Unable to mount configuration.yml

[dylanh50]

I tried to install authelia with docker-compose but on startup authelia isn't able to find the configuration.yml. Especially it is impossible to mount the "/var/lib/authelia" volumen and on build the container automatically mounts /etc/authelia (where the configuration files are in. But even on changing the PUID or PGID to root or change the configuration-files in the (unexpected) volumen, authelia still goes in panic mode and logs missing configuration.

I even copied your docker-compose.yml and still the same error. So either I'm doing something stupidly wrong (probably) or there is a bug (unlikely).

time="2020-05-26T17:25:41+02:00" level=error msg="Provide a JWT secret using \"jwt_secret\" key"
time="2020-05-26T17:25:41+02:00" level=error msg="Please provide `ldap` or `file` object in `authentication_backend`"
time="2020-05-26T17:25:41+02:00" level=error msg="Set domain of the session object"
time="2020-05-26T17:25:41+02:00" level=error msg="A storage configuration must be provided. It could be 'local', 'mysql' or 'postgres'"
time="2020-05-26T17:25:41+02:00" level=error msg="A notifier configuration must be provided"
panic: Some errors have been reported

goroutine 1 [running]:
main.startServer()
	github.com/authelia/authelia/cmd/authelia/main.go:41 +0xc80
main.main.func1(0xc00009c000, 0xc000232120, 0x0, 0x2)
	github.com/authelia/authelia/cmd/authelia/main.go:126 +0x20
github.com/spf13/cobra.(*Command).execute(0xc00009c000, 0xc000020190, 0x2, 0x2, 0xc00009c000, 0xc000020190)
	github.com/spf13/cobra@v0.0.7/command.go:842 +0x29d
github.com/spf13/cobra.(*Command).ExecuteC(0xc00009c000, 0xc00013df58, 0x4, 0x4)
	github.com/spf13/cobra@v0.0.7/command.go:943 +0x317
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/cobra@v0.0.7/command.go:883
main.main()
	github.com/authelia/authelia/cmd/authelia/main.go:143 +0x166

[clems4ever]

Hello @dylanh50, can you please give us a pointer to what docker-compose exactly you're referring to? If you followed a documentation, can you also please tell us which one so that we can fix it?
If you're using one of local or lite, do you use it from within the git repository or did you copy the file somewhere?

On my side, I've just tested against the master branch and it seems to work.

[dylanh50]

Sure, I've cloned the Git-Repository and removed the Traefik container, because I'm already running an instance of Traefik (which works actually fine with my other containers).
I tried to run this container with my admin user (non root) and my root user. But at both ways the container starts and creates an additional volume under /var/lib/docker/volumes with a cryptical id. This volume seems to bind /etc/authelia because when I looked inside then there are the configuration.yml and the users_database.yml. I tried to edit this files and restarted, but still the same error. Also I tried to use named volumes but still the same.
I have to say, I'm kind of new to docker, so I guess I'm makeing some mistake. But I couldn't figure out.
This is the compose file I've used

version: '3.3'

networks:
  web:
    external: true
  intern:
    external: true

services:
  authelia:
    image: authelia/authelia
    container_name: authelia
    volumes:
      - ./authelia:/var/lib/authelia
      - ./configuration.yml:/etc/authelia/configuration.yml:ro
      - ./users_database.yml:/etc/authelia/users_database.yml
    networks:
      - web
      - intern
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`$DOMAINNAME`)'
      - 'traefik.http.routers.authelia.entrypoints=https'
      - 'traefik.http.routers.authelia.tls=true'
      - 'traefik.http.routers.authelia.tls.certresolver=le'
      - 'traefik.http.routers.authelia.service=authelia-svc'
      - 'traefik.http.services.authelia-svc.loadbalancer.server.port=9091'
#      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
#      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
#      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
#    expose:
#      - 9091
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin

I hope you can help me. Thanks in advanced.

[clems4ever]

/var/lib/docker/volumes is where the docker daemon stores the actual data contained in non-mounted volumes. You should not care about this. There is no obvious issue in your docker-compose file.

I suggest you follow the documentation and move step by step from there: https://docs.authelia.com/getting-started.

[dylanh50]

I removed everything an tried again, step by step. Still the same error. I really have no clue how to debug this error too

[james-d-elliott]

Can you run the following command against the container name of your Authelia instance when it's running:

docker exec cat /etc/authelia/configuration.yml

[dylanh50]

This produces

Error response from daemon: Container 54d29f2d7fa209e25458b8b6930aed108e7b4eea7206f243afeb9608d042ed72 is restarting, wait until the container is running

this error message

[dylanh50]

So I've tried everything again on another fresh server with freshly installed docker, docker-compose and traefik. Still produces the same error message.

