How to Fix Authelia Redirect Loop Error
In this tutorial, you'll learn about How to Fix Authelia Redirect Loop Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
Users experience an infinite redirect loop when accessing protected resources — the browser bounces between Authelia and the application without ever loading the content.
The Problem
Browser shows: Too many redirects
The request goes in an infinite loop:
app.example.com → auth.example.com → app.example.com → auth.example.com ...
Step-by-Step Fix
Step 1: Check Authelia domain configuration
# /etc/authelia/configuration.yml
host: 0.0.0.0
port: 9091
# Domain settings
default_redirection_url: https://app.example.com
session:
domain: example.com # Must match cookie domain, not app subdomain
same_site: lax
Step 2: Verify proxy configuration
# Nginx example
server {
listen 443 ssl;
server_name app.example.com;
location / {
auth_request /auth/verify;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
proxy_pass http://backend:3000;
}
location = /auth/verify {
internal;
proxy_pass http://127.0.0.1:9091/api/verify;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-Method $request_method;
}
location /authelia {
proxy_pass http://127.0.0.1:9091;
}
}
Step 3: Set the correct session domain
session:
domain: example.com
# NOT: app.example.com, NOT: .example.com (wrong)
Step 4: Check cookie settings
session:
name: authelia_session
same_site: lax # Use lax, not strict
expiration: 3600
inactivity: 300
Step 5: Clear browser cookies and test
# Clear cookies for *.example.com
# Then test navigation
curl -v https://app.example.com/
Prevention Tips
- Set
session.domainto the parent domain (e.g.,example.com), not a subdomain - Use
same_site: laxfor the session cookie - Ensure
default_redirection_urlmatches the application URL - Test with browser DevTools to trace redirect chain
Common Mistakes with redirect loop
- Forgetting
deriving (Show, Eq)on custom data types needed for debugging - Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
- Using
headandtailinstead of pattern matching, causing runtime errors on empty lists
These mistakes appear frequently in real-world AUTHELIA code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.
Practice Exercise
Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.
This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.
FAQ
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro