search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
32.17k stars 1.67k forks source link

[Bug]: Authentik service: port is missing #2240

Open jsmits opened 4 months ago

jsmits commented 4 months ago

Description

I'm trying to run Authentik by installing it with Coolify's one-click service. All services start and become healthy (did have to fix a small typo in the health check of the postgres service: double $$ should be single $).

The problem is that the proxy says that the port is missing in its logs: level=error msg="service \"authentik-server-wgkwkw8\" error: port is missing". Therefore it can't forward traffic to the Authentik server, I assume, because I can't reach it from the internet, which I can with my other services that are deployed on that same Coolify instance.

Minimal Reproduction (if possible, example repository)

Exception or Error

level=error msg="service \"authentik-server-wgkwkw8\" error: port is missing" providerName=docker container=authentik-server in /server/xxxxxx/proxy/logs

Version

v4.0.0-beta.283

jsmits commented 4 months ago

FYI it started working after a while. Don't know why, but I can reach it from the internet now. Maybe I didn't wait long enough for DNS to propagate.

lopesboa commented 3 weeks ago

same here, @jsmits do you find a solution or workaround ?

jsmits commented 3 weeks ago

same here, @jsmits do you find a solution or workaround ?

No, afraid not, I uninstalled it.

Fronix commented 2 days ago

Why did this get closed? Seems like a bug that needs to be fixed

From what I can tell there is no portmapping labels for traefik

services:
  authentik-server:
    image: 'ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2}'
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: '${REDIS_HOST:-redis}'
      AUTHENTIK_POSTGRESQL__HOST: '${POSTGRES_HOST:-postgresql}'
      AUTHENTIK_POSTGRESQL__USER: '${SERVICE_USER_POSTGRESQL}'
      AUTHENTIK_POSTGRESQL__NAME: '${POSTGRES_DB:-authentik}'
      AUTHENTIK_POSTGRESQL__PASSWORD: '${SERVICE_PASSWORD_POSTGRESQL}'
      AUTHENTIK_SECRET_KEY: '${SERVICE_PASSWORD_64_AUTHENTIKSERVER}'
      AUTHENTIK_ERROR_REPORTING__ENABLED: '${AUTHENTIK_ERROR_REPORTING__ENABLED:-true}'
      AUTHENTIK_EMAIL__HOST: '${AUTHENTIK_EMAIL__HOST}'
      AUTHENTIK_EMAIL__PORT: '${AUTHENTIK_EMAIL__PORT}'
      AUTHENTIK_EMAIL__USERNAME: '${AUTHENTIK_EMAIL__USERNAME}'
      AUTHENTIK_EMAIL__PASSWORD: '${AUTHENTIK_EMAIL__PASSWORD}'
      AUTHENTIK_EMAIL__USE_TLS: '${AUTHENTIK_EMAIL__USE_TLS}'
      AUTHENTIK_EMAIL__USE_SSL: '${AUTHENTIK_EMAIL__USE_SSL}'
      AUTHENTIK_EMAIL__TIMEOUT: '${AUTHENTIK_EMAIL__TIMEOUT}'
      AUTHENTIK_EMAIL__FROM: '${AUTHENTIK_EMAIL__FROM}'
      COOLIFY_CONTAINER_NAME: '"authentik-server-jwkgws0kgows408gcsog4c4o"'
      COOLIFY_URL: 'https://login.mydomain.com'
      COOLIFY_FQDN: login.mydomain.com/
      COOLIFY_APP_NAME: '"authentik-jwkgws0kgows408gcsog4c4o"'
      COOLIFY_SERVER_IP: '"host.docker.internal"'
      COOLIFY_ENVIRONMENT_NAME: '"production"'
      COOLIFY_PROJECT_NAME: '"Tools"'
    volumes:
      - '/data/coolify/applications/jwkgws0kgows408gcsog4c4o/media:/media'
      - '/data/coolify/applications/jwkgws0kgows408gcsog4c4o/custom-templates:/templates'
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy
    container_name: authentik-server-jwkgws0kgows408gcsog4c4o
    labels:
      - coolify.managed=true
      - coolify.version=4.0.0-beta.341
      - coolify.serviceId=9
      - coolify.type=service
      - coolify.name=authentik-server-jwkgws0kgows408gcsog4c4o
      - coolify.pullRequestId=0
      - coolify.service.subId=9
      - coolify.service.subType=application
      - traefik.enable=true
      - traefik.http.middlewares.gzip.compress=true
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.http-0-jwkgws0kgows408gcsog4c4o-authentik-server.entryPoints=http
      - traefik.http.routers.http-0-jwkgws0kgows408gcsog4c4o-authentik-server.middlewares=redirect-to-https
      - 'traefik.http.routers.http-0-jwkgws0kgows408gcsog4c4o-authentik-server.rule=Host(`login.mydomain.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-0-jwkgws0kgows408gcsog4c4o-authentik-server.entryPoints=https
      - traefik.http.routers.https-0-jwkgws0kgows408gcsog4c4o-authentik-server.middlewares=gzip
      - 'traefik.http.routers.https-0-jwkgws0kgows408gcsog4c4o-authentik-server.rule=Host(`login.mydomain.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-0-jwkgws0kgows408gcsog4c4o-authentik-server.tls.certresolver=letsencrypt
      - traefik.http.routers.https-0-jwkgws0kgows408gcsog4c4o-authentik-server.tls=true

      ### Labels missing traefik.http.services.<name>.loadbalancer.server.port 

      - 'caddy_0.encode=zstd gzip'
      - 'caddy_0.handle_path.0_reverse_proxy={{upstreams}}'
      - 'caddy_0.handle_path=/*'
      - caddy_0.header=-Server
      - 'caddy_0.try_files={path} /index.html /index.php'
      - 'caddy_0=https://login.mydomain.com'
      - caddy_ingress_network=jwkgws0kgows408gcsog4c4o
    networks:
      jwkgws0kgows408gcsog4c4o: null
Fronix commented 2 days ago

Workaround until this gets fixed:

Add this label to the authentik server in the docker compose editor syntax

Traefik:

    labels:
      - traefik.http.services.authentik-server-<uniqueid>.loadbalancer.server.port=9000

Caddy (i'm guessing a bit here don't know caddy):

    labels:
      - caddy_0.handle_path.0_reverse_proxy={{upstreams 9000}}