I am trying to install this on my QNAP NAS. For this, I basically created a deployment on my linux PC and from there I picked the docker-compose file and fixed it for my NAS and installed it there. On the NAS I have an NPM reverse proxy to resolve subdomain and then the Nginx proxy which comes with this stack.
I am able to see the Sign in with OpenID page on outline with my URL. I get redirected to /uc and can login there, but I get authentication failure from outline. Here is the log message,
ERR Error during authentication | error=Failed to obtain access token stack=InternalOAuthError: Failed to obtain access token
at OAuth2Strategy._createOAuthError (/opt/outline/node_modules/passport-oauth2/lib/strategy.js:423:17)
at /opt/outline/node_modules/passport-oauth2/lib/strategy.js:177:45
at /opt/outline/node_modules/oauth/lib/oauth2.js:191:18
at ClientRequest.<anonymous> (/opt/outline/node_modules/oauth/lib/oauth2.js:162:5)
at ClientRequest.emit (node:events:526:28)
at ClientRequest.emit (node:domain:475:12)
at Socket.socketErrorListener (node:_http_client:442:9)
at Socket.emit (node:events:526:28)
at Socket.emit (node:domain:475:12)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
Here is the log from Nginx
10.0.3.6 - - [02/Mar/2023:11:31:51 +0000] "GET /auth/oidc HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
10.0.3.6 - - [02/Mar/2023:11:31:51 +0000] "GET /uc/oauth/authorize/?response_type=code&redirect_uri=http%3A%2F%2Fsubdomain.domain.com%2Fauth%2Foidc.callback&scope=openid%20profile%20email&state=9e386e6e1ebc8227&client_id=050984 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
10.0.3.6 - - [02/Mar/2023:11:31:51 +0000] "GET /auth/oidc.callback?code=101f5f764c1140f28abcd0d56fedxxxx&state=9e386e6e1ebcxxxx HTTP/1.1" 302 69 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
10.0.3.6 - - [02/Mar/2023:11:31:51 +0000] "GET /?notice=auth-error HTTP/1.1" 200 1158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
10.0.3.6 - - [02/Mar/2023:11:31:51 +0000] "POST /api/auth.config HTTP/1.1" 200 100 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
10.0.3.6 - - [02/Mar/2023:11:31:53 +0000] "GET /static/service-worker.js HTTP/1.1" 200 11540 "https://outline.gauravk.in/static/service-worker.js" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "192.168.0.1"
Here is the nginx config
server {
listen 80;
client_max_body_size 100m;
# Proxy requests to the bucket "outline" to MinIO server running on port 9000
location /outline-bucket {
include /etc/nginx/conf.d/include/proxy.conf;
proxy_pass http://wk-minio:9000;
}
# Proxy any other request to the application server running on port 9001
location / {
include /etc/nginx/conf.d/include/proxy.conf;
proxy_pass http://wk-outline:3000;
}
# Static file FOR OIDC Server
location /uc/static {
alias /uc/static_root;
}
# OIDC Server
location /uc {
include /etc/nginx/conf.d/include/proxy.conf;
proxy_set_header SCRIPT_NAME /uc;
proxy_pass http://wk-oidc-server:8000;
}
}
I can see the auth code and state in the Nginx log, but it looks like these don't get passed to outline. I've spent 2 days trying to figure out what could be wrong. I will greatly appreciate any help in getting this to work!
I am trying to install this on my QNAP NAS. For this, I basically created a deployment on my linux PC and from there I picked the docker-compose file and fixed it for my NAS and installed it there. On the NAS I have an NPM reverse proxy to resolve subdomain and then the Nginx proxy which comes with this stack.
I am able to see the Sign in with OpenID page on outline with my URL. I get redirected to
/uc
and can login there, but I get authentication failure from outline. Here is the log message,Here is the log from Nginx
Here is the nginx config
I can see the auth code and state in the Nginx log, but it looks like these don't get passed to outline. I've spent 2 days trying to figure out what could be wrong. I will greatly appreciate any help in getting this to work!