Global OIDC triggering auth rate limit error with pocket ID #126

New Issue

Closed

opened 2025-12-29 14:25:24 +01:00 by adam · 9 comments

adam commented 2025-12-29 14:25:24 +01:00

Owner

Copy Link

Originally created by @Strontium on GitHub (Dec 20, 2025).

When using the global OIDC configuration with pocket-id i'm getting a "auth rate limit exceeded" error when navigating to the godoxy webui or other proxied apps.
Works as expected with godoxy v0.20.7
I've tried a fresh build keeping as close to supplied example configuration as I could and still faced the same issue. Any help would be appreciated.

config.yml

autocert: (redacted)
entrypoint:
  support_proxy_protocol: false
  middlewares:
    - use: CloudflareRealIP
    - use: ModifyResponse
      set_headers:
        Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
        Access-Control-Allow-Headers: "*"
        Access-Control-Allow-Origin: "*"
        Access-Control-Max-Age: 180
        Vary: "*"
        X-XSS-Protection: 1; mode=block
        Content-Security-Policy: "object-src 'self'; frame-ancestors 'self';"
        X-Content-Type-Options: nosniff
        X-Frame-Options: SAMEORIGIN
        Referrer-Policy: same-origin
        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload     
    - use: oidc
      bypass:
        - route auth
  access_log:
    format: combined
    path: /app/logs/entrypoint.log
providers:
  docker:
    local: $DOCKER_HOST
homepage:
  use_default_categories: true
timeout_shutdown: 5

godoxy-compose.yml

---
services:
  socket-proxy:
    container_name: socket-proxy
    image: ghcr.io/yusing/socket-proxy:latest
    environment:
      - ALLOW_START=1
      - ALLOW_STOP=1
      - ALLOW_RESTARTS=1
      - CONTAINERS=1
      - EVENTS=1
      - INFO=1
      - PING=1
      - POST=1
      - VERSION=1
    volumes:
      - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
    restart: unless-stopped
    tmpfs:
      - /run
    networks:
      - godoxy
  frontend:
    image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}
    container_name: godoxy-frontend
    restart: unless-stopped
    user: 1000:1000
    env_file: .env
    read_only: true
    tmpfs:
      - /app/.next/cache # next image caching
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    depends_on:
      - app
    environment:
      GODOXY_API_ADDR: app:8888
    labels:
      proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy}
    networks:
      - godoxy
  app:
    image: ghcr.io/yusing/godoxy:${TAG:-latest}
    container_name: godoxy-proxy
    restart: always
    env_file: .env
    user: 1000:1000
    depends_on:
      socket-proxy:
        condition: service_started
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    cap_add:
      - NET_BIND_SERVICE
    environment:
      - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}
      - GODOXY_API_ADDR=0.0.0.0:8888
    ports:
      - 80:80
      - 443:443/tcp
      - 443:443/udp # http3
    volumes:
      - ./config:/app/config
      - ./logs:/app/logs
      - ./error_pages:/app/error_pages:ro
      - ./data:/app/data
      - ./certs:/app/certs
    networks:
      - proxy
      - godoxy
networks:
  proxy: # bridge network for all services that needs proxying
    external: true
  godoxy:

.env

DOCKER_HOST=tcp://127.0.0.1:2375
SOCKET_PROXY_LISTEN_ADDR=socket-proxy:2375

TAG=latest

TZ=Australia/Sydney

GODOXY_API_JWT_SECURE=true
GODOXY_API_JWT_SECRET=(redacted)
GODOXY_API_JWT_TOKEN_TTL=

GODOXY_API_USER=admin
GODOXY_API_PASSWORD=(redacted)

GODOXY_OIDC_ISSUER_URL=https://auth.domain.com
GODOXY_OIDC_CLIENT_SECRET=(redacted)
GODOXY_OIDC_CLIENT_ID=(redacted)
GODOXY_OIDC_ALLOWED_GROUPS=admin

GODOXY_HTTP3_ENABLED=true

GODOXY_METRICS_DISABLE_CPU=false
GODOXY_METRICS_DISABLE_MEMORY=false
GODOXY_METRICS_DISABLE_DISK=false
GODOXY_METRICS_DISABLE_NETWORK=false
GODOXY_METRICS_DISABLE_SENSORS=false

