search

stonith404 / pocket-id

A simple OIDC provider that allows users to authenticate with their passkeys to your services.
BSD 2-Clause "Simplified" License
307 stars 4 forks source link

🐛 Bug Report: Unable to access /login/setup #11

Closed Heavensong89 closed 2 months ago

Heavensong89 commented 2 months ago

Reproduction steps

Installed from Unraid, I'm using SWAG (Nginx) Reverse Proxy, so I have setup https://id.example.com to reverse proxy to http://pocketid:3000, however the logs show Failed to get application configuration: connect ECONNREFUSED 192.168.7.127:443 Variable is updated appropriately, see Unraid's run command below:

docker run
  -d
  --name='pocketid'
  --net='proxy'
  --pids-limit 2048
  -e TZ="Europe/London"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="farrosphere"
  -e HOST_CONTAINERNAME="pocketid"
  -e 'PUBLIC_APP_URL'='https://id.example.com'
  -e 'DB_PATH'='data/pocket-id.db'
  -e 'UPLOAD_PATH'='data/uploads'
  -e 'PORT'='3000'
  -e 'BACKEND_PORT'='8080'
  -e 'PUID'='099'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:3000]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/nwithan8/unraid_templates/master/images/pocket-id-icon.png'
  -v '/mnt/user/appdata/pocket-id/data':'/app/backend/data':'rw'
'stonith404/pocket-id:latest'

Expected behavior

Allow me to create first user/login.

Actual Behavior

image

stonith404 commented 2 months ago

Are you sure that the PUBLIC_APP_URL is really set to https://id.example.com? You can verify it with 

docker exec pocket-id env | grep PUBLIC_APP_URL
Heavensong89 commented 2 months ago

Are you sure that the PUBLIC_APP_URL is really set to https://id.example.com? You can verify it with

docker exec pocket-id env | grep PUBLIC_APP_URL

Yes. It’s set in Unraid Docker UI’s variables, and that command returns the URL that i set it as.

stonith404 commented 2 months ago

Okay thanks, does your domain (id.example.com) point to the local IP 192.168.7.127?

ducati1198 commented 2 months ago

Same problem here. docker exec pocket-id env | grep PUBLIC_APP_URL Is give my the good url. Swag is pointing to 192.168.xx.xx:3000 and same on Cloudflare tunnel mod

stonith404 commented 2 months ago

Yeah the issue probably occurs because 192.168.xx.xx isn't accessible inside the docker container. I've created a potential fix. Would you mind to test the stonith404/pocket-id:development image?

Heavensong89 commented 2 months ago

pocket-id:development

IMG_0060 Can now load but looks like images are broken and get error occurred alert when clicking continue

stonith404 commented 2 months ago

Could you share the container logs?

Heavensong89 commented 2 months ago

Could you share the container logs?

Listening on 0.0.0.0:3000
[GIN] 2024/08/17 - 08:56:48 | 401 |       26.16µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:48 | 401 |       42.02µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:48 | 200 |     206.016µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:48 | 200 |     223.204µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:48 | 401 |      16.753µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:48 | 401 |      35.199µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:48 | 200 |     188.891µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:48 | 200 |     250.385µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:48 | 401 |      12.246µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:48 | 401 |      23.134µs |             ::1 | GET      "/api/users/me"
SvelteKitError: Not found: /api/application-configuration/logo
    at resolve2 (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5273:18)
    at resolve (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5106:34)
    at Object.handle (file:///app/frontend/build/server/chunks/hooks.server-BZMsLR3h.js:41:26)
    at respond (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5104:43) {
  status: 404,
  text: 'Not Found'
}
[GIN] 2024/08/17 - 08:56:48 | 200 |     129.898µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:48 | 200 |     138.049µs |             ::1 | GET      "/api/application-configuration"
SvelteKitError: Not found: /api/application-configuration/background-image
    at resolve2 (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5273:18)
    at resolve (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5106:34)
    at Object.handle (file:///app/frontend/build/server/chunks/hooks.server-BZMsLR3h.js:41:26)
    at respond (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5104:43) {
  status: 404,
  text: 'Not Found'
}
[GIN] 2024/08/17 - 08:56:50 | 401 |      20.973µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:50 | 401 |      56.818µs |             ::1 | GET      "/api/users/me"
[GIN] 2024/08/17 - 08:56:50 | 200 |     190.647µs |             ::1 | GET      "/api/application-configuration"
[GIN] 2024/08/17 - 08:56:50 | 200 |     211.641µs |             ::1 | GET      "/api/application-configuration"
SvelteKitError: Not found: /api/one-time-access-token/setup
    at resolve2 (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5273:18)
    at resolve (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5106:34)
    at Object.handle (file:///app/frontend/build/server/chunks/hooks.server-BZMsLR3h.js:41:26)
    at respond (file:///app/frontend/build/server/chunks/index-CjGFhKNr.js:5104:43) {
  status: 404,
  text: 'Not Found'
}
stonith404 commented 2 months ago

Oh, I think this is an issue of the Unraid template, I'm not using Unraid because of that the template isn't made by me. Can you try to change the port of the application in the template to 80 instead of 3000?

The frontend runs on port 3000, the backend on 8080 and the reverse proxy on 80. You have to access Pocket ID over the reverse proxy because if you directly access the frontend, the path /api/** isn't found.

Heavensong89 commented 2 months ago

Oh, I think this is an issue of the Unraid template, I'm not using Unraid because of that the template isn't made by me. Can you try to change the port of the application in the template to 80 instead of 3000?

The frontend runs on port 3000, the backend on 8080 and the reverse proxy on 80. You have to access Pocket ID over the reverse proxy because if you directly access the frontend, the path /api/** isn't found.

So should the PORT environment variable be set to 80 for the frontend? Or still keep frontend as 3000 but also expose/reverse proxy port 80?

Edit: Confirmed, leave PORT as 3000, BACKEND_PORT as 8080, but then need to reverse proxy to port 80

stonith404 commented 2 months ago

Great :) Do you know how I can edit the Unraid template that is in the store?

Bartrpc commented 2 months ago

You may reach out directly to this guy, He added pocket id to Unraid Community Apps -> https://github.com/nwithan8/unraid_templates Or You can create Your own template as a pocket id dev. Here is some useful link -> https://selfhosters.net/docker/templating/templating/ Alternatively, someone who will use nwithan8 template should modify template by yourself before creating a docker container. (nah... )

nwithan8 commented 2 months ago

Was just debugging this last night. Glad someone figured out what the problem was already. Pushing out an updated template now, sorry about that.

EDIT: Update has been pushed. Templates usually populate on the Unraid Community Apps store within two hours.

EDIT 2: The Unraid app feed has been inconsistent for the past few days. Looks like it hasn't updated since I merged in the fixed template, so it's not available yet.