Cant login with new user after fresh install

[reiniertc]

I've installed chiefonboarding with docker. It's up and running, I can create the organisation and first user in the first screen. After that I'm greeted with the login screen. But when I enter the correct credentials of the user, I return to the login screen without any error. (for the record: if I enter a wrong user or a wrong password, I get the error that the credentials are wrong) All I notice is that the url has changed to http://[[ip-address]]:9810/?next=/redirect/

The log files also doesnt show an error: 2024/02/11 12:55:45 stdout 192.168.160.1 - - [11/Feb/2024:11:55:45 +0000] "GET /?next=/redirect/ HTTP/1.1" 200 2587 "http://10.0.0.12:9810/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" 2024/02/11 12:55:45 stdout 192.168.160.1 - - [11/Feb/2024:11:55:45 +0000] "GET /redirect/ HTTP/1.1" 302 0 "http://10.0.0.12:9810/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" 2024/02/11 12:55:45 stdout 192.168.160.1 - - [11/Feb/2024:11:55:45 +0000] "POST / HTTP/1.1" 302 0 "http://10.0.0.12:9810/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"

I tried the following:

• create an easy password (no special characters
• tested in Safari
• tested in Chrome for mac
• changed allowed_url to *
• ACCOUNT_EMAIL environment variabele in the compose file same as the emailaddress of the first user
• ACCOUNT_EMAIL environment variabele in the compose file different from the emailaddress of the first user
• diable ACCOUNT_EMAIL environment variable in the compose file same behaviour every time.

My compose file (redacted) is:

version: "3.9"
services:
  db:
    image: postgres:latest
    container_name: ChiefOnboarding-DB
    hostname: chiefonboarding-db
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: ["CMD", "pg_isready", "-q", "-d", "chiefonboarding", "-U", "chiefuser"]
      timeout: 45s
      interval: 10s
      retries: 10
    user: [redacted]:101
    volumes:
      - /volume1/docker-data/chiefonboarding/database:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=chiefonboarding
      - POSTGRES_USER=chiefuser
      - POSTGRES_PASSWORD=chiefpass
    restart: always

  app:
    image: chiefonboarding/chiefonboarding:latest
    container_name: ChiefOnboarding
    hostname: chiefonboarding
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8000/health || exit 1
    ports:
      - 9810:8000
    environment:
      - SECRET_KEY=[redacted]
      - DATABASE_URL=postgres://chiefuser:chiefpass@chiefonboarding-db:5432/chiefonboarding
      - BASE_URL=https://welkom.[redacted].nl
      - ALLOWED_HOSTS=*
      - ACCOUNT_EMAIL=admin@[redacted].nl
      - ACCOUNT_PASSWORD=[redacted]
      - EMAIL_HOST=smtp.office365.com
      - EMAIL_PORT=587
      - EMAIL_HOST_USER=[redacted].nl
      - EMAIL_HOST_PASSWORD=[redacted]
      - EMAIL_USE_TLS=True
      - EMAIL_USE_SSL=False
    restart: always
    depends_on:
      db:
        condition: service_started

Is there something wrong with my setup/config, or am I doing somthing wrong?

[GDay]

Thanks for the detailed report.

http://[[ip-address]]:9810/?next=/redirect/

That's the issue. I don't know why it redirects to that, could that be a reverse proxy issue? ChiefOnboarding should always stay on the same domain.

Because it redirects to that url, it won't be able to get the signed login cookie and it will therefore redirect back to the login page.

http (without the s) is not supported by default, but can be enabled by setting: HTTP_INSECURE=True. This not recommended.

[reiniertc]

Thanks for the quick reply. Indeed: I have a reverse proxy setup. The external url is https://welkom.[domain-name].nl, which is pointed at the http://[internal-ip-adress]:9810

I will look into my setup on that point and report back here

[reiniertc]

I got it working with a setup based on the internal IP-address, so without the reverse proxy. So it is what you thought it was: the reverse proxy.

Thanks!