Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble deploying, Message=Instance not found #4452

Closed
samjaninf opened this issue Sep 24, 2022 · 39 comments
Closed

Trouble deploying, Message=Instance not found #4452

samjaninf opened this issue Sep 24, 2022 · 39 comments
Assignees
@fforootd
Labels
bug Something isn't working

Comments

@samjaninf
Copy link

Hey all, was deploying this to see if it would be a good fit for out infrastructure and came up with an issue. I deployed it to kubernetes using the help chart and copied the values.yaml and modified it.

This is my values.yaml:

# Default values for zitadel.
zitadel:

  # The ZITADEL config under configmapConfig is written to a Kubernetes ConfigMap
  # See all defaults here:
  # https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
  configmapConfig:
    Log:
      Level: 'debug'
      Formatter:
        Format: text
    Database:
      cockroach:
        Host: "crdb-public"
        User:
          SSL:
            Mode: "verify-full"
        Admin:
          SSL:
            Mode: "verify-full"
    ExternalPort: 443
    ExternalDomain: "external.domain"
    ExternalSecure: true
    Machine:
      Identification:
        Hostname:
          Enabled: true
        Webhook:
          Enabled: false

  # The ZITADEL config under secretConfig is written to a Kubernetes Secret
  # See all defaults here:
  # https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
  secretConfig:
    Log:
      Level: 'debug'
      Formatter:
        Format: text
    Database:
      cockroach:
        User:
          Username: "db.username"
          Password: "db.password"
        Admin:
          Username: "root"
          Password: ""
    Metrics:
      Type: none
    Port: 8080
    ExternalPort: 443
    ExternalDomain: "external.domain"
    ExternalSecure: true
    TLS:
      Enabled: false
    Machine:
      Identification:
        Hostname:
          Enabled: true
        Webhook:
          Enabled: false
    SAML:
      Organisation:
        Name: "company.name"
        URL: "company.site"
      ContactPerson:
        ContactType: "technical"
        Company: "company.name"
        EmailAddress: "company.email"
    DefaultInstance:
      Org:
        Name: "name"
        Human:
          UserName: "user.name"
          Password: "user.password"
          Email: 
            Address: "company.email"
            Verified: true
      DomainPolicy:
        SMTPSenderAddressMatchesInstanceDomain: false
      SMTPConfiguration:
        SMTP:
          Host: "email.domain.name"
          User: "email.user.name"
          Password: "email.password"
        TLS: true
        From: "from.email"
        FromName: "from.name"

  # Reference the name of a secret that contains ZITADEL configuration.
  # The key should be named "config-yaml".
  configSecretName:

  # ZITADEL uses the masterkey for symmetric encryption.
  # You can generate it for example with tr -dc A-Za-z0-9 </dev/urandom | head -c 32
  masterkey: 'zitadel.masterkey'
  # Reference the name of the secret that contains the masterkey. The key should be named "zitadel-masterkey".
  # Note: Eighter zitadel.masterkey or zitadel.masterkeySecretName must be set
  masterkeySecretName: ""

  # The root CA Certificate needed for establishing secure database connections
  dbSslRootCrt: ''

  # The Secret containing the root CA Certificate at key ca.crt needed for establishing secure database connections
  dbSslRootCrtSecret: 'crdb-ca-secret'
  # dbSslRootCrtSecret: ''

  # The Secret containing the client CA Certificate and key at tls.crt and tls.key needed for establishing secure database connections
  dbSslClientCrtSecret: 'crdb-client-secret'
  # dbSslClientCrtSecret: ''

replicaCount: 1

image:
  repository: ghcr.io/zitadel/zitadel
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "v2.6.0"

chownImage:
  repository: alpine
  pullPolicy: IfNotPresent
  tag: "3.11"

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

podAnnotations: {}

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000

securityContext: {}

service:
  type: ClusterIP
  port: 8080
  protocol: http2
  annotations: {}

ingress:
  enabled: true
  className: "nginx"
  pathType: ImplementationSpecific
  path: /
  selfSigned: false
  hostname: external.domain
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: external.domain
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: tls.secret.name
      hosts: 
        - external.domain

resources: {}

nodeSelector: {}

tolerations: []

affinity: {}

metrics:
  enabled: false
  serviceMonitor:

    # If true, the chart creates a ServiceMonitor that is compatible with Prometheus Operator
    # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor.
    # The Prometheus community Helm chart installs this operator
    # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#kube-prometheus-stack
    enabled: false
    honorLabels: false
    honorTimestamps: true

cockroachdb:
  enabled: true
  fullnameOverride: crdb
  tls:
    enabled: true

Now trying to go to the external.domain/ui/console specified under ExternalDomain gives me a ID=QUERY-n0wng Message=Instance not found Error in browser. And a 404 without the /ui/console part.

