Unable to login on a fresh login - similar to issue #3 - 501 error

[kmanwar89]

Support guidelines

• [X] I've read the FAQs

Description

Very similar to the user in #3 , I'm unable to login after a fresh install - docker compose logs indicate a 501 (method not implemented) on each attempt. The only changes I'm making are to add in a docker network that I use to allow all services to be reachable via the container container name rather than configuring port/IP pairings. This works for about 30 other services on the same server. HTTPS is achieved by Cloudflare "full" SSL/TLS mode.

I get the same result whether or not I have the nginx proxy in my compose file - since I already have a proxy, I don't actually need this, but the result is the same even if I comment this out. Some logs from docker-compose - the 501's are my login attempts, I'm not sure what's causing the 404's but I haven't actually seen any 404 behavior in the browser:

frontend-1  | 2024-10-13T23:49:49.546230532Z [::ffff:172.29.0.29]:34466: response:200
frontend-1  | 2024-10-13T23:49:49.665808071Z [::ffff:172.29.0.29]:34482: response:501
frontend-1  | 2024-10-13T23:49:50.051106824Z [::ffff:172.29.0.29]:34488: response:404
frontend-1  | 2024-10-13T23:49:56.011485359Z [::ffff:172.29.0.29]:34492: response:501
frontend-1  | 2024-10-13T23:49:58.733117407Z [::ffff:172.29.0.29]:54464: response:501
frontend-1  | 2024-10-13T23:50:06.049884593Z [::ffff:172.29.0.29]:54472: response:200
frontend-1  | 2024-10-13T23:50:07.118551747Z [::ffff:127.0.0.1]:34852: response:200
frontend-1  | 2024-10-13T23:50:07.482974739Z [::ffff:172.29.0.29]:54486: response:200
frontend-1  | 2024-10-13T23:50:07.548570985Z [::ffff:172.29.0.29]:54494: response:501
frontend-1  | 2024-10-13T23:50:13.096436167Z [::ffff:172.29.0.29]:60436: response:501
frontend-1  | 2024-10-13T23:50:37.153323197Z [::ffff:127.0.0.1]:47410: response:200
frontend-1  | 2024-10-13T23:51:07.194604251Z [::ffff:127.0.0.1]:51770: response:200
frontend-1  | 2024-10-13T23:51:37.231792559Z [::ffff:127.0.0.1]:46674: response:200
frontend-1  | 2024-10-13T23:52:07.295630417Z [::ffff:127.0.0.1]:56322: response:200
frontend-1  | 2024-10-13T23:52:37.330490027Z [::ffff:127.0.0.1]:59910: response:200
frontend-1  | 2024-10-13T23:53:07.367848298Z [::ffff:127.0.0.1]:48574: response:200
frontend-1  | 2024-10-13T23:53:37.407771927Z [::ffff:127.0.0.1]:51170: response:200
frontend-1  | 2024-10-13T23:54:07.451565210Z [::ffff:127.0.0.1]:45204: response:200
frontend-1  | 2024-10-13T23:54:37.491937093Z [::ffff:127.0.0.1]:37926: response:200
frontend-1  | 2024-10-13T23:55:07.544627074Z [::ffff:127.0.0.1]:35256: response:200
frontend-1  | 2024-10-13T23:55:37.597376181Z [::ffff:127.0.0.1]:37408: response:200
frontend-1  | 2024-10-13T23:55:41.700492880Z [::ffff:172.29.0.29]:38898: response:200
frontend-1  | 2024-10-13T23:55:41.813531169Z [::ffff:172.29.0.29]:38906: response:501
frontend-1  | 2024-10-13T23:55:42.051067424Z [::ffff:172.29.0.29]:38912: response:404
frontend-1  | 2024-10-13T23:56:07.657257596Z [::ffff:127.0.0.1]:55124: response:200
frontend-1  | 2024-10-13T23:56:14.771280417Z [::ffff:172.29.0.29]:39526: response:501
frontend-1  | 2024-10-13T23:56:16.532772104Z [::ffff:172.29.0.29]:39528: response:501
frontend-1  | 2024-10-13T23:56:17.124533528Z [::ffff:172.29.0.29]:39542: response:501
frontend-1  | 2024-10-13T23:56:17.290126854Z [::ffff:172.29.0.29]:39556: response:501
frontend-1  | 2024-10-13T23:56:17.457884052Z [::ffff:172.29.0.29]:39570: response:501
nginx-1     | 2024-10-13T23:58:38.553142780Z /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
frontend-1  | 2024-10-13T23:56:17.618648878Z [::ffff:172.29.0.29]:39584: response:501
nginx-1     | 2024-10-13T23:58:38.553174212Z /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
frontend-1  | 2024-10-13T23:56:17.784478575Z [::ffff:172.29.0.29]:39598: response:501
nginx-1     | 2024-10-13T23:58:38.553623974Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
frontend-1  | 2024-10-13T23:56:17.922259505Z [::ffff:172.29.0.29]:52360: response:501
nginx-1     | 2024-10-13T23:58:38.556444784Z 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
frontend-1  | 2024-10-13T23:56:18.058119639Z [::ffff:172.29.0.29]:52370: response:501
nginx-1     | 2024-10-13T23:58:38.563637345Z 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
frontend-1  | 2024-10-13T23:56:37.701656711Z [::ffff:127.0.0.1]:53656: response:200
nginx-1     | 2024-10-13T23:58:38.563798628Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
