Docker Setup Error after inserting email adress /api/auth/error

[LinusOssmann]

Describe the bug

Hey. I just setup the application with docker-compose behind a traeffik application that is behind a reverse proxy. I setup the app and postgress container and configured the env as pasted in reproduction.

Now when I open my domain I see the page and can enter my email adress in order to get a link. After I press "Submit Query" with the mail put in I get this and no error in the docker logs. What could be the problem here?

I hope you can help me out.

Reproduction

Docker Setup

System Info

(I added ***** everywhere to not expose my domain. It is not like that in my actual env)

`
COMPOSE_PROJECT_NAME=lno-links
# REQUIRED - Prisma / Supabase
DATABASE_URL=postgres://bkAdmin:briefkasten@postgres:5432/briefkasten?sslmode=disable

# REQUIRED - NextAuth.js
NEXTAUTH_URL=http://links.******:3000
NEXTAUTH_SECRET=3f277d4ddb6c44b8923372803fb3c33c85403add777a6e9aab391be2e169ea67
 # Run `openssl rand -hex 32`

GITHUB_ID=
GITHUB_SECRET=

GOOGLE_ID=
GOOGLE_SECRET=

# Optional - Only required if you want to use the Email Provider for NextAuth.js
SMTP_SERVER="smtp://noreply@servicemailer.******69%##@*******:587"
SMTP_FROM=noreply@servicemailer.*******

# Optional - Supabase
# Only required if you want to use cloud object storage for Bookmark screenshots
SUPABASE_KEY=
SUPABASE_URL=
SUPABASE_BUCKET_ID=

#traeffik related env
HTTP_BACKEND_PORT=3000
HTTP_BACKEND_SCHEME=http
HTTPS_BACKEND_PORT=3000
HTTPS_BACKEND_SCHEME=http
DOMAIN=links.***********
`
My docker-compose looks like this:
`version: '3.6'

services:
  postgres:
    container_name: bk-postgres
    image: postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=bkAdmin
      - POSTGRES_PASSWORD=briefkasten
      - POSTGRES_DB=briefkasten
    ports:
      - 5432:5432
    volumes:
      - ./briefkasten-db:/var/lib/postgresql/data
  app:
    container_name: bk-app
    build: .
    env_file:
      - .env
    restart: unless-stopped
    volumes:
      - /etc/hosts:/etc/hosts 
    ports:
      - 3000:3000
    labels:
      - traefik.enable=true
      - traefik.docker.network=frontend
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal.rule=Host(`${DOMAIN}`)
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal.entrypoints=web
      - traefik.http.services.${COMPOSE_PROJECT_NAME}portal.loadbalancer.server.port=${HTTP_BACKEND_PORT}
      - traefik.http.services.${COMPOSE_PROJECT_NAME}portal.loadbalancer.server.scheme=${HTTP_BACKEND_SCHEME}
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal.service=${COMPOSE_PROJECT_NAME}portal
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal_secure.tls=true
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal_secure.rule=Host(`${DOMAIN}`)
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal_secure.entrypoints=websecure
      - traefik.http.services.${COMPOSE_PROJECT_NAME}portal_secure.loadbalancer.server.port=${HTTPS_BACKEND_PORT}
      - traefik.http.services.${COMPOSE_PROJECT_NAME}portal_secure.loadbalancer.server.scheme=${HTTPS_BACKEND_SCHEME}
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal_secure.service=${COMPOSE_PROJECT_NAME}portal
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
#      - traefik.http.routers.${COMPOSE_PROJECT_NAME}portal.middlewares=redirect-to-https

    depends_on:
      - 'postgres'

networks:
  default:
    external:
      name: frontend
`

I had to sync the /etc/hosts into the container to make the public domain point to localhost for the service itself so it could reach it. That is because of my network setup, but shouldn't be the problem here.

Used Package Manager

npm

Validations

• [X] Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• [X] Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• [X] The provided reproduction is a minimal reproducible of the bug.

[ndom91]

So I assume your copy of briefkasten is available under http(s)://links.abc123 (or wahtever it is), right?

Meaning, its not longer port 3000, but port 80/443.

I would double check that your NEXTAUTH_URL matches the FQDN you use to visit/open the application.

If that doesn't help, please include the output of docker logs when this error occured. Otherwise I'm just flying blind and guessing 😁

[LinusOssmann]

Hey. Inside the container I assigned my public domain to point to 127.0.0.1, because otherwise there would be problems with my reverse proxy routing requesting a resource from itself and therefore refusing it.... So the request never leaves the contianer, therefore still the 3000 as a port on it. I tried without the port just to be sure, but the logs than say Connection Refused on port 80 because the app is running on port 3000

I restarted the container with the port 3000 on it and inserted the email again in order to try to login. I pipes the docker output into a txt. Here is the output:

Attaching to bk-app, bk-postgres
bk-postgres | 
bk-postgres | PostgreSQL Database directory appears to contain a database; Skipping initialization
bk-postgres | 
bk-postgres | 2023-01-14 21:00:54.077 UTC [1] LOG:  starting PostgreSQL 15.1 (Debian 15.1-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
bk-postgres | 2023-01-14 21:00:54.096 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
bk-postgres | 2023-01-14 21:00:54.096 UTC [1] LOG:  listening on IPv6 address "::", port 5432
bk-postgres | 2023-01-14 21:00:54.104 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
bk-postgres | 2023-01-14 21:00:54.108 UTC [29] LOG:  database system was shut down at 2023-01-14 21:00:52 UTC
bk-postgres | 2023-01-14 21:00:54.114 UTC [1] LOG:  database system is ready to accept connections
bk-app      | 
bk-app      | > briefkasten@0.9.0 start /app
bk-app      | > next start
bk-app      | 
bk-app      | ready - started server on 0.0.0.0:3000, url: http://localhost:3000
bk-app      | warn  - Invalid next.config.js options detected: 
bk-app      |   - The root value has an unexpected property, sentry, which is not in the list of allowed properties (amp, analyticsId, assetPrefix, basePath, cleanDistDir, compiler, compress, crossOrigin, devIndicators, distDir, env, eslint, excludeDefaultMomentLocales, experimental, exportPathMap, future, generateBuildId, generateEtags, headers, httpAgentOptions, i18n, images, onDemandEntries, optimizeFonts, output, outputFileTracing, pageExtensions, poweredByHeader, productionBrowserSourceMaps, publicRuntimeConfig, reactStrictMode, redirects, rewrites, sassOptions, serverRuntimeConfig, staticPageGenerationTimeout, swcMinify, trailingSlash, typescript, useFileSystemPublicRoutes, webpack).
bk-app      | 
bk-app      | See more info here: https://nextjs.org/docs/messages/invalid-next-config
bk-app      | warn  - You have enabled experimental features (legacyBrowsers, browsersListForSwc) in next.config.mjs.
bk-app      | warn  - Experimental features are not covered by semver, and may cause unexpected or broken application behavior. Use at your own risk.
bk-app      | 

Maybe the warning about the next.config.js is the problem?

[LinusOssmann]

Hey. I had another look at everything and realized that the domain is used for requests from the backend, but also for requests in the frontend... Than of course it doesnt work to put the port there when traefik listens to port 80. Inside the container I point the public domain now to the internal IP adress of my reverse proxy server and surprise! It works.... Sorry for taking your time with an issue you didn't produce, but let's just say you somehow helped me solve the issue!