Submitted 5 days ago by Tinkerer@lemmy.ca to selfhosted@lemmy.world
I’m looking to setup Authentikibut I can’t for the life of me get the postgresql container working. I’m gettingconnectionn refused.
I’ve followed the docentation, watched several videos of people who have done the exact same thing as me but its not working. The compose file is the same file from the documentation.
I’m running it on an lxc in proxmox but I’ve also tried a VM with the same result. Any ideas or assistance?
time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”
time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused”
time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”
Here is my docker compose file:
`[___](services:
dashboard: image: netbirdio/dashboard:latest restart: unless-stopped networks: [netbird] env_file: - ./dashboard.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"
signal: image: netbirdio/signal:latest restart: unless-stopped networks: [netbird] logging: driver: “json-file” options: max-size: “500m” max-file: "2"
relay: image: netbirdio/relay:latest restart: unless-stopped networks: [netbird] env_file: - ./relay.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"
management: image: netbirdio/management:latest restart: unless-stopped networks: [netbird] volumes: - netbird_management:/var/lib/netbird - ./management.json:/etc/netbird/management.json command: [ “–port”, “80”, “–log-file”, “console”, “–log-level”, “info”, “–disable-anonymous-metrics=false”, “–single-account-mode-domain=netbird.selfhosted”, “–dns-domain=netbird.selfhosted”, “–idp-sign-key-refresh-enabled”, ] logging: driver: “json-file” options: max-size: “500m” max-file: "2"
coturn: image: coturn/coturn restart: unless-stopped #domainname: netbird.relay.selfhosted volumes: - ./turnserver.conf:/etc/turnserver.conf:ro network_mode: host command: - -c /etc/turnserver.conf logging: driver: “json-file” options: max-size: “500m” max-file: "2"
zitadel: restart: ‘always’ networks: [netbird] image: ‘ghcr.io/zitadel/zitadel:v2.64.1’ command: ‘start-from-init --masterkeyFromEnv --tlsMode external’ env_file: - ./zitadel.env depends_on: zdb: condition: ‘service_healthy’ volumes: - ./machinekey:/machinekey - netbird_zitadel_certs:/zdb-certs:ro logging: driver: “json-file” options: max-size: “500m” max-file: "2"
zdb: restart: ‘always’ networks: [netbird] image: ‘postgres:16-alpine’ env_file: - ./zdb.env volumes: - netbird_zdb_data:/var/lib/postgresql/data:rw healthcheck: test: [“CMD-SHELL”, “pg_isready”, “-d”, “db_prod”] interval: 5s timeout: 60s retries: 10 start_period: 5s logging: driver: “json-file” options: max-size: “500m” max-file: “2” volumes: netbird_zdb_data: netbird_management: netbird_caddy_data: netbird_zitadel_certs:
networks: netbird:)`
Try
docker compose up - d && docker compose logs -f
That should show you errors as things are starting.
Also three backticks and a new linestart a code block on Lemmy. Add your logs, then end it with a new line and another three backticks.
I think you're not providing enough information to help you. You should provide your config files, some logs and detailed explanation of failure.
Yeah I’ll grab some logs and post my files tonight when I get time :)
I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, zitadel.com/docs/self-hosting/deploy/compose
This is what shows:
[+] Running 3/3 ✔ Network root_zitadel Created 0.0s ✘ Container root-db-1 Error 60.8s ✔ Container root-zitadel-1 Created 0.0s dependency failed to start: container root-db-1 is unhealthy
docker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…
I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
Here is the compose file I’m using:
services: postgresql: image: postgres:16-alpine container_name: postgresql restart: unless-stopped networks: - authentik healthcheck: test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ./database:/var/lib/postgresql/data ports: - 5432:5432 environment: POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert POSTGRES_USER: postgres POSTGRES_DB: authentik redis: image: redis:alpine container_name: redis command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ./redis:/data networks: - authentik server: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-server restart: unless-stopped command: server environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert volumes: - ./media:/media - ./custom-templates:/templates ports: - 9000:9000 - 9443:9443 networks: - authentik depends_on: postgresql: condition: service_healthy redis: condition: service_healthy worker: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-worker restart: unless-stopped command: worker networks: - authentik environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates depends_on: postgresql: condition: service_healthy redis: condition: service_healthy networks: authentik:
Here are the logs when starting up Authentik docker compose:
authentik-worker | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": authentik-server | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"} authentik-server | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6} authentik-server | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":
BobsAccountant@lemmy.world 5 days ago
I too am running Authentik in an LXC and am using the default
docker-compose.yml. Did you make sure to define your.envfile correctly? Are you able to connect to the docker container itself after deployment? You may need to blow the DB volume away and try again because it will only provision on first run.Tinkerer@lemmy.ca 5 days ago
I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result.