Not sure how to troubleshoot this. No errors are raised in the logs for the pod/container. I did get the proper UI to load before when I was trying it out on non-https mode.

Also, the documentation is slightly skewed in three places from my perusal. In some places some of the values go in the configMap but it other places the same keys are using in the secretConfig instead.

The second place is that the documentation makes mention of a FirstInstance key, but the actual defaults file at: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml puts that information in the DefaultInstance key.

And the last place is that the documentation states: For more configuration options, go to the chart repo descriptions. with a link to the repo, but the repo only links you back to a different page of the docs which again, tells you that configuration details are described in the repo.

Don't know if this was by intent but seems to just be a circular loop that doesn't contain any detailed info for production deployment.
@samjaninf samjaninf added state: triage bug Something isn't working labels Sep 24, 2022
@samjaninf
Copy link
Author

Forgot to include the annotations on my ingress:

    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      grpc_set_header Host $host;
      proxy_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;
      grpc_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;

@fforootd
Copy link
Member

hi @samjaninf

The instance not found error is only raised when ZITADEL cannot map the hostheader to an instance. Most of the times its the proxy config. Although in the snippet you provide i do not spot a problem.

What response do you get when calling the endpoint external.domain/.well-known/openid-configuration

@fforootd fforootd self-assigned this Sep 26, 2022
@samjaninf
Copy link
Author

The instance not found error is only raised when ZITADEL cannot map the hostheader to an instance. Most of the times its the proxy config. Although in the snippet you provide i do not spot a problem.

What response do you get when calling the endpoint external.domain/.well-known/openid-configuration

Hey @fforootd, that's for looking into this. I get the same message about an instance not found.

Could it be that it's missing the regular Host header?

@fforootd
Copy link
Member

It looks like you set the nginx config correctly, but can you please verify it is like this?

annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      grpc_set_header Host $host;

Other then that please give me the result of the call to external.domain/.well-known/openid-configuration

In its response you should see what gets forwarded to zitadel.

@samjaninf
Copy link
Author

The result of the call to: https://external.domain/.well-known/openid-configuration results in a Instance not found as well.
ID=QUERY-n0wng Message=Instance not found

These are the annotations from doing a kubectl describe ingress:
image

@fforootd
Copy link
Member

With what client are you testing? Curl or a browser?

@samjaninf
Copy link
Author

Both. I tried with curl and with my browsers. Opera, Vivaldi, Firefox. The gives me the same message as the browser.

@fforootd
Copy link
Member

Ok good to know because curl does not send the host headers 😁

Still I am not sure why its not working in your setup. Can you check the configmap created in the zitadel namespace that it actually includes the externaldomain

@fforootd
Copy link
Member

An additional thing you can do is check the nginx logs if they show what endpoint is being contacted as upstream.

@samjaninf
Copy link
Author

The configmap does have the ExternalDomain key and it is correct.
image

The logs from the ingress are:
loadbalancer.external.ip.address - - [27/Sep/2022:00:18:16 +0000] "GET /ui/console HTTP/2.0" 404 42 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 OPR/90.0.4480.100" 665 0.039 [namespace-container.name-8080] [] pod.IP.address:8080 51 0.040 404 d0fdb7792c6e69fd88401d5faca3b53e

@fforootd
Copy link
Member

fforootd commented Sep 27, 2022
edited

What happens if you access ZITADEL inside your cluster with curl while setting the proper host header?