frontend-1  | 2024-10-13T23:57:07.763495770Z [::ffff:127.0.0.1]:35116: response:200
frontend-1  | 2024-10-13T23:57:10.608439624Z [::ffff:172.29.0.29]:38212: response:501
frontend-1  | 2024-10-13T23:57:11.161422746Z [::ffff:172.29.0.29]:38226: response:501
nginx-1     | 2024-10-13T23:58:38.565277625Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
frontend-1  | 2024-10-13T23:57:11.329669103Z [::ffff:172.29.0.29]:38234: response:501
frontend-1  | 2024-10-13T23:57:13.181974109Z [::ffff:172.29.0.29]:38238: response:501
frontend-1  | 2024-10-13T23:57:13.637861363Z [::ffff:172.29.0.29]:38254: response:501
nginx-1     | 2024-10-13T23:58:38.565974375Z /docker-entrypoint.sh: Configuration complete; ready for start up
frontend-1  | 2024-10-13T23:57:13.805448757Z [::ffff:172.29.0.29]:38264: response:501
frontend-1  | 2024-10-13T23:57:13.929842439Z [::ffff:172.29.0.29]:38274: response:501
frontend-1  | 2024-10-13T23:57:14.720453252Z [::ffff:172.29.0.29]:38288: response:200
frontend-1  | 2024-10-13T23:57:14.773759871Z [::ffff:172.29.0.29]:38290: response:501
frontend-1  | 2024-10-13T23:57:15.673117201Z [::ffff:172.29.0.29]:38304: response:404
frontend-1  | 2024-10-13T23:57:15.768861200Z [::ffff:172.29.0.29]:38314: response:200
frontend-1  | 2024-10-13T23:57:15.771680333Z [::ffff:172.29.0.29]:38322: response:200
frontend-1  | 2024-10-13T23:57:15.779909812Z [::ffff:172.29.0.29]:38334: response:200
frontend-1  | 2024-10-13T23:57:33.498564671Z [::ffff:172.29.0.29]:57684: response:404
frontend-1  | 2024-10-13T23:57:33.596581718Z [::ffff:172.29.0.29]:57692: response:200
frontend-1  | 2024-10-13T23:57:37.808572734Z [::ffff:127.0.0.1]:41388: response:200
frontend-1  | 2024-10-13T23:57:53.017480275Z [::ffff:172.29.0.29]:35616: response:200
frontend-1  | 2024-10-13T23:58:07.852023744Z [::ffff:127.0.0.1]:58414: response:200
frontend-1  | 2024-10-13T23:58:17.539228539Z [::ffff:172.29.0.29]:42040: response:501
frontend-1  | 2024-10-13T23:58:19.674733622Z [::ffff:172.29.0.29]:44824: response:501
frontend-1  | 2024-10-13T23:58:37.906087436Z [::ffff:127.0.0.1]:33100: response:200
frontend-1  | 2024-10-13T23:58:42.402021740Z [::ffff:172.29.0.29]:59518: response:501
frontend-1  | 2024-10-13T23:58:43.028821376Z [::ffff:172.29.0.29]:59522: response:501
frontend-1  | 2024-10-13T23:58:43.170827515Z [::ffff:172.29.0.29]:59532: response:501
frontend-1  | 2024-10-13T23:58:43.298918900Z [::ffff:172.29.0.29]:59536: response:501
frontend-1  | 2024-10-13T23:58:45.026137120Z [::ffff:172.29.0.29]:59546: response:501
frontend-1  | 2024-10-13T23:58:45.457649424Z [::ffff:172.29.0.29]:59562: response:501
frontend-1  | 2024-10-13T23:58:45.613860193Z [::ffff:172.29.0.29]:59572: response:501
frontend-1  | 2024-10-13T23:58:45.909237013Z [::ffff:172.29.0.29]:59584: response:501
frontend-1  | 2024-10-13T23:59:07.966336385Z [::ffff:127.0.0.1]:60610: response:200
frontend-1  | 2024-10-13T23:59:38.003131204Z [::ffff:127.0.0.1]:44660: response:200
frontend-1  | 2024-10-14T00:00:08.060107192Z [::ffff:127.0.0.1]:58940: response:200
frontend-1  | 2024-10-14T00:00:38.105464442Z [::ffff:127.0.0.1]:51242: response:200
frontend-1  | 2024-10-14T00:01:08.154200025Z [::ffff:127.0.0.1]:48400: response:200
frontend-1  | 2024-10-14T00:01:38.206671848Z [::ffff:127.0.0.1]:45284: response:200
frontend-1  | 2024-10-14T00:02:08.253506779Z [::ffff:127.0.0.1]:58140: response:200
frontend-1  | 2024-10-14T00:02:38.303052762Z [::ffff:127.0.0.1]:59270: response:200
frontend-1  | 2024-10-14T00:03:08.362703521Z [::ffff:127.0.0.1]:34688: response:200
frontend-1  | 2024-10-14T00:03:38.409620165Z [::ffff:127.0.0.1]:57712: response:200
frontend-1  | 2024-10-14T00:04:08.453848961Z [::ffff:127.0.0.1]:37048: response:200
frontend-1  | 2024-10-14T00:04:38.507159089Z [::ffff:127.0.0.1]:41674: response:200
frontend-1  | 2024-10-14T00:05:08.565458753Z [::ffff:127.0.0.1]:41942: response:200
frontend-1  | 2024-10-14T00:05:38.605866873Z [::ffff:127.0.0.1]:43094: response:200
frontend-1  | 2024-10-14T00:06:08.649562265Z [::ffff:127.0.0.1]:60344: response:200
frontend-1  | 2024-10-14T00:06:38.694550849Z [::ffff:127.0.0.1]:49924: response:200
frontend-1  | 2024-10-14T00:07:08.741010102Z [::ffff:127.0.0.1]:58038: response:200
frontend-1  | 2024-10-14T00:07:38.779954572Z [::ffff:127.0.0.1]:35600: response:200
frontend-1  | 2024-10-14T00:08:08.833472464Z [::ffff:127.0.0.1]:48174: response:200
frontend-1  | 2024-10-14T00:08:38.880679099Z [::ffff:127.0.0.1]:56752: response:200
frontend-1  | 2024-10-14T00:09:08.923355376Z [::ffff:127.0.0.1]:57848: response:200

