missing state cookie #68

New Issue

Closed

opened 2025-12-29 09:22:30 +01:00 by adam · 31 comments

adam commented 2025-12-29 09:22:30 +01:00

Owner

Copy Link

Originally created by @gilbrotheraway on GitHub (May 10, 2025).

after updates i'm having the same issue as https://github.com/yusing/godoxy/issues/82
tried it on 3 browsers with privacy/blocking off, cleaned the cookies etc

on the phone it just loops back to authentication page

i noticed this line was removed from the .env so i took it out but same thing
GODOXY_OIDC_REDIRECT_URL=

and yes i'm setting https in the browser, pocket-id OIDC env url, OIDC client settings etc

Originally created by @gilbrotheraway on GitHub (May 10, 2025). after updates i'm having the same issue as https://github.com/yusing/godoxy/issues/82 tried it on 3 browsers with privacy/blocking off, cleaned the cookies etc on the phone it just loops back to authentication page i noticed this line was removed from the .env so i took it out but same thing GODOXY_OIDC_REDIRECT_URL= and yes i'm setting https in the browser, pocket-id OIDC env url, OIDC client settings etc

adam closed this issue 2025-12-29 09:22:30 +01:00

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 11, 2025):

See if it's fixed in the latest release (v0.13.0).

@yusing commented on GitHub (May 11, 2025): See if it's fixed in the latest release (v0.13.0).

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 12, 2025):

See if it's fixed in the latest release (v0.13.0).

no, on hoarder i get:
404
This page could not be found.

on the frontend:
HTTP Error 401
missing oauth token

image 13.1

@gilbrotheraway commented on GitHub (May 12, 2025): > See if it's fixed in the latest release (v0.13.0). no, on hoarder i get: 404 This page could not be found. on the frontend: HTTP Error 401 missing oauth token image 13.1

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 12, 2025):

Pull frontend again and check if it's latest, I've pushed some fixes on the same version

@yusing commented on GitHub (May 12, 2025): Pull frontend again and check if it's latest, I've pushed some fixes on the same version

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 12, 2025):

on hoarder i get 404

I'm sure this is not an error from godoxy, make sure you've picked the correct port

@yusing commented on GitHub (May 12, 2025): > on hoarder i get 404 I'm sure this is not an error from godoxy, make sure you've picked the correct port

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 12, 2025):

on hoarder i get 404

I'm sure this is not an error from godoxy, make sure you've picked the correct port

in case of hoarder it tries to log in then redirects to https://hoarder.domain.com:8443/auth/callback?code=******
which shows the cited error

the front end just errors straight away

I'm on latest everything

@gilbrotheraway commented on GitHub (May 12, 2025): > > on hoarder i get 404 > > I'm sure this is not an error from godoxy, make sure you've picked the correct port in case of hoarder it tries to log in then redirects to https://hoarder.domain.com:8443/auth/callback?code=****** which shows the cited error the front end just errors straight away I'm on latest everything

adam commented 2025-12-29 09:22:31 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 12, 2025):

do we need to add oidc.middleware to front-end labels or entry point now
edit: other apps are working just hoarder and frontend not yet

@gilbrotheraway commented on GitHub (May 12, 2025): do we need to add oidc.middleware to front-end labels or entry point now edit: other apps are working just hoarder and frontend not yet

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 12, 2025):

No we don't, but now I wanna give up on the native OIDC and just use the OIDC middleware. Try adding that and see if the issue is gone

@yusing commented on GitHub (May 12, 2025): No we don't, but now I wanna give up on the native OIDC and just use the OIDC middleware. Try adding that and see if the issue is gone

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 12, 2025):

jellyfin/jellyseer also not working

edit: the apps all work it's just the redirect callback url that 404's when i manually add hoarder/dashboard it takes me to the page

calibre stack redirects properly
frontend still not working

No we don't, but now I wanna give up on the native OIDC and just use the OIDC middleware. Try adding that and see if the issue is gone

what do you mean?

@gilbrotheraway commented on GitHub (May 12, 2025): jellyfin/jellyseer also not working edit: the apps all work it's just the redirect callback url that 404's when i manually add hoarder/dashboard it takes me to the page calibre stack redirects properly frontend still not working > No we don't, but now I wanna give up on the native OIDC and just use the OIDC middleware. Try adding that and see if the issue is gone what do you mean?