I want to verify if the nginx or zitadel is broken 😁

An other thing you can try is to delete the whole helm chart and reapply it once more.
There might be a potential race condition with #4450

@fforootd fforootd mentioned this issue Oct 3, 2022
Open
4 tasks
@fforootd
Copy link
Member

Hi @samjaninf please reopen this issue if you have additional questions

@fcrbat fcrbat mentioned this issue Apr 5, 2023
Closed
2 tasks
@GVA-Guillaume
Copy link

Following your instructions : ID=QUERY-n0wng Message=Instance non trouvée

@unique-dominik unique-dominik mentioned this issue Jun 24, 2023
Closed
2 tasks
@c-thiel
Copy link

c-thiel commented Aug 6, 2023

If anyone else stumbles accross this, specifying WebAuthNName with the same name as the DefaultInstance Name (if not ZITADEL), solves this issue for me.

@fforootd
Copy link
Member

fforootd commented Aug 7, 2023

If anyone else stumbles accross this, specifying WebAuthNName with the same name as the DefaultInstance Name (if not ZITADEL), solves this issue for me.

Hm @livio-a does there exist a need for this, looks to me like a bug.

@guilhermewolf
Copy link

Any updates on this?
I was trying all the solutions described here and couldn't make it work with my setup (K3s + Nginx Ingress)

@fforootd
Copy link
Member

Any updates on this? I was trying all the solutions described here and couldn't make it work with my setup (K3s + Nginx Ingress)

Generally zitadel works well on k8s and nginx and I think it should too on k3s.

would you mind sharing your config?

@dev1983
Copy link

dev1983 commented Sep 22, 2023

any solution for this? please help in share the config

@fforootd
Copy link
Member

any solution for this? please help in share the config

Happy to assist, please share your config.

Btw. the best place to search/discuss this is our discord server

@dev1983
Copy link

dev1983 commented Sep 23, 2023
edited

any solution for this? please help in share the config

Happy to assist, please share your config.

Btw. the best place to search/discuss this is our discord server

Hello, I am using below configs.

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/docker-compose.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-config.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-secrets.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-init-steps.yaml

A single ZITADEL instance always needs the same 32 characters long masterkey
If you haven't done so already, you can generate a new one
For example:
export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"

Run the database and application containers
docker-compose up --detach

Biggest Problems: I am running it on a vm running on proxmox, when I access using localhost it's only accessible on that system only. When I set ExternalDomain: to IP of host then only I can see login page, In actual its trying to open login page but not able to.
When I tried multiple times then my host browser started giving error redirect_uri is http but not allowed contact administrator..... Not sure what's happening

Trying to Achieve:
I want to access this URL via proxy which can pass url to host IP where zzitadel is running.

@fforootd
Copy link
Member

fforootd commented Sep 25, 2023
edited

any solution for this? please help in share the config

Happy to assist, please share your config.
Btw. the best place to search/discuss this is our discord server

Hello, I am using below configs.

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/docker-compose.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-config.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-secrets.yaml

wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-init-steps.yaml

A single ZITADEL instance always needs the same 32 characters long masterkey If you haven't done so already, you can generate a new one For example: export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"

Run the database and application containers docker-compose up --detach

Biggest Problems: I am running it on a vm running on proxmox, when I access using localhost it's only accessible on that system only. When I set ExternalDomain: to IP of host then only I can see login page, In actual its trying to open login page but not able to. When I tried multiple times then my host browser started giving error redirect_uri is http but not allowed contact administrator..... Not sure what's happening

Trying to Achieve: I want to access this URL via proxy which can pass url to host IP where zzitadel is running.

You need to set the externaldomain parameter and the tls mode according to your setup.

So in your case the tlmode should be external since your proxy can provide https and the externaldomain should be set to the domain that terminates on the proxy.

You can find more about this here https://zitadel.com/docs/self-hosting/manage/custom-domain and here https://zitadel.com/docs/self-hosting/manage/tls_modes

@dev1983
Copy link

dev1983 commented Sep 30, 2023 via email

@fforootd
Copy link
Member

fforootd commented Oct 9, 2023

I your case I guess you need to set the externaldomain and externalport to whatever is facing the clients who access zitadel. I.e login.mydomain.com:443.

This assumes you terminate your external traffic on a proxy which then forwards it to zitadel.

I recommend that you join our chat at https://zitadel.com/chat to deal with this issue, or that we open a new issue/discussion to track this.

@Mailstorm-ctrl
Copy link

Just to tack on to this...using the provided default docker compose and config files does not solve this issue. Even when specifying the ExternalDomain variable. Thought I'd give Zitaldel a go but the initial setup just seems cumbersome.

No need to open a separate issue when the issue is the same for everyone it seems.

