🐛 Bug Report: something broke recently #191

New Issue

Closed

opened 2025-10-07 00:05:23 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2025-10-07 00:05:23 +03:00

Owner

Copy Link

Originally created by @gilbrotheraway on GitHub.

Reproduction steps

please help me making this work

--
services:
  socket-proxy:
    container_name: socket-proxy
    image: ghcr.io/yusing/socket-proxy:latest
    environment:
      - ALLOW_START=1
      - ALLOW_STOP=1
      - ALLOW_RESTARTS=1
      - CONTAINERS=1
      - EVENTS=1
      - INFO=1
      - PING=1
      - POST=1
      - VERSION=1
    volumes:
      - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
    restart: unless-stopped
    tmpfs:
      - /run
    ports:
      - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375
  frontend:
    image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}
    container_name: godoxy-frontend
    restart: unless-stopped
    network_mode: host # do not change this
    env_file: godoxy-reverse-proxy.env
    user: ${GODOXY_UID:-1016}:${GODOXY_GID:-1016}
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    depends_on:
      - app
    environment:
      TZ: ${TIME_ZONE_VALUE}
      HOSTNAME: 127.0.0.1
      PORT: ${GODOXY_FRONTEND_PORT:-3000}
    labels:
      proxy.idle_timeout: 1h
      proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy}
      proxy.#1.port: ${GODOXY_FRONTEND_PORT:-3000}
      # proxy.#1.middlewares.cidr_whitelist: |
      #   status: 403
      #   message: IP not allowed
      #   allow:
      #     - 127.0.0.1
      #     - 10.0.0.0/8
      #     - 192.168.0.0/16
      #     - 172.16.0.0/12
      # proxy.#1.godoxy.middlewares.cloudflare_real_ip:
  #    proxy.#1.middlewares.real_ip.header: X-Real-IP
  #    proxy.#1.middlewares.real_ip.from: |
 #       - 127.0.0.1
   #     - 192.168.0.0/16
  #      - 10.0.0.0/8

  app:
    image: ghcr.io/yusing/godoxy:${TAG:-latest}
    container_name: godoxy
    extra_hosts:
      - authentication.domain.com:127.0.0.1
    restart: always
    network_mode: host # do not change this
    env_file: godoxy-reverse-proxy.env
    user: ${GODOXY_UID:-1016}:${GODOXY_GID:-1016}
    depends_on:
      socket-proxy:
        condition: service_started
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    cap_add:
      - NET_BIND_SERVICE
    environment:
      - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}
    volumes:
      - ./config:/app/config
      - ./logs:/app/logs
      - ./error_pages:/app/error_pages:ro
      - ./data:/app/data

      # To use autocert, certs will be stored in "./certs".
      # You can also use a docker volume to store it
      - ./certs:/app/certs

      # remove "./certs:/app/certs" and uncomment below to use existing certificate
      # - /path/to/certs/cert.crt:/app/certs/cert.crt
      # - /path/to/certs/priv.key:/app/certs/priv.key
  pocket-id:
    labels:
 #     proxy.autentication.homepage.show: true
      proxy.autentication.middlewares.redirect_http:
      proxy.autentication.scheme: http
      proxy.autentication.port: 80
    container_name: autentication
    image: ghcr.io/pocket-id/pocket-id
    restart: unless-stopped

    env_file: godoxy-reverse-proxy.env
    volumes:
      - ${PATH_TO_APPDATA}/pocket-id/data:/app/backend/data
    # Optional healthcheck  
    healthcheck:
      test: "curl -f http://localhost/health"
      interval: 1m30s
      timeout: 5s
      retries: 3
      start_period: 10s

env

# docker image tag (latest, nightly)
TAG=latest

# set timezone to get correct log timestamp
TZ="America/Sao_Paulo"

# container uid and gid (must match the owner of mounted directories)
GODOXY_UID=1016
GODOXY_GID=1016

# API JWT Configuration (common)
# generate secret with `openssl rand -base64 32`
GODOXY_API_JWT_SECURE=true
GODOXY_API_JWT_SECRET="redacted"
# the JWT token time-to-live
# leave empty to use default (24 hours)
# format: https://pkg.go.dev/time#Duration
GODOXY_API_JWT_TOKEN_TTL=

# API/WebUI user password login credentials (optional)
# These fields are not required for OIDC authentication
GODOXY_API_USER="admin"
GODOXY_API_PASSWORD="redacted"

# OIDC Configuration (optional)
# Uncomment and configure these values to enable OIDC authentication.
#
GODOXY_OIDC_ISSUER_URL=https://autentication.redacted.com:8443 #https://accounts.google.com
GODOXY_OIDC_CLIENT_ID=redacted 
GODOXY_OIDC_CLIENT_SECRET=redacted 
GODOXY_OIDC_SCOPES=openid , profile #, email, groups # you may also include `offline_access` if your Idp supports it (e.g. Authentik, Pocket ID)

# User definitions: Uncomment and configure these values to restrict access to specific users or groups.
# These two fields act as a logical AND operator. For example, given the following membership:
#   user1, group1
#   user2, group1
#   user3, group2
#   user1, group2
# You can allow access to user3 AND all users of group1 by providing:
GODOXY_OIDC_ALLOWED_USERS=admin
#   # GODOXY_OIDC_ALLOWED_GROUPS=group1
#
# Comma-separated list of allowed users.
# GODOXY_OIDC_ALLOWED_USERS=user1,user2
# Optional: Comma-separated list of allowed groups.
# GODOXY_OIDC_ALLOWED_GROUPS=group1,group2

# Proxy listening address
GODOXY_HTTP_ADDR=:80
GODOXY_HTTPS_ADDR=:8443

# Enable HTTP3
GODOXY_HTTP3_ENABLED=true

# API listening address
GODOXY_API_ADDR=127.0.0.1:8888


# Docker socket
# /var/run/podman/podman.sock for podman
DOCKER_SOCKET=/var/run/docker.sock
SOCKET_PROXY_LISTEN_ADDR=127.0.0.1:2375

# Debug mode
GODOXY_DEBUG=true
LOG_LEVEL=debug
#################
### POCKET ID ###
#################
# See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables
PUBLIC_UI_CONFIG_DISABLED=true
PUBLIC_APP_URL=https://autentication.redacted.com:8443
TRUST_PROXY=true
PUID=1000
PGID=1000
EMAIL_LOGIN_NOTIFICATION_ENABLED=true
EMAIL_ONE_TIME_ACCESS_ENABLED=false
#CADDY_DISABLED=true
LOG_LEVEL=debug

Expected behavior

work as before

Actual Behavior

05-30 21:36 ERR http proxy error error="dial tcp 172.28.0.2:80: connect: connection refused" url=autentication.redacted.com:8443/.well-known/openid-configuration
05-30 21:36 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable."
Container stopped

Version and Environment

latest everything

Log Output

above

Originally created by @gilbrotheraway on GitHub. ### Reproduction steps please help me making this work ``` -- services: socket-proxy: container_name: socket-proxy image: ghcr.io/yusing/socket-proxy:latest environment: - ALLOW_START=1 - ALLOW_STOP=1 - ALLOW_RESTARTS=1 - CONTAINERS=1 - EVENTS=1 - INFO=1 - PING=1 - POST=1 - VERSION=1 volumes: - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock restart: unless-stopped tmpfs: - /run ports: - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375 frontend: image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest} container_name: godoxy-frontend restart: unless-stopped network_mode: host # do not change this env_file: godoxy-reverse-proxy.env user: ${GODOXY_UID:-1016}:${GODOXY_GID:-1016} read_only: true security_opt: - no-new-privileges:true cap_drop: - all depends_on: - app environment: TZ: ${TIME_ZONE_VALUE} HOSTNAME: 127.0.0.1 PORT: ${GODOXY_FRONTEND_PORT:-3000} labels: proxy.idle_timeout: 1h proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy} proxy.#1.port: ${GODOXY_FRONTEND_PORT:-3000} # proxy.#1.middlewares.cidr_whitelist: | # status: 403 # message: IP not allowed # allow: # - 127.0.0.1 # - 10.0.0.0/8 # - 192.168.0.0/16 # - 172.16.0.0/12 # proxy.#1.godoxy.middlewares.cloudflare_real_ip: # proxy.#1.middlewares.real_ip.header: X-Real-IP # proxy.#1.middlewares.real_ip.from: | # - 127.0.0.1 # - 192.168.0.0/16 # - 10.0.0.0/8 app: image: ghcr.io/yusing/godoxy:${TAG:-latest} container_name: godoxy extra_hosts: - authentication.domain.com:127.0.0.1 restart: always network_mode: host # do not change this env_file: godoxy-reverse-proxy.env user: ${GODOXY_UID:-1016}:${GODOXY_GID:-1016} depends_on: socket-proxy: condition: service_started security_opt: - no-new-privileges:true cap_drop: - all cap_add: - NET_BIND_SERVICE environment: - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375} volumes: - ./config:/app/config - ./logs:/app/logs - ./error_pages:/app/error_pages:ro - ./data:/app/data # To use autocert, certs will be stored in "./certs". # You can also use a docker volume to store it - ./certs:/app/certs # remove "./certs:/app/certs" and uncomment below to use existing certificate # - /path/to/certs/cert.crt:/app/certs/cert.crt # - /path/to/certs/priv.key:/app/certs/priv.key pocket-id: labels: # proxy.autentication.homepage.show: true proxy.autentication.middlewares.redirect_http: proxy.autentication.scheme: http proxy.autentication.port: 80 container_name: autentication image: ghcr.io/pocket-id/pocket-id restart: unless-stopped env_file: godoxy-reverse-proxy.env volumes: - ${PATH_TO_APPDATA}/pocket-id/data:/app/backend/data # Optional healthcheck healthcheck: test: "curl -f http://localhost/health" interval: 1m30s timeout: 5s retries: 3 start_period: 10s ``` # env ``` # docker image tag (latest, nightly) TAG=latest # set timezone to get correct log timestamp TZ="America/Sao_Paulo" # container uid and gid (must match the owner of mounted directories) GODOXY_UID=1016 GODOXY_GID=1016 # API JWT Configuration (common) # generate secret with `openssl rand -base64 32` GODOXY_API_JWT_SECURE=true GODOXY_API_JWT_SECRET="redacted" # the JWT token time-to-live # leave empty to use default (24 hours) # format: https://pkg.go.dev/time#Duration GODOXY_API_JWT_TOKEN_TTL= # API/WebUI user password login credentials (optional) # These fields are not required for OIDC authentication GODOXY_API_USER="admin" GODOXY_API_PASSWORD="redacted" # OIDC Configuration (optional) # Uncomment and configure these values to enable OIDC authentication. # GODOXY_OIDC_ISSUER_URL=https://autentication.redacted.com:8443 #https://accounts.google.com GODOXY_OIDC_CLIENT_ID=redacted GODOXY_OIDC_CLIENT_SECRET=redacted GODOXY_OIDC_SCOPES=openid , profile #, email, groups # you may also include `offline_access` if your Idp supports it (e.g. Authentik, Pocket ID) # User definitions: Uncomment and configure these values to restrict access to specific users or groups. # These two fields act as a logical AND operator. For example, given the following membership: # user1, group1 # user2, group1 # user3, group2 # user1, group2 # You can allow access to user3 AND all users of group1 by providing: GODOXY_OIDC_ALLOWED_USERS=admin # # GODOXY_OIDC_ALLOWED_GROUPS=group1 # # Comma-separated list of allowed users. # GODOXY_OIDC_ALLOWED_USERS=user1,user2 # Optional: Comma-separated list of allowed groups. # GODOXY_OIDC_ALLOWED_GROUPS=group1,group2 # Proxy listening address GODOXY_HTTP_ADDR=:80 GODOXY_HTTPS_ADDR=:8443 # Enable HTTP3 GODOXY_HTTP3_ENABLED=true # API listening address GODOXY_API_ADDR=127.0.0.1:8888 # Docker socket # /var/run/podman/podman.sock for podman DOCKER_SOCKET=/var/run/docker.sock SOCKET_PROXY_LISTEN_ADDR=127.0.0.1:2375 # Debug mode GODOXY_DEBUG=true LOG_LEVEL=debug ################# ### POCKET ID ### ################# # See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables PUBLIC_UI_CONFIG_DISABLED=true PUBLIC_APP_URL=https://autentication.redacted.com:8443 TRUST_PROXY=true PUID=1000 PGID=1000 EMAIL_LOGIN_NOTIFICATION_ENABLED=true EMAIL_ONE_TIME_ACCESS_ENABLED=false #CADDY_DISABLED=true LOG_LEVEL=debug ``` ### Expected behavior work as before ### Actual Behavior ``` 05-30 21:36 ERR http proxy error error="dial tcp 172.28.0.2:80: connect: connection refused" url=autentication.redacted.com:8443/.well-known/openid-configuration 05-30 21:36 FTL failed to initialize authentication error="failed to initialize OIDC provider: 502 Bad Gateway: Origin server is not reachable." Container stopped ``` ### Version and Environment latest everything ### Log Output above

OVERLORD added the bug label 2025-10-07 00:05:23 +03:00

OVERLORD closed this issue 2025-10-07 00:05:24 +03:00

OVERLORD commented 2025-10-07 00:05:25 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

I'm converting this to a discussion as this isn't directly related or an issue with Pocket ID.

@kmendell commented on GitHub: I'm converting this to a discussion as this isn't directly related or an issue with Pocket ID.

OVERLORD referenced this issue 2025-10-07 00:24:43 +03:00

[PR #191] [MERGED] docs: Add Immich and Headscale client examples #921

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#191