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 12, 2025):

I mean you can try adding the oidc middleware to the frontend.

@yusing commented on GitHub (May 12, 2025): I mean you can try adding the oidc middleware to the frontend.

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 22, 2025):

Could you explain more on this error? Is it still happening?

@yusing commented on GitHub (May 22, 2025): Could you explain more on this error? Is it still happening?

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 23, 2025):

Could you explain more on this error? Is it still happening?

i gave up, updates going too fast etc

let me try again with the new packages

edit: getting this error now, both containers running, do i need to put pocketid behind the socket proxy or something?

error="failed to initialize OIDC provider: Get \"https://ttfyhhu.com:8553/.well-known/openid-configuration\": context deadline exceeded"

this is the compose file

---
services:
  socket-proxy:
    container_name: socket-proxy
    image: ghcr.io/yusing/socket-proxy:latest
    environment:
      - ALLOW_START=1
      - ALLOW_STOP=1
      - ALLOW_RESTARTS=1
      - CONTAINERS=1
      - EVENTS=1
      - INFO=1
      - PING=1
      - POST=1
      - VERSION=1
    volumes:
      - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
    restart: unless-stopped
    tmpfs:
      - /run
    ports:
      - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375
  frontend:
    image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}
    container_name: godoxy-frontend
    restart: unless-stopped
    network_mode: host # do not change this
    env_file: godoxy-reverse-proxy.env
    user: ${GODOXY_UID:-1111}:${GODOXY_GID:-1111}
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    depends_on:
      - app
    environment:
      TZ: ${TIME_ZONE_VALUE}
      HOSTNAME: 127.0.0.1
      PORT: ${GODOXY_FRONTEND_PORT:-3000}
    labels:
      proxy.idle_timeout: 1h
      proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy}
      proxy.#1.port: ${GODOXY_FRONTEND_PORT:-3000}
      # proxy.#1.middlewares.cidr_whitelist: |
      #   status: 403
      #   message: IP not allowed
      #   allow:
      #     - 127.0.0.1
      #     - 10.0.0.0/8
      #     - 192.168.0.0/16
      #     - 172.16.0.0/12
      # proxy.#1.godoxy.middlewares.cloudflare_real_ip:
  #    proxy.#1.middlewares.real_ip.header: X-Real-IP
  #    proxy.#1.middlewares.real_ip.from: |
 #       - 127.0.0.1
   #     - 192.168.0.0/16
  #      - 10.0.0.0/8

  app:
    image: ghcr.io/yusing/godoxy:${TAG:-latest}
    container_name: godoxy
    restart: always
    network_mode: host # do not change this
    env_file: godoxy-reverse-proxy.env
    user: ${GODOXY_UID:-1111}:${GODOXY_GID:-1111}
    depends_on:
      socket-proxy:
        condition: service_started
      pocket-id:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    cap_add:
      - NET_BIND_SERVICE
    environment:
      - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}
    volumes:
      - ./config:/app/config
      - ./logs:/app/logs
      - ./error_pages:/app/error_pages:ro
      - ./data:/app/data

      # To use autocert, certs will be stored in "./certs".
      # You can also use a docker volume to store it
      - ./certs:/app/certs

      # remove "./certs:/app/certs" and uncomment below to use existing certificate
      # - /path/to/certs/cert.crt:/app/certs/cert.crt
      # - /path/to/certs/priv.key:/app/certs/priv.key
  pocket-id:
    labels:
      proxy.oidc.middlewares.redirect_http:
      proxy.oidc.scheme: http
    container_name: oidc
    image: ghcr.io/pocket-id/pocket-id
    restart: unless-stopped
    ports:
      - 3838:80
    env_file: godoxy-reverse-proxy.env
    volumes:
      - ${PATH_TO_APPDATA}/pocket-id/data:/app/backend/data
    # Optional healthcheck  
    healthcheck:
      test: "curl -f http://localhost/health"
      interval: 1m30s
      timeout: 5s
      retries: 3
      start_period: 10s

