I
Immich2y ago
Jiibus

ENOTFOUND when using Authentik for OAuth

I previously set this up just fine months ago, but yesterday I went to reinstall the mobile app and found I couldn't sign in. I then figured out that sign in worked nowhere. When the sign in page loads, the logs show 
[Nest] 8  - 10/07/2023, 8:06:52 PM   ERROR [ExceptionsHandler] getaddrinfo ENOTFOUND auth.domain.com
Error: getaddrinfo ENOTFOUND auth.domain.com
    at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:118:26)
[Nest] 8  - 10/07/2023, 8:06:52 PM   ERROR [ExceptionsHandler] getaddrinfo ENOTFOUND auth.domain.com
Error: getaddrinfo ENOTFOUND auth.domain.com
    at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:118:26)
I use Authentik just fine with nextcloud and vikunja, so I'm pretty sure it's not Authentik or my system. Currently logged in sessions work without issue. Immich v1.81.1 I'm running this on TrueNAS Scale. I did try to run this past the Truecharts people, but integrations between apps is outside of their support scope.
No description
No description
6 Replies
schuhbacca
schuhbacca2y ago
I ran into this issue when my docker container couldn't talk to the DNS server. Make sure the container can resolve that URL. (using authelia but same exact error)
Jiibus
JiibusOP2y ago
What's the arg or env variable to set that? Truenas scale apps are close, but not exactly the same, as a normal docker compose install.
schuhbacca
schuhbacca2y ago
Not 100% sure with scale. With docker docker compose you basically do: version: 2 services: application: dns: 8.8.8.8 4.4.4.4 192.168.9.45 So you may need to look up how to do it for Scale
Jiibus
JiibusOP2y ago
Thanks! I think something's fundamentally wrong with my container, doing nslookup within the immich web container servfail's when it comes to my own domain. So I figured out the DNS issue. Turns out truenas was calling back to my opnsense router, which didn't have a record to point back to Traefik for my domain. However... now I'm getting 
[Nest] 8  - 10/08/2023, 10:33:33 PM   ERROR [ExceptionsHandler] expected 200 OK, got: 301 Moved Permanently
OPError: expected 200 OK, got: 301 Moved Permanently
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)
    at Issuer.discover (/usr/src/app/node_modules/openid-client/lib/issuer.js:152:20)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthService.getOAuthClient (/usr/src/app/dist/domain/auth/auth.service.js:245:24)
    at async AuthService.authorize (/usr/src/app/dist/domain/auth/auth.service.js:158:24)
    at async /usr/src/app/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:17
[Nest] 8  - 10/08/2023, 10:33:33 PM   ERROR [ExceptionsHandler] expected 200 OK, got: 301 Moved Permanently
OPError: expected 200 OK, got: 301 Moved Permanently
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)
    at Issuer.discover (/usr/src/app/node_modules/openid-client/lib/issuer.js:152:20)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthService.getOAuthClient (/usr/src/app/dist/domain/auth/auth.service.js:245:24)
    at async AuthService.authorize (/usr/src/app/dist/domain/auth/auth.service.js:158:24)
    at async /usr/src/app/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:17
when trying to log in. I did change the issuer URL to https://auth.domain.tld/application/o/immich/.well-known/openid-configuration from /application/o/immich/ and I wonder if that might be the cause. Is there a way to disable oauth from within the container? Or just enable password login?
Jiibus
JiibusOP2y ago
Ah found it https://immich.app/docs/administration/server-commands
Server Commands | Immich
The immich-server docker image comes preinstalled with an administrative CLI (immich-admin) that supports the following commands:
Jiibus
JiibusOP2y ago
Woo. Got authentik login working again. Saving the issuer URL to https://auth.domain.tld/application/o/immich/ then back to https://auth.domain.tld/application/o/immich/.well-known/openid-configuration seemed to do the trick. But it seems I was overzealous in my troubleshooting. Was thinking that maybe my container was borked, so deleted and reinstalled it, then restored my previous db backup with pgadmin. Now pics in the webUI don't load and I get a bunch of [Nest] 8 - 10/08/2023, 10:45:50 PM ERROR [AssetService] Cannot create read stream for asset errors. Along with [Nest] 8 - 10/08/2023, 10:45:59 PM ERROR [ExceptionsHandler] ENOENT: no such file or directory, access 'upload/profile/fa2260ba-ca94-4e91-93d7-f6325125a679/f0f24e74-3a1f-4025-bc34-8135fa2ee5c4.png' Which yea, that profile dir no longer exists. In fact, there are no dirs in upload/profile I don't mind setting this up again, I have all my media mounted into the container. What would be the best way to get things working again? All my stuff shows under upload/library/admin, which I'm not 100% sure why admin... It's my user on truenas is the only thing that comes to mind. Could I get some guidance on this, please?

Did you find this page helpful?