This is the compose file for traefik:

version: '3.7'
services:
  traefik:
    image: traefik:chevrotin
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    command:
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=false

      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.traefik.address=:8080

      - --api=true

      - --log=true
      - --log.level=DEBUG
      - --log.filePath=/error.log

      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100

      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=web
      - --providers.docker.swarmMode=false

      - --providers.file.directory=/rules
      - --providers.file.watch=true

      - --certificatesResolvers.le.acme.email=**SesitiveData**
      - --certificatesResolvers.le.acme.storage=/acme.json
      - --certificatesResolvers.le.acme.tlschallenge=true
#      - --certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
    networks:
      - web
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    volumes:
      - ./rules:/rules
#      - ./static/traefik.yml:/traefik.yml:ro
      - ./acme/acme.json:/acme.json
      - ../shared:/shared
      - ./error.log:/error.log
      - ./access.log/traefik.log
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=$TZ
    labels:
      - 'traefik.enable=true'
      # HTTP-TO-HTTPS
      - 'traefik.http.routers.http-catchall.entrypoints=http'
      - 'traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
      # HTTP Routers
      - 'traefik.http.routers.traefik-rtr.entrypoints=https'
      - 'traefik.http.routers.traefik-rtr.rule=Host(`$SUBDOMAIN.$DOMAINNAME`)'
      - 'traefik.http.routers.traefik-rtr.tls=true'
      - 'traefik.http.routers.traefik-rtr.tls.certresolver=le'
      # Middlewares
#      - 'traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file'
      # Service API
      - 'traefik.http.routers.traefik-rtr.service=api@internal'

networks:
  web:
    external: true

The compose file for authelia:

version: '3.7'
services:
  authelia:
    image: authelia/authelia
    container_name: authelia
    restart: unless-stopped
#    security_opt:
#      - no-new-privileges:true
    networks:
      - web
    volumes:
      - ./authelia:/var/lib/authelia
      - ./configuration.yml:/etc/authelia/configuration.yml:ro
      - ./users_database.yml:/etc/authelia/users_database.yml
    environment:
      - TZ=$TZ
    labels:
      - 'traefik.enable=true'
      # HTTP Routers
      - 'traefik.http.routers.authelia-rtr.entrypoints=https'
      - 'traefik.http.routers.authelia-rtr.rule=Host(`secure.$DOMAINNAME`)'
      - 'traefik.http.routers.authelia-rtr.tls=true'
      - 'traefik.http.routers.authelia-rtr.tls.certresolver=le'
      # Middlewares
      - 'traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file'
      # HTTP Service
      - 'traefik.http.routers.authelia-rtr.service=authelia-svc'
      - 'traefik.http.services.autheliavc.loadbalancer.server.port=9091'

networks:
  web:
    external: true

The configuration file:

host: 0.0.0.0
port: 9091
log_level: debug

jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU

default_redirection_url: **sensitiveData**

totp:
  issuer: **sensitiveData**
  period: 30
  skew: 1

authentication_backend:
  file:
    path: /etc/authelia/users_database.yml

access_control:
  default_policy: deny
  rules:
    - domain: **sensitiveData**
      policy: bypass
    - domain: *.**sensitiveData**
      policy: one_factor

session:
  name: authelia_session
  secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa
  expiration: 3600
  inactivity: 300
  domain: **sensitiveData**

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  mysql:
    host: **sensitiveData**
    port: 3306
    database: authelia
    username: authelia
    password: **sensitiveData**

notifier:
  smtp:
    username: **sensitiveData**
    password: **sensitiveData**
    host: smtp.gmail.com
    port: 465
    sender: **sensitiveData**

Both, the compose and configuration is in /home/user/docker/authelia, owned by the user have read/write permission for owner and group, read permission for others.
docker version: 18.09.1
docker-compose version: 1.25.5

Maybe this helps anyone to find an error

[james-d-elliott]

Thanks for the additional info, makes sense that my previous command would fail. Do the following inside the authelia docker-compose dir:

mkdir config
mv configuration.yml config/configuration.yml
mv users_database.yml config/users_database.yml

      - ./configuration.yml:/etc/authelia/configuration.yml:ro
      - ./users_database.yml:/etc/authelia/users_database.yml

becomes

      - ./config:/etc/authelia

[dylanh50]

I did that, but no changes at all. Tried it on both server and both gave the same error message.
This is an screenshot of the whole terminal output with my folder structure, file permissions and the output of docker compose.