@gilbrotheraway commented on GitHub (May 23, 2025): > Could you explain more on this error? Is it still happening? i gave up, updates going too fast etc let me try again with the new packages edit: getting this error now, both containers running, do i need to put pocketid behind the socket proxy or something? `error="failed to initialize OIDC provider: Get \"https://ttfyhhu.com:8553/.well-known/openid-configuration\": context deadline exceeded"` this is the compose file ``` --- services: socket-proxy: container_name: socket-proxy image: ghcr.io/yusing/socket-proxy:latest environment: - ALLOW_START=1 - ALLOW_STOP=1 - ALLOW_RESTARTS=1 - CONTAINERS=1 - EVENTS=1 - INFO=1 - PING=1 - POST=1 - VERSION=1 volumes: - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock restart: unless-stopped tmpfs: - /run ports: - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375 frontend: image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest} container_name: godoxy-frontend restart: unless-stopped network_mode: host # do not change this env_file: godoxy-reverse-proxy.env user: ${GODOXY_UID:-1111}:${GODOXY_GID:-1111} read_only: true security_opt: - no-new-privileges:true cap_drop: - all depends_on: - app environment: TZ: ${TIME_ZONE_VALUE} HOSTNAME: 127.0.0.1 PORT: ${GODOXY_FRONTEND_PORT:-3000} labels: proxy.idle_timeout: 1h proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy} proxy.#1.port: ${GODOXY_FRONTEND_PORT:-3000} # proxy.#1.middlewares.cidr_whitelist: | # status: 403 # message: IP not allowed # allow: # - 127.0.0.1 # - 10.0.0.0/8 # - 192.168.0.0/16 # - 172.16.0.0/12 # proxy.#1.godoxy.middlewares.cloudflare_real_ip: # proxy.#1.middlewares.real_ip.header: X-Real-IP # proxy.#1.middlewares.real_ip.from: | # - 127.0.0.1 # - 192.168.0.0/16 # - 10.0.0.0/8 app: image: ghcr.io/yusing/godoxy:${TAG:-latest} container_name: godoxy restart: always network_mode: host # do not change this env_file: godoxy-reverse-proxy.env user: ${GODOXY_UID:-1111}:${GODOXY_GID:-1111} depends_on: socket-proxy: condition: service_started pocket-id: condition: service_healthy security_opt: - no-new-privileges:true cap_drop: - all cap_add: - NET_BIND_SERVICE environment: - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375} volumes: - ./config:/app/config - ./logs:/app/logs - ./error_pages:/app/error_pages:ro - ./data:/app/data # To use autocert, certs will be stored in "./certs". # You can also use a docker volume to store it - ./certs:/app/certs # remove "./certs:/app/certs" and uncomment below to use existing certificate # - /path/to/certs/cert.crt:/app/certs/cert.crt # - /path/to/certs/priv.key:/app/certs/priv.key pocket-id: labels: proxy.oidc.middlewares.redirect_http: proxy.oidc.scheme: http container_name: oidc image: ghcr.io/pocket-id/pocket-id restart: unless-stopped ports: - 3838:80 env_file: godoxy-reverse-proxy.env volumes: - ${PATH_TO_APPDATA}/pocket-id/data:/app/backend/data # Optional healthcheck healthcheck: test: "curl -f http://localhost/health" interval: 1m30s timeout: 5s retries: 3 start_period: 10s ```

adam commented 2025-12-29 09:22:32 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 23, 2025):

i just tried without oidc and nothing works either, debug is enabled but nothing shows up

05-22 23:28 ??? http: TLS handshake error from someip:port:

@gilbrotheraway commented on GitHub (May 23, 2025): i just tried without oidc and nothing works either, debug is enabled but nothing shows up 05-22 23:28 ??? http: TLS handshake error from someip:port:

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 23, 2025):

Could you verify that GoDoxy is listening HTTPS on :8553? Check GODOXY_HTTP_ADDR.

For Pocket ID, add this label:

proxy.oidc.port: 80

@yusing commented on GitHub (May 23, 2025): Could you verify that GoDoxy is listening HTTPS on `:8553`? Check `GODOXY_HTTP_ADDR`. For Pocket ID, add this label: `proxy.oidc.port: 80`

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 23, 2025):

What do you mean by nothing works?

@yusing commented on GitHub (May 23, 2025): What do you mean by nothing works?