Here's my compose file - the port # is commented out because I usually use whichever port is natively exposed by the dockerfile, but my result appears to be the same regardless of if this is commented or not:

services:
  backend:
    image: ghcr.io/simonwep/genesis:v1.3
    restart: unless-stopped
    volumes:
      - ./data:/app/.data
    command: start
    environment:
      - GENESIS_PORT
      - GENESIS_DB_PATH
      - GENESIS_CREATE_USERS
      - GENESIS_AUTHORIZED_URIS
      - GENESIS_JWT_SECRET
      - GENESIS_JWT_TOKEN_EXPIRATION
      - GENESIS_JWT_COOKIE_ALLOW_HTTP
      - GENESIS_USERNAME_PATTERN
      - GENESIS_KEY_PATTERN
      - GENESIS_DATA_MAX_SIZE
      - GENESIS_KEYS_PER_USER
      - GENESIS_GIN_MODE
      - GENESIS_LOG_MODE
    networks:
      - services

  frontend:
    image: ghcr.io/simonwep/ocular:v1.5
    restart: unless-stopped
    networks:
      - services

  nginx:
    image: nginx:1.24-alpine
    restart: unless-stopped
#    ports:
#      - "3030:80"
    volumes:
      - ./config/nginx.conf:/etc/nginx/nginx.conf
    depends_on:
      - backend
      - frontend
    networks:
      - services

networks:
  services:
    name: services
    external: true

Environment

Client Browser - Google Chrome Version 129.0.6668.101 (Official Build) (arm64) Client OS - MacOS Sequoia 15.0.1 Client Hardware - MacBook M3 Pro (2023) Ocular Version - 1.4.0 Docker Version - Docker version 27.0.3, build 7d4bcd8 Server Hardware - Beelink AMD mini PC