@dev1983
Copy link

dev1983 commented Oct 24, 2023 via email

@dev1983
Copy link

dev1983 commented Oct 27, 2023 via email

@hifabienne
Copy link
Member

We are working on a solution to make that process easier in the current sprint:
#5395

@cflgomes
Copy link

cflgomes commented Nov 2, 2023

We are working on a solution to make that process easier in the current sprint: #5395

Hi! the launch of my product will been very soon. I am thinking try zitadel although i use keycloak in other projects. I tried zitadel with nginx but always give me the message "not found". Unfortunately for lack of time i will give up of zitadel. I tried on my localhost and seems to be a great product, but fails when i want used for production. I dont need k8, and i only want one host configured to production. Continue the great work, but you loose many people because its very costly go to production.

@fforootd
Copy link
Member

fforootd commented Nov 2, 2023

We are working on a solution to make that process easier in the current sprint: #5395

Hi! the launch of my product will been very soon. I am thinking try zitadel although i use keycloak in other projects. I tried zitadel with nginx but always give me the message "not found". Unfortunately for lack of time i will give up of zitadel. I tried on my localhost and seems to be a great product, but fails when i want used for production. I dont need k8, and i only want one host configured to production. Continue the great work, but you loose many people because its very costly go to production.

Thanks for this input.

We agree that the whole "mapping" domains to make it work is not optimal and needs to be eased up for people who run just "one" zitadel.

Having that feature mostly plays an important role for our cloud service 😁

In nginx this usually fixes the issue:

        location / {
            grpc_pass grpc://localhost:8080;
            grpc_set_header Host $host;
        }

@dev1983
Copy link

dev1983 commented Nov 3, 2023 via email

@fforootd
Copy link
Member

fforootd commented Nov 6, 2023

Hello Thanks for your suggestion, but it’s not working. As my zita is on another host or behind the proxy. When I set proxy to pass to zita host it’s not accessible. Regards Dev

On Thu, 2 Nov 2023 at 12:53 PM, Florian Forster @.> wrote: We are working on a solution to make that process easier in the current sprint: #5395 <#5395> Hi! the launch of my product will been very soon. I am thinking try zitadel although i use keycloak in other projects. I tried zitadel with nginx but always give me the message "not found". Unfortunately for lack of time i will give up of zitadel. I tried on my localhost and seems to be a great product, but fails when i want used for production. I dont need k8, and i only want one host configured to production. Continue the great work, but you loose many people because its very costly go to production. Thanks for this input. We agree that the whole "mapping" domains to make it work is not optimal and needs to be eased up for people who run just "one" zitadel. Having that feature mostly plays an important role for our cloud service 😁 In nginx this usually fixes the issue: location / { grpc_pass grpc://localhost:8080; grpc_set_header Host $host; } — Reply to this email directly, view it on GitHub <#4452 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKX2CMBAOWITYZRMJCLM2ILYCP24VAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJRGQ2TENZQHE . You are receiving this because you commented.Message ID: @.>

Can you share your proxy config?

@muzammil1994
Copy link

muzammil1994 commented Nov 8, 2023
edited

Hello,

I have installed zitadel on EKS, using https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml, I get ID=QUERY-n0wng Message=Instance not found, I have tried externalSecure and externalDomain as suggested in the documentation, still getting the same error. I have created loadBalancer service type in EKS, when I hit LB url it gives me instance not found error, do anyone have a solution for it?.

I have also installed zitadel on ec2 with docker-compose given in the documentation, when I try to access the public IP of the instance with the port number, I get the above same error. Please help!

Thanks.

@dev1983
Copy link

dev1983 commented Nov 8, 2023 via email

@muzammil1994
Copy link

I also faced the same problem, it only works if you are on local host. But if instance is behind any lb or proxy it will not work. Will give all error which you faced. So you have to directly access it on your domain or ip of the host having zitadel A security flaw if exposing directly without a proxy Regards Dev

On Tue, 7 Nov 2023 at 9:53 PM, Muzammil @.> wrote: Hello, I have installed zitadel on EKS, using https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml, I get ID=QUERY-n0wng Message=Instance not found, I have tried externalSecure and externalDomain as suggested in the documentation, still getting the same error. I have created loadBalancer service type in EKS, when I hit LB url it give me instance not found error, do anyone have the solution for it?. Thanks. — Reply to this email directly, view it on GitHub <#4452 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKX2CMAOZE2J22GBHLSR2QTYDMM4DAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRGEZTOMJVG4 . You are receiving this because you commented.Message ID: @.>

Thanks for your reply.

