Welcome to the Power Users community on Codidact!
Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.
2FAuth Self-Hosted, Unable to Register
I'm trying to set up 2FAuth on a local server (old Raspberry Pi, Debian), alongside some other services.
Following the self-hosting directions, I believe that I managed to get the code running, and I can get at the page, but can't register the first/administrative/only account. Presumably, something is wrong in either the configuration or the reverse-proxy, and I've run out of ideas, so could use an extra pair of eyes on it, if somebody has the experience.
The goal is to serve it from http://the-server.local/2fa. Currently, the pages load, but when I try to register an account, it shows a "Resource not found / 404" ("Item" in the title) page.
Here's the (lightly redacted) .env file, mostly just the defaults.
APP_NAME=2FAuth
APP_ENV=local
APP_TIMEZONE=UTC
APP_DEBUG=false
[email protected]
APP_KEY=base64:...
APP_URL=http://the-server.local/2fa
APP_SUBDIRECTORY=2fa
IS_DEMO_APP=false
LOG_CHANNEL=daily
LOG_LEVEL=notice
CACHE_DRIVER=file
SESSION_DRIVER=file
DB_CONNECTION=sqlite
DB_DATABASE=/var/www/2fauth/database/database.sqlite
DB_HOST=
DB_PORT=
DB_USERNAME=
DB_PASSWORD=
MYSQL_ATTR_SSL_CA=
MAIL_MAILER=log
MAIL_HOST=my-vps.example
MAIL_PORT=25
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_NAME=2FAuth
[email protected]
MAIL_VERIFY_SSL_PEER=true
THROTTLE_API=60
LOGIN_THROTTLE=5
AUTHENTICATION_GUARD=web-guard
AUTHENTICATION_LOG_RETENTION=365
AUTH_PROXY_HEADER_FOR_USER=null
AUTH_PROXY_HEADER_FOR_EMAIL=null
PROXY_LOGOUT_URL=null
WEBAUTHN_NAME=2FAuth
WEBAUTHN_ID=null
WEBAUTHN_USER_VERIFICATION=preferred
TRUSTED_PROXIES=null
PROXY_FOR_OUTGOING_REQUESTS=null
CONTENT_SECURITY_POLICY=true
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
MIX_ENV=local
Then, there's the hard-won progress on the NGINX configuration.
server {
listen 80;
server_name the-server.local;
# Other services
location /2fa/ {
alias /var/www/2fauth/public/;
index index.php;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/2fa/(.+?\.php)(/.*)?$ {
alias /var/www/2fauth/public/;
fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$1;
include fastcgi_params;
}
# ...and so on
I have tried dozens of variations, here, especially in the fastcgi_param lines, almost all of which either don't impact the situation or give me a 403 or 404 error for the entire app. This at least shows login/register/about pages.
While I would've loved to do so, I can't work with the documentation's example, unfortunately, because (a) it presumes that I only want to run the one service on the machine, and (b) doesn't seem to work if transposed to a location. They do have the Custom Base URL option, but it doesn't work. That just gives me a 403 error (directory index of "/var/www/2fauth/public/" is forbidden, client: 192.168.1.xxx, server: the-server.local, request: "GET /2fa/ HTTP/1.1", host: "the-server.local", and again I emphasize that the permissions are set correctly) for the entire app, making me think that nobody on the team uses NGINX.
Setting both NGINX and 2FAuth for debugging output, the debug log for NGINX gives me this, of the parts that look relevant.
*70 try files handler
*70 http script var: "/2fa/user"
*70 trying to use file: "user" "/var/www/2fauth/public/user"
*70 http script var: "/2fa/user"
*70 trying to use dir: "user" "/var/www/2fauth/public/user"
*70 http script copy: "/index.php?"
*70 trying to use file: "/index.php?" "/var/www/2fauth/public//index.php?"
*70 internal redirect: "/index.php?"
And the Laravel log is empty, so it's not getting that far.
Permissions and ownership of 2FAuth seem fine. No, there's no /var/www/2fauth/public/user, which seems to make sense, since that's almost certainly an API endpoint and none of the other "pages" have files by those names.
It seems impossible that I'm the first one doing this, but this also feels like a small enough problem (especially with a working desktop authenticator app) that it's not worth filing a GitHub issue, especially when their existing NGINX examples are so...off. So, if anybody can help, I'd appreciate it.
1 answer
The following users marked this post as Works for me:
| User | Comment | Date |
|---|---|---|
| John C |
Thread: Works for me I'd rather have gone with another solution, but this will have to suffice. |
Aug 31, 2025 at 22:29 |
To update/resolve this for anybody else stumbling through with the same problem...
After following somebody's suggestion and taking a look at how the application's user interface communicated with everything else, it became clear that the user interface doesn't respect the "what path should this live at" settings, and assumes that everything lives at the root of its own URL.
Therefore, the "solution" involved undoing the path-relevant settings above, creating another alias for the computer (sudo avahi-add-alias 2fauth.local), updating the .env file to reflect that new computer name, and using the default NGINX configuration from the documentation.
It seems incredibly silly for such a lightweight application to need special handling like this, but it apparently does until the developers fix the front-end.
0 comment threads