Support Request: Initial Setup with Authentik Error

[LIRIKKER]

I’m currently setting up a Split Pro environment using docker compose through Portainer. I’m connecting via an Nginx Reverse Proxy

I’ve setup the following config:

services:
  postgres:
    image: postgres:16
    restart: unless-stopped
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U splitpro']
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - data:/var/lib/postgresql/data
    env_file:
      - stack.env

  webapp:
    image: ossapps/splitpro:latest
    restart: unless-stopped
    ports:
      - 10415:10415
    env_file:
      - stack.env
    depends_on:
      postgres:
        condition: service_healthy

volumes:
  data:

In my stack.env:

PORT=10415
DATABASE_URL=postgresql://splitpro:***@postgres:5432/splitpro
AUTHENTIK_ID=***
AUTHENTIK_SECRET=***
AUTHENTIK_ISSUER=https://authentik.domain/application/o/split-pro/
POSTGRES_USER=splitpro
POSTGRES_PASSWORD=***
POSTGRES_DB=splitpro
HOSTNAME=0.0.0.0
NEXTAUTH_SECRET=***

When I go to the login screen, I don’t see authentik as an option and it shows blank. in the logs I see

Starting web server
   ▲ Next.js 14.1.0
   - Local:        http://localhost:10415
   - Network:      http://0.0.0.0:10415
 ✓ Ready in 279ms
Registering instrumentation
Validating auth env
[next-auth][warn][NEXTAUTH_URL] 
https://next-auth.js.org/warnings#nextauth_url
[next-auth][error][CLIENT_FETCH_ERROR] 
https://next-auth.js.org/errors#client_fetch_error fetch failed {
  error: {
    message: 'fetch failed',
    stack: 'TypeError: fetch failed\n' +
      '    at node:internal/deps/undici/undici:13392:13\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)',
    name: 'TypeError'
  },
  url: 'http://localhost:3000/api/auth/providers',
  message: 'fetch failed'
}

I then change the internal port back to 3000.

The page loads and presents me with a login screen that says sign in with

After clicking it I get the following error on my web browser:

This site can't be reached

A server with the specified hostname could not be found.

Try re-typing the URL, or opening a search engine and searching for the new URL.


NSURLErrorCannotFindHost

I noticed my URL path has changed to: http://localhost:3000/api/auth/error?error=OAuthSignin

And this is the error in my logs:

Starting web server
   ▲ Next.js 14.1.0
   - Local:        http://localhost:3000
   - Network:      http://0.0.0.0:3000
 ✓ Ready in 278ms
Registering instrumentation
Validating auth env
[next-auth][warn][NEXTAUTH_URL] 
https://next-auth.js.org/warnings#nextauth_url
[next-auth][error][SIGNIN_OAUTH_ERROR] 
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
  error: {
    message: 'expected 200 OK, got: 301 Moved Permanently',
    stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
      '    at processResponse (/app/node_modules/.pnpm/[email protected]/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Issuer.discover (/app/node_modules/.pnpm/[email protected]/node_modules/openid-client/lib/issuer.js:151:18)\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
      '    at async openidClient (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
      '    at async getAuthorizationUrl (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
      '    at async Object.signin (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
      '    at async AuthHandler (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/core/index.js:260:26)\n' +
      '    at async NextAuthApiHandler (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async NextAuth._args$ (/app/node_modules/.pnpm/[email protected][email protected][email protected][email protected][email protected]/node_modules/next-auth/next/index.js:108:14)\n' +
      '    at async K (/app/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16545)',
    name: 'OPError'
  },
  providerId: 'authentik',
  message: 'expected 200 OK, got: 301 Moved Permanently'
}

I’m not sure what’s going on

[LIRIKKER]

Figured it out,

Set the NEXTAUTH_URL to my externally facing URL in docker

Then had a trailing / on the ISSUER Url which I removed from the end.

[adyanth]

Saw the same behavior, but it was due to the app not listening on localhost?

/app # netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 192.168.97.3:3000       0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.11:39933        0.0.0.0:*               LISTEN      
tcp        0      0 192.168.97.3:33940      192.168.97.3:3000       TIME_WAIT   
udp        0      0 127.0.0.11:50737        0.0.0.0:*                           

[krokosik]

If the issue is resolved, can we close this?