Expected behaviour

Be allowed to login without a 501 error

Steps to reproduce

1. Follow the steps in the repo readme - including downloading the release (NOT a repo clone), renaming the .env file, running ./gen-passwords.sh and using docker-compose up -d to start the container.
2. Before bringing the container up, I edit the compose file to add my docker network (called services) which connects to my Cloudflare Tunnels container upstream, and downstream each service is added to this network. This works for 30+ other services hosted on the same machine.
3. When attempting to login using the username/password combo from the .env file, I am greeted with a 501 error (method not implemented)

5. I've tried setting a very simple username/password (this is attached as a failed login attempt and has been disabled for security reasons), without success. budget.kadaranwar.com.har.zip
6. I reviewed the other issues where the nginx.conf was suspected as causing issues (#2 ) but I don't see that same output in the developer tools in my requests. The attached .har.zip can be extracted and then imported into Chrome to see the full request/response.
7. The GENESIS_JWT_COOKIE_ALLOW_HTTP is already set to true in my .env file:

# Database location
GENESIS_DB_PATH=.data

# JWT secret known only to your token generator
GENESIS_JWT_SECRET=THIS_IS_A_SECURE_TOKEN_USUALLY

# JWT expiration in minutes
GENESIS_JWT_TOKEN_EXPIRATION=120960

# If the session cookie for the backend should be allowed to be sent over http
# Dangerous, it's best to run it behind a reverse proxy with https
GENESIS_JWT_COOKIE_ALLOW_HTTP=true

# Gin mode, either test, release or debug
GENESIS_GIN_MODE=release

# Zap loggger, either production or development
GENESIS_LOG_MODE=production

# Port to listen on, leave it at 80 if you're using a reverse proxy
GENESIS_PORT=80

# Base url to listen for requests
GENESIS_BASE_URL=/

# Use ! as suffix for the username to indicate that this user
# should be created as an admin. These can add, remove and edit users.
GENESIS_CREATE_USERS=simple_username!:simple_password

# Allowed username pattern
GENESIS_USERNAME_PATTERN=^[\w]{0,32}$

# Allowed key pattern
GENESIS_KEY_PATTERN=^[\w]{0,32}$

# Maximum size of each key in kilobytes
GENESIS_DATA_MAX_SIZE=512

# Maximum amount of datasets per user
GENESIS_KEYS_PER_USER=2

Additional info

This same service has about 30 other containers running, with nginx proxy manager (NPM) as the reverse proxy, so I'm fairly confident there is no issue in my existing proxy/tunnel setup.

The topology flow is something like: Request ---> WAN ---> domain name ---> DNS record for cloudflare tunnel ID ---> home server on the "cf" docker network ---> NPM subdomain entry with "services" docker network ---> downstream service.

Happy to share more details in case I missed something!

[kmanwar89]

The actual error message is invalid username/password, forgot to mention that:

[ggagnidze]

Have that to. Problem only if using Nginx Proxy Manager. When direct connected to 3030 — login ok. Trying to use different advanced settings for nginx, but no luck

[kmanwar89]

Have that to. Problem only if using Nginx Proxy Manager. When direct connected to 3030 — login ok. Trying to use different advanced settings for nginx, but no luck

That is exactly what I'm using! Perhaps its an NPM-side issue? Not exactly unprecedented...

[simonwep]

Hey! Sorry for the late reply to this conversations, seems like many of you are having problem which by now seems like is definitely caused by the network setup of this compose setup. First of all, thank you @kmanwar89 for the very elaborate issue.

I'm not that familiar with networking, so any help is highly appreciated. For what I see, you attach all services to the same network - I assume that makes all them share the same space of available ports? This will cause problems because the backend and frontend service both listen on port 80.

Try changing the following (assuming port 3031 is not already used inside the given external network):

.env

-GENESIS_PORT=80
+GENESIS_PORT=3031

config/nginx.conf

location /api/ {
-  proxy_pass http://backend/;
+. proxy_pass http://backend:3031/;
}

And if needed the port on where to actually access the app (assuming you want to access the app on 8080):

config/nginx.conf

-  listen 80;
+  listen 8080;

I couldn't test it with external networks as I don't have any similar network setups in use right now nor do I have any experience with NPM, so any help is highly appreciated!

The setup of this app is basically just one nginx container redirecting /api-requests to the backend service and all other to the frontend service. Both currently running on port 80, that's why the said change above might work.