search

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack
https://doc.owncloud.com/ocis/next/
Apache License 2.0
1.4k stars 183 forks source link

Podman rootless + nginx proxy manager: failed to authenticate the request #10446

Open danielpinto8zz6 opened 4 days ago

danielpinto8zz6 commented 4 days ago

Describe the bug

Hi, I'm using podman rootless with nginx proxy manager as reverse proxy, after running the init setup and running the container, I'm not able to login, I got the following error: 

{"level":"error","service":"proxy","error":"failed to verify access token: Get \"https://my-address.void/.well-known/openid-configuration\": dial tcp 10.0.0.4:443: connect: connection refused","authenticator":"oidc","path":"/ocs/v1.php/cloud/user","time":"2024-10-31T01:47:30Z","message":"failed to authenticate the request"}

Steps to reproduce

  1. Init config 
    podman run --rm -it \
--network=npm \
--userns=keep-id \
--user 1000:1000 \
-v /owncloud/config/:/etc/ocis:Z \
docker.io/owncloud/ocis init
  2. Run podman ocis quadlet: 
    
[Unit]
Description=OwnCloud Quadlet

[Container] ContainerName=owncloud HostName=owncloud

Image=docker.io/owncloud/ocis:latest

Environment=OCIS_INSECURE=true Environment=OCIS_LOG_LEVEL=error Environment=PROXY_HTTP_ADDR=0.0.0.0:9200 \ Environment=PROXY_TLS=false Environment=OCIS_URL=https://my-address.void

PublishPort=9200:9200

Network=npm

User=1000 Group=1000 UserNS=keep-id

Volume=/owncloud/config:/etc/ocis:Z Volume=/owncloud/data:/var/lib/ocis:z

AutoUpdate=registry

[Service] Restart=unless-stopped

[Install] WantedBy=default.target


3. Login with the init credentials

## Expected behavior
User login correctly

## Actual behavior
Login fails with following error:

{"level":"error","service":"proxy","error":"failed to verify access token: Get \"https://my-address.void/.well-known/openid-configuration\": dial tcp 10.0.0.4:443: connect: connection refused","authenticator":"oidc","path":"/ocs/v1.php/cloud/user","time":"2024-10-31T01:47:30Z","message":"failed to authenticate the request"}

rhafer commented 4 days ago

Does my-address.void resolve to the correct IP address inside the container. It needs to resolve to the IP that your nginx reverse proxy is running on. (i.e. the ocis running inside the container needs to be able to access itself via the reverse proxy)

danielpinto8zz6 commented 4 days ago

Yes, I think so: Screenshot_20241031_145340 owncloud is the hostname of the container for ocis, the ocis and nginx proxy manager are running on same network Maybe do I need to add extra configurations?