tried and failed to get this working without exposing the API. When I supply my SSO creds in the rclone form with no-auth enabled, it works but I’d rather not do this because I don’t understand how it’s working.

Animosity022 · January 3, 2026, 8:41pm

I can’t offer much as I’ve never used that.

I use a free Cloudflare plan with cloudflared and zero trust tunnels so I don’t have to directly expose anything on the internet.

I checked an Authelia has a guide for that as well:

Cloudflare Zero Trust | OpenID Connect 1.0 | Integration

Sounds like some Authelia setting is grabbing the form auth for some reason as you are seeing no logs on the rclone side.

Rclone rcd WebUI setup not working with Nginx Proxy Manager and Authelia SSO

What is the problem you are having with rclone?

Run the command 'rclone version' and share the full output of the command.

The command you were trying to run (eg rclone copy /tmp remote:tmp)

A log from the command that you were trying to run with the -vv flag

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

A log from the command that you were trying to run with the `-vv` flag