Also downloadable via my nextcloud instance from here
Btw, thanks for the help :)

[nightah]

Just to make sure there's no artifacts that are hanging back can you try the following:

1. docker rm -f authelia
2. docker-compose rm authelia
3. docker-compose up

From what I can see in both your compose file and the configuration you shouldn't be experiencing that issue.
This might be a silly question but just to confirm, you aren't making the changes in the compose.yml instead of docker-compose.yml are you?

[dylanh50]

Still no changes, still the same error.
It is kind of strange, because all other containers (Gitlab, Nextcloud, Firefly, etc) are starting and working perfectly fine. I tried Fusionauth which started without any problems, but I would prefer to use Authelia.

Is this maybe a problem with docker itself or an permission problem? But I tried everything with my admin and my root.
Or a problem with the OS, I use CentOS 8 on both.

The compose.ymlis just a backup I made. Changes are just in docker-compose.yml. But I can understand the question.

[nightah]

I'd suggest your best bet to try and get this resolved would be to jump on Matrix and one of the team members can actively work with you to determine what's going on and how to fix it.

Between now and then, could you please provide the output to docker inspect authelia when this is erroring? I can't spot any issues with your directory structure and your bind mounts, but hopefully the inspect should give us some more clues.

[dylanh50]

What is matrix? Can you give me a link or something?

Here is the output of the inspect

[
    {
        "Id": "66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840",
        "Created": "2020-05-31T04:51:55.605426502Z",
        "Path": "./authelia",
        "Args": [
            "--config",
            "/etc/authelia/configuration.yml"
        ],
        "State": {
            "Status": "restarting",
            "Running": true,
            "Paused": false,
            "Restarting": true,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 2,
            "Error": "",
            "StartedAt": "2020-05-31T04:52:09.246717779Z",
            "FinishedAt": "2020-05-31T04:52:09.462319597Z"
        },
        "Image": "sha256:65b87b65ec3f5ad916eee25cd561e87e09e11c94146d7af5f594af013d09979b",
        "ResolvConfPath": "/var/lib/docker/containers/66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840/hostname",
        "HostsPath": "/var/lib/docker/containers/66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840/hosts",
        "LogPath": "/var/lib/docker/containers/66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840/66c5a974079b0753ef9c4e961b75d87eb014d3d09a7d9e731c3a6d40eabd7840-json.log",
        "Name": "/authelia",
        "RestartCount": 7,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/home/admin/docker/authelia/config:/etc/authelia:rw",
                "/home/admin/docker/authelia/authelia:/var/lib/authelia:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "web",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": [],
            "CapAdd": null,
            "CapDrop": null,
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/eeabd496830bbd67df638a6d546b2eeeefa04f664a0138b1b3ec18f53b6eaf49-init/diff:/var/lib/docker/overlay2/d4ac5480e643de9c7eb2bcb0ea4ecb86d49399f055714f14a3d733964bf31f9e/diff:/var/lib/docker/overlay2/a8fdaeb21cf6f6a9349e5d3774d93bc761a93bd7ef320a6a613fe5f98059fc64/diff:/var/lib/docker/overlay2/551168b9026140d92d804b3cb8073e78ba8fdea75d5f256f3d5af9675f58a8e3/diff:/var/lib/docker/overlay2/5b2e8cf57e390c383aa277ceec0aee194f47d20bf0b288fbb677d646045d6dde/diff",
                "MergedDir": "/var/lib/docker/overlay2/eeabd496830bbd67df638a6d546b2eeeefa04f664a0138b1b3ec18f53b6eaf49/merged",
                "UpperDir": "/var/lib/docker/overlay2/eeabd496830bbd67df638a6d546b2eeeefa04f664a0138b1b3ec18f53b6eaf49/diff",
                "WorkDir": "/var/lib/docker/overlay2/eeabd496830bbd67df638a6d546b2eeeefa04f664a0138b1b3ec18f53b6eaf49/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/home/admin/docker/authelia/config",
                "Destination": "/etc/authelia",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/home/admin/docker/authelia/authelia",
                "Destination": "/var/lib/authelia",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "66c5a974079b",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "9091/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "TZ=Europe\\Berlin",
                "PATH=/usr/app:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "./authelia",
                "--config",
                "/etc/authelia/configuration.yml"
            ],
            "Image": "authelia/authelia",
            "Volumes": {
                "/etc/authelia": {},
                "/var/lib/authelia": {}
            },
            "WorkingDir": "/usr/app",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "27ffa9f64a8320766885f968bd02db2ab2a884d47a5ab73fb9191cea386174af",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "authelia",
                "com.docker.compose.project.config_files": "docker-compose.yml",
                "com.docker.compose.project.working_dir": "/home/admin/docker/authelia",
                "com.docker.compose.service": "authelia",
                "com.docker.compose.version": "1.25.5",
                "traefik.enable": "true",
                "traefik.http.routers.authelia-rtr.entrypoints": "https",
                "traefik.http.routers.authelia-rtr.middlewares": "chain-no-auth@file",
                "traefik.http.routers.authelia-rtr.rule": "Host(`domain`)",
                "traefik.http.routers.authelia-rtr.service": "authelia-svc",
                "traefik.http.routers.authelia-rtr.tls": "true",
                "traefik.http.routers.authelia-rtr.tls.certresolver": "le",
                "traefik.http.services.autheliavc.loadbalancer.server.port": "9091"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "39db19c6b7ff1162c7f6a5d73d43b6d81343d7c481b462e34abfc0a22a85c98c",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/39db19c6b7ff",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "web": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "authelia",
                        "66c5a974079b"
                    ],
                    "NetworkID": "ca4f51b9c3450938353a2deab56ded13101b78c7784aa3ce0a350af0ef412334",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }
        }
    }
]

[vmoalemi]

I have exactly same issue right now. Hopefully, someone can help

[vmoalemi]

My problem was resolved. In my case this line "disable_startup_check: false" under notifier in config file was causing issue. I removed that and it works right now. @dylanh50 try using this for storage and notifier on your config file to see if it works for you:

storage:
local:
path: /var/lib/authelia/db.sqlite3

notifier:
filesystem:
filename: /var/lib/authelia/notification.txt

[nightah]

What is matrix? Can you give me a link or something?

Per our README.md: Matrix.

[dylanh50]

@vmoalemi Thanks for the tip. I've tried but unfortunately it didn't change anything. I still get the error message and authelia isn't starting.

[JHrenyk]

I've started having issues as well. It looks like a rogue volume is being created and mounted at /etc/authelia and thats overwriting my mounts for my config at /etc/authelia/configuration.yml

[nightah]

What version of Docker are you guys running?
Can you please provide the output of docker info and docker version?

An additional volume will be created if you are mounting in the configuration.yml as an explicit file instead of mounting to /etc/authelia but this shouldn't cause issues where it's overwriting your mounts.

For example here's my definition of the Authelia container:

  authelia:
    image: authelia/authelia:master
    container_name: authelia
    volumes:
      - /srv/docker/.ldap/authelia:/var/lib/authelia
      - /srv/docker/.ldap/authelia/config.yml:/etc/authelia/configuration.yml:ro
    networks:
      - net
    dns:
      - 172.18.0.254
      - 10.10.10.254
    expose:
      - 9091
    restart: unless-stopped
    environment:
      - TZ=Australia/Melbourne

Docker created a volume to host /etc/authelia which in my case falls under: /var/lib/docker/volumes/5ef9aebc24fd1861a9bf97ace16bb43361a39e714379e57cafeda1d196074da8.

If you look deeper into the location of your volume:

ls -lah /var/lib/docker/volumes/5ef9aebc24fd1861a9bf97ace16bb43361a39e714379e57cafeda1d196074da8/_data/

total 1.5K
drwxr-xr-x 2 root root 3 Jun  1 19:55 .
drwxr-xr-x 3 root root 3 Jun  1 19:55 ..
-rwxr-xr-x 1 root root 0 Jun  1 19:55 configuration.yml

Notice how the file is 0 bytes? It's actually just a pointer to the configuration which is explicitly bind mounted in from your other location on the host.

[JHrenyk]

docker info

Client:
 Debug Mode: false

Server:
 Containers: 13
  Running: 4
  Paused: 0
  Stopped: 9
 Images: 18
 Server Version: 19.03.8
 Storage Driver: overlay2
  Backing Filesystem: <unknown>
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 
 runc version: 
 init version: 
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-33-generic
 Operating System: Ubuntu 20.04 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.941GiB
 Name: docker02
 ID: FMGR:LU2F:YGAB:YUTU:JAKA:GQRU:JFOX:GFS3:QGTI:26YZ:H3OJ:MGVH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

docker version

Client:
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.13.8
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 23:42:35 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.8
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 22:48:33 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.3-0ubuntu2
  GitCommit:        
 runc:
  Version:          spec: 1.0.1-dev
  GitCommit:        
 docker-init:
  Version:          0.18.0
  GitCommit: 

Ok, that makes sense. Its strange, It has been working fine for the last 48 hours. I'm not sure what changed to cause it to stop reading the config file.

[nightah]

Based on the information provided, the docker-compose.yml and configuration.yml I can't see any issues.

Even the inspect seems to suggest that the bind mount is successful so it's really a matter of why that doesn't seem to work. If any of you guys can jump on Matrix I'm happy to walk through and debug some stuff with you.

However, If you're comfortable enough to do it yourself try set the entrypoint/command of the container to something like sleep 100000 and then when it's running docker exec -it authelia /bin/ash this should give you a shell in the container.
I'd inspect the locations you have mounted see what files it can actually see and the contents of said files.

[igrschmidt]

Same issue here as well and all my files are identical to the OP.

My problem was resolved. In my case this line "disable_startup_check: false" under notifier in config file was causing issue. I removed that and it works right now. @dylanh50 try using this for storage and notifier on your config file to see if it works for you:

my config file doesn't have this line tho :/

However, If you're comfortable enough to do it yourself try set the entrypoint/command of the container to something like sleep 100000 and then when it's running docker exec -it authelia /bin/ash this should give you a shell in the container.
I'd inspect the locations you have mounted see what files it can actually see and the contents of said files.

Yeah, the files are correctly placed (and their content, ofc) inside the container.

[nightah]

What happens when you run authelia —config /etc/authelia/configuration.yml from the interactive shell?

[igrschmidt]

This:

/etc/authelia # authelia --config /etc/authelia/configuration.yml
ERRO[0000] Provide a JWT secret using "jwt_secret" key  
ERRO[0000] Please provide `ldap` or `file` object in `authentication_backend` 
ERRO[0000] Set domain of the session object             
ERRO[0000] A storage configuration must be provided. It could be 'local', 'mysql' or 'postgres' 
ERRO[0000] A notifier configuration must be provided    
panic: Some errors have been reported

goroutine 1 [running]:
main.startServer()
        github.com/authelia/authelia/cmd/authelia/main.go:41 +0xc80
main.main.func1(0xc000376580, 0xc000272060, 0x0, 0x2)
        github.com/authelia/authelia/cmd/authelia/main.go:126 +0x20
github.com/spf13/cobra.(*Command).execute(0xc000376580, 0xc000020190, 0x2, 0x2, 0xc000376580, 0xc000020190)
        github.com/spf13/cobra@v0.0.7/command.go:842 +0x29d
github.com/spf13/cobra.(*Command).ExecuteC(0xc000376580, 0xc0000b5f58, 0x4, 0x4)
        github.com/spf13/cobra@v0.0.7/command.go:943 +0x317
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/cobra@v0.0.7/command.go:883
main.main()
        github.com/authelia/authelia/cmd/authelia/main.go:143 +0x166
/etc/authelia # 

Now I'm thinking that it might be something with permissions? But they seem just fine

[nightah]

Can you paste your full configuration.yml?

I’ll have a look at it first thing in the morning.

I don’t think it’s permissions related, the container runs as root so it should be able to read whatever you throw at it.

[igrschmidt]

First of all, thank you so much @nightah for your support!
I just discovered that I had an indentation problem on my yaml file causing it to be invalid. Rookie mistake :(
Authelia grabs my configuration.yml now!
Thanks again

[ppatrzyk]

I encountered this problem as well. After some trial-and-error, what fixed the missing configs issue was to enclose all domain names in configuration.yml in quotation marks:

access_control:
  default_policy: deny
  rules:
    # Rules applied to everyone
    # https://docs.authelia.com/configuration/access-control.html
    - domain: '*.secure.yourdomain.com'
      policy: one_factor

Hope this helps someone.

[james-d-elliott]

Thanks @ppatrzyk I just got up and found the same thing in my testing when replicating everyones setups. Also it's only domains starting with the * char. It looks like strings starting with that have to be quoted in YAML.

http://www.yamllint.com/

[james-d-elliott]

@JHrenyk @dylanh50 @vmoalemi can you all check your YAML's with a linter and check all strings that start with * are quoted? You can do it online at that site, or you can use something like vscode which can check for those errors I think.

[JHrenyk]

Will give it a go and report back in a couple days.

[dylanh50]

This worked for me. I enclosed all domains with quotes and so Authelia started prefectly fine. Thanks @james-d-elliott

[JHrenyk]

Got some time this morning. All domains in quotes and Authelia started no issues. Thanks @james-d-elliott and @ppatrzyk