Open brunokc opened 3 weeks ago
MildlyInterested
commented
3 weeks ago I'm trying to find the issue I followed when encountering this. I used an older version of authentik for the inital setup and then pulled the latest image. Found it: version 2023.1.1 worked for me. https://github.com/goauthentik/authentik/issues/9584
brunokc
commented
3 weeks ago @MildlyInterested, thanks for the reference. I had actually seen it as I was trying to find a solution. I tried some of the suggestions there and none worked for me. I'm also hesitant to having to go back to such an older version to get this to work. The latest and greatest shouldn't have such a blocker of an issue, right?
The fact is, the setup is simple (3-step process), so hopefully there aren't any problems on my part (though I'm open to being educated here). Hopefully the team will see this and will take a look.
MildlyInterested
commented
2 weeks ago Agreed, not sure why this seems to still be a problem. I was following along this guide to get SWAG, Authentik and CrowdSec working. Authentik Version 2023.10.1 also seems to work, that's a bit more recent. Updating to the latest version afterwards worked without any issues.
CharlesChiuGit
commented
2 weeks ago @MildlyInterested
Authentik Version 2023.10.1
tks! I had been struggling w/ 2024.6.4 for few hours, 2023.10.1 works for me, at least i can login...
then upgrade to 2024.6.4 works fine, no crashing anymore!
i'm wrong, it still crashed after service started a few minutes.
2023.10.7 seen stable for me too.
brunokc
commented
2 weeks ago Agreed, not sure why this seems to still be a problem. I was following along this guide to get SWAG, Authentik and CrowdSec working. Authentik Version 2023.10.1 also seems to work, that's a bit more recent. Updating to the latest version afterwards worked without any issues.
Thanks for linking that guide. I took a quick look and it looked well written, I liked it. I'll take a closer later today. I might take a closer look at SWAG as well.
brunokc
commented
2 weeks ago Update: tried with 2024.6.4 now that the docker-compose file was updated. Same exact issue.
Gabee01
commented
2 weeks ago I was having this issue, after a few tries I was able to fix it.
I'm not 100% sure what fixed it, but my guess is I was generating the secret with openssl rand -base64 40 | docker secret create authentik_secret_key -
This generates a secret like this: 9uz3Q1r1/KUW3LX9gq2RLeavb1gfGo7h0sclTZqjgnFhEazjSWDMVA== With some special chars.
I've watched a video where the guy used pwgen -s 40 1 | docker secret create authentik_secret_key - to generate the secret (it generates something like this: ix08kia2C2lmE4dfPNXkzMdNSpCLmmSEUzMYwpd8).
I did the same and I think it helped, I had some issues with the db password as well, ended up using simple passwords (only letters and numbers) to fix it.
You also have to wait a while for things to start up.
I'm new to authentik, so I'm not sure if that should work like that or not.. anyway, hope this helps someone!
brunokc
commented
1 week ago Thanks for trying to help, @Gabee01!
I've watched a video where the guy used
pwgen -s 40 1 | docker secret create authentik_secret_key -to generate the secret (it generates something like this:ix08kia2C2lmE4dfPNXkzMdNSpCLmmSEUzMYwpd8).I did the same and I think it helped, I had some issues with the db password as well, ended up using simple passwords (only letters and numbers) to fix it.
I tried using pwgen to generate passwords without special characters and also a bit shorter, but that didn't seem to help. I got the same "Not Found" error upon opening the initial-setup page.
You also have to wait a while for things to start up.
Yes, in all my attempts I always wait for the log output to calm down a bit. That's my only indication that setup is done (it takes a while).
capdeveloping
commented
1 week ago I used the following compose file, which is not really diffrent from the original file. My password and token is generated with bitwarden generator. Just look at the worker logs. If this one is ready you can browse to the url and setup the user. I used portainer to deploy this compose file and portainer holds the env file. Thats why i don't need to add this inside the container.
services:
postgresql:
image: postgres:16.4-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- /path/to/authentik/database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: $PG_PASS
POSTGRES_USER: $PG_USER
POSTGRES_DB: $PG_DB
networks:
auth:
redis:
image: redis:7.4.0-alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- /path/to/authentik/redis:/data
networks:
auth:
server:
image: ghcr.io/goauthentik/server:2024.6.4
restart: unless-stopped
command: server
hostname: authentik
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: $PG_USER
AUTHENTIK_POSTGRESQL__NAME: $PG_DB
AUTHENTIK_POSTGRESQL__PASSWORD: $PG_PASS
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
AUTHENTIK_DEBUG: True
volumes:
- /path/to/authentik/media:/media
- /path/to/authentik/custom-templates:/templates
ports:
- 9900:9000
- 9443:9443
depends_on:
- postgresql
- redis
networks:
auth:
worker:
image: ghcr.io/goauthentik/server:2024.6.4
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: $PG_USER
AUTHENTIK_POSTGRESQL__NAME: $PG_DB
AUTHENTIK_POSTGRESQL__PASSWORD: $PG_PASS
AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
user: root
volumes:
- /path/to/authentik/media:/media
- /path/to/authentik/certs:/certs
- /path/to/authentik/custom-templates:/templates
depends_on:
- postgresql
- redis
networks:
auth:
networks:
auth:
name: auth
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-docker-auth```
f0o
commented
1 week ago I can confirm that simply rebooting the entire stack (or server if that's easier) does solve it.
Using stock docker-compose.yml all I did was waiting for migrations to pass in the worker container, then see a lovely 404 on /if/flow/initial-setup/ and simply reboot the box. After the reboot the initial-setup was available.
Describe the bug First time user, trying to install Authentik. Just followed the instructions for docker compose and at the end got an error.
To Reproduce
did what the docs suggested. Literally:
wget https://goauthentik.io/docker-compose.ymlecho "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .envecho "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .envThen added some email settings -- just used the example and changed
AUTHENTIK_EMAIL__HOSTandAUTHENTIK_EMAIL__FROM.Then:
docker-compose upWaited for the spew to calm down a bit and then hit the
http://<ip>:9000/if/flow/initial-setup/URL (with or without the trailing/, it doesn't matter) and got this:Expected behavior I expected the initial flow to appear.
Logs docker-compose-authentik-logs.zip
Version and Deployment (please complete the following information):
Additional Context After many tries, I was sometimes able to see the initial-flow screen, asking for the admin's email and password (maybe 1 in every 10-20 attempts?). However, even in those cases, after entering email and password, I'd still get either a "Not Found" error, or an "Access Denied" error. After spending 2hrs on this yesterday I have yet to be able to login successfully and see the dashboard in Authentik.
I've seen reports similar to mine but contrary to those reports, nothing so far has helped.