GODOXY_FRONTEND_ALIASES=godoxy.domain.com

GODOXY_DEBUG=false

pocket-id-compose.yml

services:
  pocket-id:
    image: ghcr.io/pocket-id/pocket-id:latest-distroless
    container_name: pocket-id
    restart: unless-stopped
    expose:
      - 1411
    volumes:
      - ./data:/app/data
    read_only: true
    user: 1000:1000
    healthcheck:
      test:
        - CMD
        - /app/pocket-id
        - healthcheck
      interval: 1m30s
      timeout: 5s
      retries: 2
      start_period: 10s
    environment:
      APP_URL: https://auth.domain.com
      MAXMIND_LICENSE_KEY: (redacted)
    labels:
      proxy.aliases: "auth"
      proxy.#1.healthcheck.path: /healthz
    networks:
      - proxy
networks:
  proxy:
    external: true

Originally created by @Strontium on GitHub (Dec 20, 2025). When using the global OIDC configuration with pocket-id i'm getting a "auth rate limit exceeded" error when navigating to the godoxy webui or other proxied apps. Works as expected with godoxy v0.20.7 I've tried a fresh build keeping as close to supplied example configuration as I could and still faced the same issue. Any help would be appreciated. **config.yml** ```yaml autocert: (redacted) entrypoint: support_proxy_protocol: false middlewares: - use: CloudflareRealIP - use: ModifyResponse set_headers: Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD Access-Control-Allow-Headers: "*" Access-Control-Allow-Origin: "*" Access-Control-Max-Age: 180 Vary: "*" X-XSS-Protection: 1; mode=block Content-Security-Policy: "object-src 'self'; frame-ancestors 'self';" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Strict-Transport-Security: max-age=63072000; includeSubDomains; preload - use: oidc bypass: - route auth access_log: format: combined path: /app/logs/entrypoint.log providers: docker: local: $DOCKER_HOST homepage: use_default_categories: true timeout_shutdown: 5 ``` **godoxy-compose.yml** ```yaml --- services: socket-proxy: container_name: socket-proxy image: ghcr.io/yusing/socket-proxy:latest environment: - ALLOW_START=1 - ALLOW_STOP=1 - ALLOW_RESTARTS=1 - CONTAINERS=1 - EVENTS=1 - INFO=1 - PING=1 - POST=1 - VERSION=1 volumes: - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock restart: unless-stopped tmpfs: - /run networks: - godoxy frontend: image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest} container_name: godoxy-frontend restart: unless-stopped user: 1000:1000 env_file: .env read_only: true tmpfs: - /app/.next/cache # next image caching security_opt: - no-new-privileges:true cap_drop: - all depends_on: - app environment: GODOXY_API_ADDR: app:8888 labels: proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy} networks: - godoxy app: image: ghcr.io/yusing/godoxy:${TAG:-latest} container_name: godoxy-proxy restart: always env_file: .env user: 1000:1000 depends_on: socket-proxy: condition: service_started security_opt: - no-new-privileges:true cap_drop: - all cap_add: - NET_BIND_SERVICE environment: - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375} - GODOXY_API_ADDR=0.0.0.0:8888 ports: - 80:80 - 443:443/tcp - 443:443/udp # http3 volumes: - ./config:/app/config - ./logs:/app/logs - ./error_pages:/app/error_pages:ro - ./data:/app/data - ./certs:/app/certs networks: - proxy - godoxy networks: proxy: # bridge network for all services that needs proxying external: true godoxy: ``` **.env** ```yaml DOCKER_HOST=tcp://127.0.0.1:2375 SOCKET_PROXY_LISTEN_ADDR=socket-proxy:2375 TAG=latest TZ=Australia/Sydney GODOXY_API_JWT_SECURE=true GODOXY_API_JWT_SECRET=(redacted) GODOXY_API_JWT_TOKEN_TTL= GODOXY_API_USER=admin GODOXY_API_PASSWORD=(redacted) GODOXY_OIDC_ISSUER_URL=https://auth.domain.com GODOXY_OIDC_CLIENT_SECRET=(redacted) GODOXY_OIDC_CLIENT_ID=(redacted) GODOXY_OIDC_ALLOWED_GROUPS=admin GODOXY_HTTP3_ENABLED=true GODOXY_METRICS_DISABLE_CPU=false GODOXY_METRICS_DISABLE_MEMORY=false GODOXY_METRICS_DISABLE_DISK=false GODOXY_METRICS_DISABLE_NETWORK=false GODOXY_METRICS_DISABLE_SENSORS=false GODOXY_FRONTEND_ALIASES=godoxy.domain.com GODOXY_DEBUG=false ``` **pocket-id-compose.yml** ```yaml services: pocket-id: image: ghcr.io/pocket-id/pocket-id:latest-distroless container_name: pocket-id restart: unless-stopped expose: - 1411 volumes: - ./data:/app/data read_only: true user: 1000:1000 healthcheck: test: - CMD - /app/pocket-id - healthcheck interval: 1m30s timeout: 5s retries: 2 start_period: 10s environment: APP_URL: https://auth.domain.com MAXMIND_LICENSE_KEY: (redacted) labels: proxy.aliases: "auth" proxy.#1.healthcheck.path: /healthz networks: - proxy networks: proxy: external: true ```

