Skip to content

401 Unauthenticated on all writing api routes after upgrade to v1.3.6 #366

New issue
New issue
Open
Open
401 Unauthenticated on all writing api routes after upgrade to v1.3.6#366
Labels
kind/bugstatus/triage
@luckydonald

Description

@luckydonald
luckydonald
opened on Jan 22, 2026

Support guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

Pulling the new docker container and replacing the old, now:

no routes which would execute changes seem to work any longer.

They all return 401 with json Unauthorized.

Not sure if docker or anonaddy itself, but I'll start here to not spam the main one.

Expected behaviour

I can enable or disable aliases
or can edit or create rules.

Actual behaviour

All of those routes appear unauthorized, even when logging out and back in.

Steps to reproduce

  1. log in
  2. toggle an alias

Docker info

docker-ssh@mails:~$ docker info
Client: Docker Engine - Community
 Version:    28.3.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.26.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.39.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 9
  Running: 5
  Paused: 0
  Stopped: 4
 Images: 12
 Server Version: 28.3.3
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
 runc version: v1.2.5-0-g59923ef
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-151-generic
 Operating System: Ubuntu 22.04.5 LTS
 OSType: linux
 Architecture: aarch64
 CPUs: 2
 Total Memory: 3.724GiB
 Name: mails
 ID: nope-some-uuid
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Docker Compose config

