Comments

• BobsAccountant@lemmy.world ⁨5⁩ ⁨weeks⁩ ago

  I too am running Authentik in an LXC and am using the default docker-compose.yml. Did you make sure to define your .env file correctly? Are you able to connect to the docker container itself after deployment? You may need to blow the DB volume away and try again because it will only provision on first run.

  source

  • Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

    I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result.

    source
• Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

  time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75” time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused” time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”

  Here is my docker compose file:

  `[___](services:

  Caddy reverse proxy

  caddy:

  image: caddy

  restart: unless-stopped

  networks: [ netbird ]

  ports:

  - ‘443:443’

  - ‘443:443/udp’

  - '80:80’

  volumes:

  - netbird_caddy_data:/data

  - ./Caddyfile:/etc/caddy/Caddyfile

  logging:

  driver: "json-file"

  options:

  max-size: "500m"

  max-file: "2"

  UI dashboard

  dashboard: image: netbirdio/dashboard:latest restart: unless-stopped networks: [netbird] env_file: - ./dashboard.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Signal

  signal: image: netbirdio/signal:latest restart: unless-stopped networks: [netbird] logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Relay

  relay: image: netbirdio/relay:latest restart: unless-stopped networks: [netbird] env_file: - ./relay.env logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Management

  management: image: netbirdio/management:latest restart: unless-stopped networks: [netbird] volumes: - netbird_management:/var/lib/netbird - ./management.json:/etc/netbird/management.json command: [ “–port”, “80”, “–log-file”, “console”, “–log-level”, “info”, “–disable-anonymous-metrics=false”, “–single-account-mode-domain=netbird.selfhosted”, “–dns-domain=netbird.selfhosted”, “–idp-sign-key-refresh-enabled”, ] logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Coturn, AKA relay server

  coturn: image: coturn/coturn restart: unless-stopped #domainname: netbird.relay.selfhosted volumes: - ./turnserver.conf:/etc/turnserver.conf:ro network_mode: host command: - -c /etc/turnserver.conf logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Zitadel - identity provider

  zitadel: restart: ‘always’ networks: [netbird] image: ‘ghcr.io/zitadel/zitadel:v2.64.1’ command: ‘start-from-init --masterkeyFromEnv --tlsMode external’ env_file: - ./zitadel.env depends_on: zdb: condition: ‘service_healthy’ volumes: - ./machinekey:/machinekey - netbird_zitadel_certs:/zdb-certs:ro logging: driver: “json-file” options: max-size: “500m” max-file: "2"

  Postgres for Zitadel

  zdb: restart: ‘always’ networks: [netbird] image: ‘postgres:16-alpine’ env_file: - ./zdb.env volumes: - netbird_zdb_data:/var/lib/postgresql/data:rw healthcheck: test: [“CMD-SHELL”, “pg_isready”, “-d”, “db_prod”] interval: 5s timeout: 60s retries: 10 start_period: 5s logging: driver: “json-file” options: max-size: “500m” max-file: “2” volumes: netbird_zdb_data: netbird_management: netbird_caddy_data: netbird_zitadel_certs:

  networks: netbird:)`

  source

  • afk_strats@lemmy.world ⁨5⁩ ⁨weeks⁩ ago

    Try

    docker compose up - d && docker compose logs -f
    

    That should show you errors as things are starting.

    Also three backticks and a new linestart a code block on Lemmy. Add your logs, then end it with a new line and another three backticks.

    source
• carloshr@lile.cl ⁨5⁩ ⁨weeks⁩ ago

  I think you're not providing enough information to help you. You should provide your config files, some logs and detailed explanation of failure.

  @Tinkerer @selfhosted

  source

  • Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

    Yeah I’ll grab some logs and post my files tonight when I get time :)

    source
• Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

  I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, zitadel.com/docs/self-hosting/deploy/compose

  This is what shows:

  [+] Running 3/3
   ✔ Network root_zitadel      Created                                                                                                         0.0s 
   ✘ Container root-db-1       Error                                                                                                          60.8s 
   ✔ Container root-zitadel-1  Created                                                                                                         0.0s 
  dependency failed to start: container root-db-1 is unhealthy
  

  docker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…

  I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:

  time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
  time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
  time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
  time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
  time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
  time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
  time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
  time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
  time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
  time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
  

  source
• Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

  Here is the compose file I’m using:

  services:
    postgresql:
      image: postgres:16-alpine
      container_name: postgresql
      restart: unless-stopped
      networks:
        - authentik
      healthcheck:
        test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"]
        start_period: 20s
        interval: 30s
        retries: 5
        timeout: 5s
      volumes:
        - ./database:/var/lib/postgresql/data
      ports:
        - 5432:5432
      environment:
        POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
        POSTGRES_USER: postgres
        POSTGRES_DB: authentik
    redis:
      image: redis:alpine
      container_name: redis
      command: --save 60 1 --loglevel warning
      restart: unless-stopped
      healthcheck:
        test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
        start_period: 20s
        interval: 30s
        retries: 5
        timeout: 3s
      volumes:
        - ./redis:/data
      networks:
        - authentik
    server:
      image: ghcr.io/goauthentik/server:2025.6.4
      container_name: authentik-server
      restart: unless-stopped
      command: server
      environment:
        AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
        AUTHENTIK_REDIS__HOST: redis
        AUTHENTIK_POSTGRESQL__HOST: postgresql
        AUTHENTIK_POSTGRESQL__USER: postgres
        AUTHENTIK_POSTGRESQL__NAME: authentik
        AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
      volumes:
        - ./media:/media
        - ./custom-templates:/templates
      ports:
        - 9000:9000
        - 9443:9443
      networks:
        - authentik
      depends_on:
        postgresql:
          condition: service_healthy
        redis:
          condition: service_healthy
    worker:
      image: ghcr.io/goauthentik/server:2025.6.4
      container_name: authentik-worker
      restart: unless-stopped
      command: worker
      networks:
        - authentik
      environment:
        AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
        AUTHENTIK_REDIS__HOST: redis
        AUTHENTIK_POSTGRESQL__HOST: postgresql
        AUTHENTIK_POSTGRESQL__USER: postgres
        AUTHENTIK_POSTGRESQL__NAME: authentik
        AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
      user: root
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - ./media:/media
        - ./certs:/certs
        - ./custom-templates:/templates
      depends_on:
        postgresql:
          condition: service_healthy
        redis:
          condition: service_healthy
  networks:
    authentik:
  

  source
• Tinkerer@lemmy.ca ⁨5⁩ ⁨weeks⁩ ago

  Here are the logs when starting up Authentik docker compose:

  authentik-worker  | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139}
  authentik-worker  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947}
  authentik-worker  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": 
  authentik-server  | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"}
  authentik-server  | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"}
  authentik-server  | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"}
  authentik-server  | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
  authentik-server  | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"}
  authentik-server  | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
  authentik-server  | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"}
  authentik-server  | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6}
  authentik-server  | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862}
  authentik-server  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268}
  authentik-server  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": 
  

  source