adam closed this issue 2025-12-29 14:25:24 +01:00

adam commented 2025-12-29 14:25:25 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Dec 20, 2025):

I have tried to reproduce with the similar config. Things worked fine for me.

Is v0.20.7 the last version that works for you?

@yusing commented on GitHub (Dec 20, 2025): I have tried to reproduce with the similar config. Things worked fine for me. Is v0.20.7 the last version that works for you?

adam commented 2025-12-29 14:25:25 +01:00

Author

Owner

Copy Link

@Strontium commented on GitHub (Dec 20, 2025):

Correct. It's working fine with v0.20.7, upgrade to v0.20.8 or latest and it throws the error.

@Strontium commented on GitHub (Dec 20, 2025): Correct. It's working fine with v0.20.7, upgrade to v0.20.8 or latest and it throws the error.

adam commented 2025-12-29 14:25:25 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Dec 22, 2025):

Made some fixes, please try ghcr.io/yusing/godoxy:nightly.

@yusing commented on GitHub (Dec 22, 2025): Made some fixes, please try `ghcr.io/yusing/godoxy:nightly`.

adam commented 2025-12-29 14:25:26 +01:00

Author

Owner

Copy Link

@Strontium commented on GitHub (Dec 22, 2025):

Still the same issue, with a differently formatted auth rate limit error. Clicking try again redirects back to pocket id, which is signed in ok. It's just the protected apps that give this error. Interestingly I get the same error if I bypass the godoxy global OIDC auth for an app and use the apps built-in OIDC integrated logon method.

@Strontium commented on GitHub (Dec 22, 2025): Still the same issue, with a differently formatted auth rate limit error. Clicking try again redirects back to pocket id, which is signed in ok. It's just the protected apps that give this error. Interestingly I get the same error if I bypass the godoxy global OIDC auth for an app and use the apps built-in OIDC integrated logon method. <img width="344" height="177" alt="Image" src="https://github.com/user-attachments/assets/276e693f-8e24-456e-b5ec-0e73d0bf29aa" />

adam commented 2025-12-29 14:25:26 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Dec 22, 2025):

could you turn GODOXY_DEBUG=1 in .env. reproduce the issue, and find logs like these?

12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/
12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/favicon.ico
12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/
12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/auth/callback
12-22 15:58 DBG bypassing request rule_matched="route pocketid" url=pocketid.my.app/

@yusing commented on GitHub (Dec 22, 2025): could you turn `GODOXY_DEBUG=1` in `.env`. reproduce the issue, and find logs like these? ```log 12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/ 12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/favicon.ico 12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/ 12-22 15:56 DBG modifying request middleware=oidcMiddleware url=certs.my.app/auth/callback 12-22 15:58 DBG bypassing request rule_matched="route pocketid" url=pocketid.my.app/ ```

adam commented 2025-12-29 14:25:26 +01:00

Author

Owner

Copy Link

@Strontium commented on GitHub (Dec 22, 2025):

Here are the debug logs:
(it's a temp test instance so if I left something secure in the logs it should be fine)

godoxy-proxy     | 12-22 19:58 DBG docker health check failed, using fallback error="Error response from daemon: client version 1.52 is too new. Maximum supported API version is 1.51" container_id=cfe463377343a29e994ea4aa798e35234df94c33b8742985001f646ba0d96cec
godoxy-proxy     | 12-22 19:59 DBG handling request host=godoxy.domain.com method=GET server=proxy uri=/
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=godoxy.domain.com/
godoxy-proxy     | 12-22 19:59 DBG receiving datagrams failed error={"error":"datagram support disabled","kind":"*errors.errorString","stack":null} server=proxy
godoxy-proxy     | 12-22 19:59 DBG bypassing request rule_matched="route auth" url=auth.domain.com/.well-known/openid-configuration
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 172.19.0.1 - - [22/Dec/2025:19:59:11 +1100] "GET /.well-known/openid-configuration HTTP/2.0" 200 1153 "" "Go-http-client/2.0"
godoxy-proxy     | 12-22 19:59 INF godoxy.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET / HTTP/3.0" 302 298 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fgodoxy.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=4KSlQ2-CBOmG9wtJkgqBWco_xGx1u0s8
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=4KSlQ2-CBOmG9wtJkgqBWco_xGx1u0s8&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://godoxy.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=IeuebtvJ7hjrdgl-6bTjm89feNSEvli2
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=IeuebtvJ7hjrdgl-6bTjm89feNSEvli2 HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=5_ZejdAh_-3Cpf27NfK_okLMG6GtnrpK
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?state=5_ZejdAh_-3Cpf27NfK_okLMG6GtnrpK&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=t7-jxxRXCEmufF_IXTJeHGeKMacqIp7l HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=t7-jxxRXCEmufF_IXTJeHGeKMacqIp7l
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=dpMSWsGNut5519jtXIJq08OzMj0R3b6f HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=dpMSWsGNut5519jtXIJq08OzMj0R3b6f
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=UE0mqWhYseZK1AVHrKItBiYqLZqP_VEx
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=UE0mqWhYseZK1AVHrKItBiYqLZqP_VEx&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=mQ9UEQ5cVDY-H-lRcUBFFsiVI4Y4lumn
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=mQ9UEQ5cVDY-H-lRcUBFFsiVI4Y4lumn HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=7zRbW2SAI7bsdxnRmtKAXwoAHeCfOQS6
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=7zRbW2SAI7bsdxnRmtKAXwoAHeCfOQS6 HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=03T8nI0hzpeClxpBsAhThG5WgZQwgCpx&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=03T8nI0hzpeClxpBsAhThG5WgZQwgCpx
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce
godoxy-proxy     | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?response_type=code&scope=openid profile email groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback HTTP/3.0" 200 316 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
godoxy-proxy     | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/favicon.ico
godoxy-proxy     | 12-22 19:59 DBG bypassing request rule_matched="route auth" url=auth.domain.com/favicon.ico
godoxy-proxy     | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /favicon.ico HTTP/3.0" 200 2025 "https://auth.domain.com/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
Gracefully stopping... (press Ctrl+C again to force)