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 23, 2025):

i mean ever since you came up with your socket-proxy container, godoxy stopped working for me, not sure if being behind ISP restrictions on port 443 has something to do with it, but before the updates i was able to utilize domain:8443 instead, now it's hopeless I can't access anything

@gilbrotheraway commented on GitHub (May 23, 2025): i mean ever since you came up with your socket-proxy container, godoxy stopped working for me, not sure if being behind ISP restrictions on port 443 has something to do with it, but before the updates i was able to utilize domain:8443 instead, now it's hopeless I can't access anything

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 23, 2025):

Try with a fresh setup?

@yusing commented on GitHub (May 23, 2025): Try with a fresh setup?

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 23, 2025):

Could you verify that GoDoxy is listening HTTPS on :8553? Check GODOXY_HTTP_ADDR.

For Pocket ID, add this label:

proxy.oidc.port: 80

8553 is the external https port, i forward it to internal 443 because the router restricts port forwarding on 443
I don't forward http port because we're using dns challenge for wildcard domain so it shouldn't be needed, is my assumption wrong?

@gilbrotheraway commented on GitHub (May 23, 2025): > Could you verify that GoDoxy is listening HTTPS on `:8553`? Check `GODOXY_HTTP_ADDR`. > > For Pocket ID, add this label: > > `proxy.oidc.port: 80` 8553 is the external https port, i forward it to internal 443 because the router restricts port forwarding on 443 I don't forward http port because we're using dns challenge for wildcard domain so it shouldn't be needed, is my assumption wrong?

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 23, 2025):

Try with a fresh setup?

tried with the script bare install no oidc, can't access frontend or any service

@gilbrotheraway commented on GitHub (May 23, 2025): > Try with a fresh setup? tried with the script bare install no oidc, can't access frontend or any service

adam commented 2025-12-29 09:22:33 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 23, 2025):

Try with a fresh setup?

tried with the script bare install no oidc, can't access frontend or any service

Does the log show something like this?

05-23 22:31 INF server started addr=:443 proto=h3 server=proxy
05-23 22:31 INF server started addr=:80 proto=http server=proxy
05-23 22:31 INF server started addr=:443 proto=https server=proxy
05-23 22:31 INF server started addr=127.0.0.1:8888 proto=http server=api

@yusing commented on GitHub (May 23, 2025): > > Try with a fresh setup? > > tried with the script bare install no oidc, can't access frontend or any service Does the log show something like this? ```plain 05-23 22:31 INF server started addr=:443 proto=h3 server=proxy 05-23 22:31 INF server started addr=:80 proto=http server=proxy 05-23 22:31 INF server started addr=:443 proto=https server=proxy 05-23 22:31 INF server started addr=127.0.0.1:8888 proto=http server=api ```

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 26, 2025):

Try with a fresh setup?

tried with the script bare install no oidc, can't access frontend or any service

Does the log show something like this?

05-23 22:31 INF server started addr=:443 proto=h3 server=proxy
05-23 22:31 INF server started addr=:80 proto=http server=proxy
05-23 22:31 INF server started addr=:443 proto=https server=proxy
05-23 22:31 INF server started addr=127.0.0.1:8888 proto=http server=api

nope

@gilbrotheraway commented on GitHub (May 26, 2025): > > > Try with a fresh setup? > > > > > > tried with the script bare install no oidc, can't access frontend or any service > > Does the log show something like this? > > ``` > 05-23 22:31 INF server started addr=:443 proto=h3 server=proxy > 05-23 22:31 INF server started addr=:80 proto=http server=proxy > 05-23 22:31 INF server started addr=:443 proto=https server=proxy > 05-23 22:31 INF server started addr=127.0.0.1:8888 proto=http server=api > ``` nope

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 27, 2025):

Could you copy the full output from GoDoxy so it's easier for me to find out what happened.

@yusing commented on GitHub (May 27, 2025): Could you copy the full output from GoDoxy so it's easier for me to find out what happened.

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

Could you copy the full output from GoDoxy so it's easier for me to find out what happened.

ok i updated everything and now it shows:

05-28 08:08 INF next renewal in 23 days, 5 hours and 25 minutes
05-28 08:08 INF certificate expire on 07-20 16:34:19
05-28 08:08 INF idlewatcher started container=godoxy-frontend provider=docker
05-28 08:08 INF http_routes: added godoxy
05-28 08:08 INF http_routes: added autentication
05-28 08:08 INF idlewatcher started container=open-webui provider=docker
05-28 08:08 WRN service went down name=http.autentication
05-28 08:08 INF http_routes: added open-webui
05-28 08:08 INF http_routes: added notas
05-28 08:08 INF idlewatcher started container=convertx provider=docker
05-28 08:08 INF http_routes: added convertx
05-28 08:08 INF idlewatcher started container=hoarder provider=docker
05-28 08:08 INF http_routes: added hoarder
05-28 08:08 INF server started addr=:8443 proto=h3 server=proxy
05-28 08:08 INF server started addr=:80 proto=http server=proxy
05-28 08:08 INF server started addr=:8443 proto=https server=proxy
05-28 08:08 FTL failed to initialize authentication error="failed to initialize OIDC provider: Get \"https://autentication.domain.com:8443/.well-known/openid-configuration\": dial tcp myipxxxxx:8443: connect: connection refused"
Container stopped

@gilbrotheraway commented on GitHub (May 28, 2025): > Could you copy the full output from GoDoxy so it's easier for me to find out what happened. ok i updated everything and now it shows: ``` 05-28 08:08 INF next renewal in 23 days, 5 hours and 25 minutes 05-28 08:08 INF certificate expire on 07-20 16:34:19 05-28 08:08 INF idlewatcher started container=godoxy-frontend provider=docker 05-28 08:08 INF http_routes: added godoxy 05-28 08:08 INF http_routes: added autentication 05-28 08:08 INF idlewatcher started container=open-webui provider=docker 05-28 08:08 WRN service went down name=http.autentication 05-28 08:08 INF http_routes: added open-webui 05-28 08:08 INF http_routes: added notas 05-28 08:08 INF idlewatcher started container=convertx provider=docker 05-28 08:08 INF http_routes: added convertx 05-28 08:08 INF idlewatcher started container=hoarder provider=docker 05-28 08:08 INF http_routes: added hoarder 05-28 08:08 INF server started addr=:8443 proto=h3 server=proxy 05-28 08:08 INF server started addr=:80 proto=http server=proxy 05-28 08:08 INF server started addr=:8443 proto=https server=proxy 05-28 08:08 FTL failed to initialize authentication error="failed to initialize OIDC provider: Get \"https://autentication.domain.com:8443/.well-known/openid-configuration\": dial tcp myipxxxxx:8443: connect: connection refused" Container stopped ```

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

here on> dial tcp myipxxxxx:8443

is this supposed to be my external address?

i enabled debug logs on pocket-id and theres nothing either

Creating group 1000...
Creating user 1000...
2025/05/28 08:27:38 Starting job scheduler
2025/05/28 08:27:38 Server listening on 0.0.0.0:1411
2025/05/28 08:27:38 Updating GeoLite2 City database
2025/05/28 08:27:38 Job "SyncLdap" run successfully
2025/05/28 08:27:39 Job "SendHeartbeat" run successfully
2025/05/28 08:27:40 GeoLite2 City database successfully updated.
2025/05/28 08:27:40 Job "UpdateGeoLiteDB" run successfully

@gilbrotheraway commented on GitHub (May 28, 2025): here on> `dial tcp myipxxxxx:8443` is this supposed to be my external address? i enabled debug logs on pocket-id and theres nothing either ``` Creating group 1000... Creating user 1000... 2025/05/28 08:27:38 Starting job scheduler 2025/05/28 08:27:38 Server listening on 0.0.0.0:1411 2025/05/28 08:27:38 Updating GeoLite2 City database 2025/05/28 08:27:38 Job "SyncLdap" run successfully 2025/05/28 08:27:39 Job "SendHeartbeat" run successfully 2025/05/28 08:27:40 GeoLite2 City database successfully updated. 2025/05/28 08:27:40 Job "UpdateGeoLiteDB" run successfully ```

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 28, 2025):

service went down name=http.autentication

GoDoxy was unable to connect to your pocket-id, add proxy.autentication.port: 1411 and see if it's gone

dial tcp myipxxxxx:8443: connect: connection refused

Is the ip GoDoxy's IP? Make sure you don't have network_mode: host removed and have correct DNS config

@yusing commented on GitHub (May 28, 2025): > service went down name=http.autentication GoDoxy was unable to connect to your pocket-id, add `proxy.autentication.port: 1411` and see if it's gone > dial tcp myipxxxxx:8443: connect: connection refused Is the ip GoDoxy's IP? Make sure you don't have `network_mode: host` removed and have correct DNS config

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

service went down name=http.autentication

GoDoxy was unable to connect to your pocket-id, add proxy.autentication.port: 1411 and see if it's gone

tried it, same issue
it only needs that port open on internal network right?

dial tcp myipxxxxx:8443: connect: connection refused

Is the ip GoDoxy's IP?

it is an ip starting with 179.98.xxxx i guess itś an internal docker address??

Make sure you don't have network_mode: host removed and have correct DNS config

sure, do i need networkmode=host on oidc container also

@gilbrotheraway commented on GitHub (May 28, 2025): > > service went down name=http.autentication > > GoDoxy was unable to connect to your pocket-id, add `proxy.autentication.port: 1411` and see if it's gone tried it, same issue it only needs that port open on internal network right? > > dial tcp myipxxxxx:8443: connect: connection refused > > Is the ip GoDoxy's IP? it is an ip starting with 179.98.xxxx i guess itś an internal docker address?? >Make sure you don't have `network_mode: host` removed and have correct DNS config sure, do i need networkmode=host on oidc container also

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 28, 2025):

i guess itś an internal docker address

No, it's not. If you don't recognize the IP address, you have wrong DNS configuration. Make sure *.domain.com is pointing to GoDoxy

@yusing commented on GitHub (May 28, 2025): > i guess itś an internal docker address No, it's not. If you don't recognize the IP address, you have wrong DNS configuration. Make sure `*.domain.com` is pointing to GoDoxy

adam commented 2025-12-29 09:22:34 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

i guess itś an internal docker address

No, it's not. If you don't recognize the IP address, you have wrong DNS configuration. Make sure *.domain.com is pointing to GoDoxy

i have the cname pointing to godoxy with cloudflare proxy disabled if thats what you mean
edit: for some reason my ddns was not being updated, fixed now, give me a few minutes for dns to propagate
edit2:

INF server started addr=:8443 proto=https server=proxy
05-28 08:56 INF cloudflare CIDR range updated
05-28 08:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: oidc: issuer did not match the issuer returned by provider, expected \"https://autentication.somedomain.com:8443\" got \"http://localhost:1411\""

on proxy.autentication.port: 80

ERR http proxy error error="dial tcp 172.28.0.3:80: connect: connection refused" url=autentication.somedomain.com:8443/.well-known/openid-configuration
05-28 08:59 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable."
Container stopped

172.28.0.3:80 is internal network right

should i change GODOXY_OIDC_ISSUER_URL= from externl domain to localhost??

FTL failed to initialize authentication error="failed to initialize OIDC provider: Get \"http://localhost:1411/.well-known/openid-configuration\": dial tcp [::1]:1411: connect: connection refused"
Container stopped

nope

@gilbrotheraway commented on GitHub (May 28, 2025): > > i guess itś an internal docker address > > No, it's not. If you don't recognize the IP address, you have wrong DNS configuration. Make sure `*.domain.com` is pointing to GoDoxy i have the cname pointing to godoxy with cloudflare proxy disabled if thats what you mean edit: for some reason my ddns was not being updated, fixed now, give me a few minutes for dns to propagate edit2: ``` INF server started addr=:8443 proto=https server=proxy 05-28 08:56 INF cloudflare CIDR range updated 05-28 08:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: oidc: issuer did not match the issuer returned by provider, expected \"https://autentication.somedomain.com:8443\" got \"http://localhost:1411\"" ``` on proxy.autentication.port: 80 ``` ERR http proxy error error="dial tcp 172.28.0.3:80: connect: connection refused" url=autentication.somedomain.com:8443/.well-known/openid-configuration 05-28 08:59 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable." Container stopped ``` **172.28.0.3**:80 is internal network right should i change `GODOXY_OIDC_ISSUER_URL=` from externl domain to localhost?? ``` FTL failed to initialize authentication error="failed to initialize OIDC provider: Get \"http://localhost:1411/.well-known/openid-configuration\": dial tcp [::1]:1411: connect: connection refused" Container stopped ``` nope

adam commented 2025-12-29 09:22:35 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 28, 2025):

should i change GODOXY_OIDC_ISSUER_URL= from externl domain to localhost??

Definitely not

on proxy.autentication.port: 80

Are you sure you have the proxy.autentication.port: 1411 label? From the log I see it's still connecting to port 80.

@yusing commented on GitHub (May 28, 2025): > should i change GODOXY_OIDC_ISSUER_URL= from externl domain to localhost?? Definitely not > on proxy.autentication.port: 80 Are you sure you have the `proxy.autentication.port: 1411` label? From the log I see it's still connecting to port 80.

adam commented 2025-12-29 09:22:35 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

on proxy.autentication.port: 80

Are you sure you have the proxy.autentication.port: 1411 label? From the log I see it's still connecting to port 80.

yes, first log on my previous comment

INF server started addr=:8443 proto=https server=proxy
05-28 08:56 INF cloudflare CIDR range updated
05-28 08:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: oidc: issuer did not match the issuer returned by provider, expected \"https://autentication.somedomain.com:8443\" got \"http://localhost:1411\""

@gilbrotheraway commented on GitHub (May 28, 2025): > > > on proxy.autentication.port: 80 > > Are you sure you have the `proxy.autentication.port: 1411` label? From the log I see it's still connecting to port 80. yes, first log on my previous comment ``` INF server started addr=:8443 proto=https server=proxy 05-28 08:56 INF cloudflare CIDR range updated 05-28 08:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: oidc: issuer did not match the issuer returned by provider, expected \"https://autentication.somedomain.com:8443\" got \"http://localhost:1411\"" ```

adam commented 2025-12-29 09:22:35 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (May 28, 2025):

Like I said in last reply. The url should not be localhost:port.

Try this: add extra_hosts to docker compose and point the domain to 127.0.0.1 instead.

services:
  container: godoxy
  ...
   extra_hosts:
     - authentication.domain.com:127.0.0.1

@yusing commented on GitHub (May 28, 2025): Like I said in last reply. The url should not be localhost:port. Try this: add `extra_hosts` to docker compose and point the domain to `127.0.0.1` instead. ```yaml services: container: godoxy ... extra_hosts: - authentication.domain.com:127.0.0.1 ```

adam commented 2025-12-29 09:22:35 +01:00

Author

Owner

Copy Link

@gilbrotheraway commented on GitHub (May 28, 2025):

Like I said in last reply. The url should not be localhost:port.

it was not set to localhost

Try this: add extra_hosts to docker compose and point the domain to 127.0.0.1 instead.

services:
container: godoxy
...
extra_hosts:
- authentication.domain.com:127.0.0.1

same shit

05-28 11:56 ERR http proxy error error="dial tcp 172.28.0.3:80: connect: connection refused" url=autentication.mydomain.com:8443/.well-known/openid-configuration
05-28 11:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable."
Container stopped

@gilbrotheraway commented on GitHub (May 28, 2025): > Like I said in last reply. The url should not be localhost:port. it was not set to localhost > Try this: add `extra_hosts` to docker compose and point the domain to `127.0.0.1` instead. > > services: > container: godoxy > ... > extra_hosts: > - authentication.domain.com:127.0.0.1 same shit ``` 05-28 11:56 ERR http proxy error error="dial tcp 172.28.0.3:80: connect: connection refused" url=autentication.mydomain.com:8443/.well-known/openid-configuration 05-28 11:56 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable." Container stopped ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

compat

feat/agent-stream

dev

main-backup

feat/custom-json-marshaling

feat/non-root-non-host-mode

v0.24.0

v0.23.1

v0.23.0

v0.22.1

v0.22.0

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.14

v0.20.13

v0.20.12

v0.20.11

v0.20.10

v0.20.9

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.6

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.0-pathfix

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.9

v0.11.8

v0.11.7

v0.11.6-buildfix

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2-2

v0.11.2-1

v0.11.2

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.10

v0.9.9-1

v0.9.9

v0.9.8

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4-1

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.1

0.8.0

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4-1

0.6.4

0.6.3

0.6.2

0.6.1

0.6

0.6-rp1

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.5.0-rc6

0.5.0-rc5

0.5.0-rc4

0.5.0-rc3

0.5.0-rc2

0.5.0-rc1

0.5.0-beta3

0.5.0-beta2

0.5.0-beta

0.4.8-1

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3

0.2.2

0.2.1

0.2-alpha

0.1-stable

Labels

Clear labels

bug

enhancement

pull-request

Mirrored from GitHub Pull Request

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/godoxy#68