root@mails:/data/coolify/services/sdkfjsdkfsdfjsdnfk
name: sdkfjsdkfsdfjsdnfk
services:
  anonaddy:
    container_name: anonaddy-sdkfjsdkfsdfjsdnfk
    depends_on:
      db:
        condition: service_started
        required: true
      redis:
        condition: service_started
        required: true
    environment:
      ANNONADDY_VERSION: 1.3.6
      ANONADDY_ADDITIONAL_USERNAME_LIMIT: "10000"
      ANONADDY_ADMIN_USERNAME: the_best_superuser
      ANONADDY_ALL_DOMAINS: example.com
      ANONADDY_BANDWIDTH_LIMIT: "104857600"
      ANONADDY_DKIM_SELECTOR: default
      ANONADDY_DKIM_SIGNING_KEY: ""
      ANONADDY_DNS_RESOLVER: 127.0.0.1
      ANONADDY_DOMAIN: example.com
      ANONADDY_ENABLE_REGISTRATION: "false"
      ANONADDY_HOSTNAME: addy.example.com
      ANONADDY_LIMIT: "2000"
      ANONADDY_NEW_ALIAS_LIMIT: "10000"
      ANONADDY_RETURN_PATH: bounces@example.com
      ANONADDY_SECRET: hehe you would like to know, don't you
      ANONADDY_SIGNING_KEY_FINGERPRINT: ""
      APP_DEBUG: "true"
      APP_KEY: base64:+…
      APP_URL: addy.example.com
      COOLIFY_CONTAINER_NAME: anonaddy-sdkfjsdkfsdfjsdnfk
      COOLIFY_FQDN: addy.example.com,addy.example.com
      COOLIFY_RESOURCE_UUID: sdkfjsdkfsdfjsdnfk
      COOLIFY_URL: https://addy.example.com,https://addy.example.com
      DB_DATABASE: anonaddy
      DB_HOST: db
      DB_PASSWORD: "Nope, not gonna tell"
      DB_USERNAME: anonaddy
      LOG_IP_VAR: remote_addr
      LOG_LEVEL: debug
      MAIL_ENCRYPTION: "null"
      MAIL_FROM_ADDRESS: addy@example.com
      MAIL_FROM_NAME: This Email means it broke again
      MEMORY_LIMIT: 256M
      OPCACHE_MEM_SIZE: "128"
      PGID: "1234"
      POSTFIX_DEBUG: "false"
      POSTFIX_SMTP_TLS: "false"
      POSTFIX_SMTPD_TLS: "false"
      PUID: "1234"
      REAL_IP_FROM: 0.0.0.0/32
      REAL_IP_HEADER: X-Forwarded-For
      REDIS_HOST: redis
      RSPAMD_ENABLE: "false"
      RSPAMD_WEB_PASSWORD: …base64…
      SERVICE_NAME_ANONADDY: anonaddy
      SERVICE_NAME_DB: db
      SERVICE_NAME_REDIS: redis
      TZ: Europe/Berlin
      UPLOAD_MAX_SIZE: 16M
    image: anonaddy/anonaddy:1.3.6
    labels:
      coolify.environmentName: production
      coolify.managed: "true"
      coolify.name: anonaddy-sdkfjsdkfsdfjsdnfk
      coolify.projectName: mail
      coolify.pullRequestId: "0"
      coolify.resourceName: anon
      coolify.service.subId: "93"
      coolify.service.subName: anonaddy
      coolify.service.subType: application
      coolify.serviceId: "44"
      coolify.serviceName: anonaddy
      coolify.type: service
      coolify.version: 4.0.0-beta.442
      traefik.enable: "true"
      traefik.http.middlewares.gzip.compress: "true"
      traefik.http.middlewares.https-1-sdkfjsdkfsdfjsdnfk-anonaddy-stripprefix.stripprefix.prefixes: /dspamd
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
      traefik.http.routers.http-0-sdkfjsdkfsdfjsdnfk-anonaddy.entryPoints: http
      traefik.http.routers.http-0-sdkfjsdkfsdfjsdnfk-anonaddy.middlewares: redirect-to-https
      traefik.http.routers.http-0-sdkfjsdkfsdfjsdnfk-anonaddy.rule: Host(`addy.example.com`) && PathPrefix(`/`)
      traefik.http.routers.http-0-sdkfjsdkfsdfjsdnfk-anonaddy.service: http-0-sdkfjsdkfsdfjsdnfk-anonaddy
      traefik.http.routers.http-1-sdkfjsdkfsdfjsdnfk-anonaddy.entryPoints: http
      traefik.http.routers.http-1-sdkfjsdkfsdfjsdnfk-anonaddy.middlewares: redirect-to-https
      traefik.http.routers.http-1-sdkfjsdkfsdfjsdnfk-anonaddy.rule: Host(`addy.example.com`) && PathPrefix(`/dspamd`)
      traefik.http.routers.http-1-sdkfjsdkfsdfjsdnfk-anonaddy.service: http-1-sdkfjsdkfsdfjsdnfk-anonaddy
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.entryPoints: https
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.middlewares: gzip
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.rule: Host(`addy.example.com`) && PathPrefix(`/`)
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.service: https-0-sdkfjsdkfsdfjsdnfk-anonaddy
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.tls: "true"
      traefik.http.routers.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.tls.certresolver: letsencrypt
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.entryPoints: https
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.middlewares: https-1-sdkfjsdkfsdfjsdnfk-anonaddy-stripprefix,gzip
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.rule: Host(`addy.example.com`) && PathPrefix(`/dspamd`)
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.service: https-1-sdkfjsdkfsdfjsdnfk-anonaddy
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.tls: "true"
      traefik.http.routers.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.tls.certresolver: letsencrypt
      traefik.http.services.http-0-sdkfjsdkfsdfjsdnfk-anonaddy.loadbalancer.server.port: "8000"
      traefik.http.services.http-1-sdkfjsdkfsdfjsdnfk-anonaddy.loadbalancer.server.port: "11334"
      traefik.http.services.https-0-sdkfjsdkfsdfjsdnfk-anonaddy.loadbalancer.server.port: "8000"
      traefik.http.services.https-1-sdkfjsdkfsdfjsdnfk-anonaddy.loadbalancer.server.port: "11334"
    networks:
      sdkfjsdkfsdfjsdnfk: null
    ports:
      - mode: ingress
        target: 25
        published: "25"
        protocol: tcp
    restart: always
    volumes:
      - type: bind
        source: /data/anonaddy/addy
        target: /data
        bind:
          create_host_path: true
  db:
    command:
      - mariadbd
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci
    container_name: db-sdkfjsdkfsdfjsdnfk
    environment:
      COOLIFY_CONTAINER_NAME: db-sdkfjsdkfsdfjsdnfk
      COOLIFY_RESOURCE_UUID: sdkfjsdkfsdfjsdnfk
      MYSQL_ALLOW_EMPTY_PASSWORD: ""
      MYSQL_DATABASE: anonaddy
      MYSQL_PASSWORD: "Nope, and yes this text is not my real password"
      MYSQL_ROOT_PASSWORD: "Hahaha, pls don't try to hack me"
      MYSQL_USER: anonaddy
      SERVICE_NAME_ANONADDY: anonaddy
      SERVICE_NAME_DB: db
      SERVICE_NAME_REDIS: redis
    image: mariadb:11.3.2
    labels:
      coolify.environmentName: production
      coolify.managed: "true"
      coolify.name: db-sdkfjsdkfsdfjsdnfk
      coolify.projectName: mail
      coolify.pullRequestId: "0"
      coolify.resourceName: anon
      coolify.service.subId: "26"
      coolify.service.subName: db
      coolify.service.subType: database
      coolify.serviceId: "44"
      coolify.serviceName: db
      coolify.type: service
      coolify.version: 4.0.0-beta.442
    networks:
      sdkfjsdkfsdfjsdnfk: null
    restart: always
    volumes:
      - type: bind
        source: /data/anonaddy/mariadb
        target: /var/lib/mysql
        bind:
          create_host_path: true
  redis:
    container_name: redis-sdkfjsdkfsdfjsdnfk
    environment:
      COOLIFY_CONTAINER_NAME: redis-sdkfjsdkfsdfjsdnfk
      COOLIFY_RESOURCE_UUID: sdkfjsdkfsdfjsdnfk
      SERVICE_NAME_ANONADDY: anonaddy
      SERVICE_NAME_DB: db
      SERVICE_NAME_REDIS: redis
    image: valkey/valkey:8.1.3-alpine
    labels:
      coolify.environmentName: production
      coolify.managed: "true"
      coolify.name: redis-sdkfjsdkfsdfjsdnfk
      coolify.projectName: mail
      coolify.pullRequestId: "0"
      coolify.resourceName: anon
      coolify.service.subId: "92"
      coolify.service.subName: redis
      coolify.service.subType: application
      coolify.serviceId: "44"
      coolify.serviceName: redis
      coolify.type: service
      coolify.version: 4.0.0-beta.442
    networks:
      sdkfjsdkfsdfjsdnfk: null
    restart: always
networks:
  sdkfjsdkfsdfjsdnfk:
    name: sdkfjsdkfsdfjsdnfk
    external: true

Logs

2026-01-22T20:34:26.122896595Z 172.21.0.5 - - [22/Jan/2026:21:34:26 +0100] "POST /api/v1/active-rules HTTP/1.1" 401 41 "https://addy.example.com/rules" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15"

2026-01-22T20:34:26.824648159Z 172.21.0.5 - - [22/Jan/2026:21:34:26 +0100] "DELETE /api/v1/active-rules/UUID-SOME-THING-SOMETHING HTTP/1.1" 401 41 "https://addy.example.com/rules" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15"

Additional info

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugstatus/triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions