Immich•3y ago

switch from cloudflare + authelia to caddy + authelia

Hello I switched from cloudflare tunnel + authelia to caddy plus authelia and I get login has been disabled.

28 Replies

mariomare22OP•3y ago

after the login disabled message i get here

bo0tzz•3y ago

Can you check the immich-server logs?

mariomare22OP•3y ago

Nest] 1  - 03/10/2023, 10:03:21 AM   ERROR [ExceptionsHandler] getaddrinfo EAI_AGAIN authelia.mydomain.com
Error: getaddrinfo EAI_AGAIN authelia.mydomain.com

Nest] 1  - 03/10/2023, 10:03:21 AM   ERROR [ExceptionsHandler] getaddrinfo EAI_AGAIN authelia.mydomain.com
Error: getaddrinfo EAI_AGAIN authelia.mydomain.com

bo0tzz•3y ago

Immich can't resolve the dns of your Authelia server

mariomare22OP•3y ago

uhmm how come? it's using the same dns as always

bo0tzz•3y ago

I don't know, that'll depend on your setup. Try seeing if the dns resolves from another system, from the docker host, from inside the container etc?

mariomare22OP•3y ago

can ping from caddy container, from host

bo0tzz•3y ago

Are you using just docker-compose, or some other system?

mariomare22OP•3y ago

I am just using docker-compose all containers are inside immich_inet network but immich_proxy is also inside the caddy container network

bo0tzz•3y ago

Can you try a ping from one of the containers in immich_inet?

mariomare22OP•3y ago

it looks like none of the immich stack cannot resolve addresses

bo0tzz•3y ago

Can you share the output of cat /etc/resolv.conf in the immich container and on the host?

mariomare22OP•3y ago

which immich container? immich_proxy

nginx@b9e718aac2ac:/$ cat /etc/resolv.conf 
nameserver 127.0.0.11
options ndots:0
nginx@b9e718aac2ac:/$

nginx@b9e718aac2ac:/$ cat /etc/resolv.conf 
nameserver 127.0.0.11
options ndots:0
nginx@b9e718aac2ac:/$

bo0tzz•3y ago

And on the host?

mariomare22OP•3y ago

pointing to my adguard container so localhost can I reenable the default authentication via cli?

bo0tzz•3y ago

Yes, see https://immich.app/docs/administration/server-commands

Server Commands | Immich

The immich-server docker image comes preinstalled with an administrative CLI (immich) that supports the following commands:

mariomare22OP•3y ago

it's not working immich enable-password-login

bo0tzz•3y ago

Are you running it inside the container?

mariomare22OP•3y ago

yes inside immich-server

bo0tzz•3y ago

What error do you get?

mariomare22OP•3y ago

/usr/src/app # immich enable-password-login Password login has been enabled. /usr/src/app #

bo0tzz•3y ago

Sounds like it worked, no?

mariomare22OP•3y ago

nope

mariomare22OP•3y ago

ok I managed to get in, do you know how I could resolve this dns issue?

bo0tzz•3y ago

Not sure no

mariomare22OP•3y ago

Ok I have added manually the dns to the container

[Nest] 1  - 03/10/2023, 2:11:54 PM   ERROR [ExceptionsHandler] invalid_grant (The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The authorization code has already been used.)
OPError: invalid_grant (The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The authorization code has already been used.)
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
    at Client.grant (/usr/src/app/node_modules/openid-client/lib/client.js:1327:22)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Client.callback (/usr/src/app/node_modules/openid-client/lib/client.js:476:24)
    at async OAuthCore.callback (/usr/src/app/dist/apps/immich/libs/domain/src/oauth/oauth.core.js:49:24)
    at async OAuthService.login (/usr/src/app/dist/apps/immich/libs/domain/src/oauth/oauth.service.js:36:25)
    at async OAuthController.callback (/usr/src/app/dist/apps/immich/apps/immich/src/controllers/oauth.controller.js:34:38)
    at async /usr/src/app/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:17

[Nest] 1  - 03/10/2023, 2:11:54 PM   ERROR [ExceptionsHandler] invalid_grant (The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The authorization code has already been used.)
OPError: invalid_grant (The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The authorization code has already been used.)
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
    at Client.grant (/usr/src/app/node_modules/openid-client/lib/client.js:1327:22)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Client.callback (/usr/src/app/node_modules/openid-client/lib/client.js:476:24)
    at async OAuthCore.callback (/usr/src/app/dist/apps/immich/libs/domain/src/oauth/oauth.core.js:49:24)
    at async OAuthService.login (/usr/src/app/dist/apps/immich/libs/domain/src/oauth/oauth.service.js:36:25)
    at async OAuthController.callback (/usr/src/app/dist/apps/immich/apps/immich/src/controllers/oauth.controller.js:34:38)
    at async /usr/src/app/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:17

bo0tzz•3y ago

Try an oauth login once more? If that doesn't work, there's probably something wrong in your oauth config somewhere

mariomare22OP•3y ago

not working I think there is an issue with docker+dns in my host in general... it looks like when I start a docker container the resolv.conf from the host is not being copied in the container's one I hate ubuntu as host ! netplan just sucks I will move everything to debian 😄

Gaming

Programming

switch from cloudflare + authelia to caddy + authelia

Did you find this page helpful?