@Strontium commented on GitHub (Dec 22, 2025): Here are the debug logs: (it's a temp test instance so if I left something secure in the logs it should be fine) ```log godoxy-proxy | 12-22 19:58 DBG docker health check failed, using fallback error="Error response from daemon: client version 1.52 is too new. Maximum supported API version is 1.51" container_id=cfe463377343a29e994ea4aa798e35234df94c33b8742985001f646ba0d96cec godoxy-proxy | 12-22 19:59 DBG handling request host=godoxy.domain.com method=GET server=proxy uri=/ godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=godoxy.domain.com/ godoxy-proxy | 12-22 19:59 DBG receiving datagrams failed error={"error":"datagram support disabled","kind":"*errors.errorString","stack":null} server=proxy godoxy-proxy | 12-22 19:59 DBG bypassing request rule_matched="route auth" url=auth.domain.com/.well-known/openid-configuration godoxy-proxy | 12-22 19:59 INF auth.domain.com 172.19.0.1 - - [22/Dec/2025:19:59:11 +1100] "GET /.well-known/openid-configuration HTTP/2.0" 200 1153 "" "Go-http-client/2.0" godoxy-proxy | 12-22 19:59 INF godoxy.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET / HTTP/3.0" 302 298 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fgodoxy.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=4KSlQ2-CBOmG9wtJkgqBWco_xGx1u0s8 godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=4KSlQ2-CBOmG9wtJkgqBWco_xGx1u0s8&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://godoxy.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=IeuebtvJ7hjrdgl-6bTjm89feNSEvli2 godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=IeuebtvJ7hjrdgl-6bTjm89feNSEvli2 HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=5_ZejdAh_-3Cpf27NfK_okLMG6GtnrpK godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?state=5_ZejdAh_-3Cpf27NfK_okLMG6GtnrpK&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=t7-jxxRXCEmufF_IXTJeHGeKMacqIp7l HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=t7-jxxRXCEmufF_IXTJeHGeKMacqIp7l godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=dpMSWsGNut5519jtXIJq08OzMj0R3b6f HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=dpMSWsGNut5519jtXIJq08OzMj0R3b6f godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=UE0mqWhYseZK1AVHrKItBiYqLZqP_VEx godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=UE0mqWhYseZK1AVHrKItBiYqLZqP_VEx&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=mQ9UEQ5cVDY-H-lRcUBFFsiVI4Y4lumn godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=mQ9UEQ5cVDY-H-lRcUBFFsiVI4Y4lumn HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=7zRbW2SAI7bsdxnRmtKAXwoAHeCfOQS6 godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code&scope=openid profile email groups&state=7zRbW2SAI7bsdxnRmtKAXwoAHeCfOQS6 HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?scope=openid profile email groups&state=03T8nI0hzpeClxpBsAhThG5WgZQwgCpx&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback&response_type=code HTTP/3.0" 302 296 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=03T8nI0hzpeClxpBsAhThG5WgZQwgCpx godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce godoxy-proxy | 12-22 19:59 DBG modifying request middleware=oidcMiddleware url=auth.domain.com/authorize godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /authorize?response_type=code&scope=openid profile email groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce&client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https://auth.domain.com/auth/callback HTTP/3.0" 200 316 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" godoxy-proxy | 12-22 19:59 DBG handling request host=auth.domain.com method=GET server=proxy uri=/favicon.ico godoxy-proxy | 12-22 19:59 DBG bypassing request rule_matched="route auth" url=auth.domain.com/favicon.ico godoxy-proxy | 12-22 19:59 INF auth.domain.com 10.0.0.7 - - [22/Dec/2025:19:59:11 +1100] "GET /favicon.ico HTTP/3.0" 200 2025 "https://auth.domain.com/authorize?client_id=eafde8be-15db-426d-ac8b-5610a2dd8d09&redirect_uri=https%3A%2F%2Fauth.domain.com%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups&state=YwFm-LeIY_A5iFmde1UDL1_iJctBlhce" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" Gracefully stopping... (press Ctrl+C again to force) ```

adam commented 2025-12-29 14:25:27 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Dec 22, 2025):

Pushed another fix to nightly, please update and try again.

@yusing commented on GitHub (Dec 22, 2025): Pushed another fix to `nightly`, please update and try again.

adam commented 2025-12-29 14:25:27 +01:00

Author

Owner

Copy Link

@Strontium commented on GitHub (Dec 22, 2025):

Nailed it. It's all working as far as I can tell. Amazing work!! 🥇

@Strontium commented on GitHub (Dec 22, 2025): Nailed it. It's all working as far as I can tell. Amazing work!! 🥇

adam commented 2025-12-29 14:25:30 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Dec 22, 2025):

Great. Remember to switch back to latest on next release!

@yusing commented on GitHub (Dec 22, 2025): Great. Remember to switch back to `latest` on next release!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

compat

feat/agent-stream

dev

main-backup

feat/custom-json-marshaling

feat/non-root-non-host-mode

v0.24.0

v0.23.1

v0.23.0

v0.22.1

v0.22.0

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.14

v0.20.13

v0.20.12

v0.20.11

v0.20.10

v0.20.9

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.6

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.0-pathfix

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.9

v0.11.8

v0.11.7

v0.11.6-buildfix

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2-2

v0.11.2-1

v0.11.2

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.10

v0.9.9-1

v0.9.9

v0.9.8

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4-1

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.1

0.8.0

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4-1

0.6.4

0.6.3

0.6.2

0.6.1

0.6

0.6-rp1

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.5.0-rc6

0.5.0-rc5

0.5.0-rc4

0.5.0-rc3

0.5.0-rc2

0.5.0-rc1

0.5.0-beta3

0.5.0-beta2

0.5.0-beta

0.4.8-1

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3

0.2.2

0.2.1

0.2-alpha

0.1-stable

Labels

Clear labels

bug

enhancement

pull-request

Mirrored from GitHub Pull Request

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/godoxy-yusing#126