I can understand for EKS, but for EC2, I am trying to access zitadel directly through public IP of the EC2 instance, but still getting the instance not found error, any pointers on this?

Thanks.

@fforootd
Copy link
Member

fforootd commented Nov 8, 2023

I also faced the same problem, it only works if you are on local host. But if instance is behind any lb or proxy it will not work. Will give all error which you faced. So you have to directly access it on your domain or ip of the host having zitadel A security flaw if exposing directly without a proxy Regards Dev

On Tue, 7 Nov 2023 at 9:53 PM, Muzammil @.> wrote: Hello, I have installed zitadel on EKS, using https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml, I get ID=QUERY-n0wng Message=Instance not found, I have tried externalSecure and externalDomain as suggested in the documentation, still getting the same error. I have created loadBalancer service type in EKS, when I hit LB url it give me instance not found error, do anyone have the solution for it?. Thanks. — Reply to this email directly, view it on GitHub <#4452 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKX2CMAOZE2J22GBHLSR2QTYDMM4DAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRGEZTOMJVG4 . You are receiving this because you commented.Message ID: _@**.**_>

Thanks for your reply.

I can understand for EKS, but for EC2, I am trying to access zitadel directly through public IP of the EC2 instance, but still getting the instance not found error, any pointers on this?

Thanks.

Have you tried setting the "externaldomain" config of zitadel to your IP?

@muzammil1994
Copy link

I also faced the same problem, it only works if you are on local host. But if instance is behind any lb or proxy it will not work. Will give all error which you faced. So you have to directly access it on your domain or ip of the host having zitadel A security flaw if exposing directly without a proxy Regards Dev

On Tue, 7 Nov 2023 at 9:53 PM, Muzammil @.> wrote: Hello, I have installed zitadel on EKS, using https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml, I get ID=QUERY-n0wng Message=Instance not found, I have tried externalSecure and externalDomain as suggested in the documentation, still getting the same error. I have created loadBalancer service type in EKS, when I hit LB url it give me instance not found error, do anyone have the solution for it?. Thanks. — Reply to this email directly, view it on GitHub <#4452 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKX2CMAOZE2J22GBHLSR2QTYDMM4DAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRGEZTOMJVG4 . You are receiving this because you commented.Message ID: _@**.**_>

Thanks for your reply.
I can understand for EKS, but for EC2, I am trying to access zitadel directly through public IP of the EC2 instance, but still getting the instance not found error, any pointers on this?
Thanks.

Have you tried setting the "externaldomain" config of zitadel to your IP?

So below is the docker-compose.yaml I used
"""
version: '3.8'

services:
zitadel:
restart: 'always'
networks:
- 'zitadel'
image: 'ghcr.io/zitadel/zitadel:latest'
command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode external'
environment:
- 'ZITADEL_DATABASE_COCKROACH_HOST=crdb'
- 'ZITADEL_EXTERNALSECURE=true'
- 'ZITADEL_EXTERNALDOMAIN=x.x.x.x'
depends_on:
crdb:
condition: 'service_healthy'
ports:
- '8080:8080'

crdb:
restart: 'always'
networks:
- 'zitadel'
image: 'cockroachdb/cockroach:latest'
command: 'start-single-node --insecure'
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
interval: '10s'
timeout: '30s'
retries: 5
start_period: '20s'
ports:
- '9090:8080'
- '26257:26257'

networks:
zitadel:

"""

So now when I hit the host IP, I am able to access zitadel but not completely, I have attached the screenshot for reference.

Zitadel

@fforootd
Copy link
Member

fforootd commented Nov 8, 2023

If you set "externalsecure" to false and "--tlsmode disabled" it should work

@groovenarula
Copy link

groovenarula commented Mar 25, 2024
edited

I tried the above configuration (in docker compose) and here are my findings :

  1. Following @fforootd approach works and I am able to get to the login page. I tried it without any reverse proxy (no nginx, traefik etc).
  2. What does not work if I try to using any custom external port - aka I tried to set ZITADEL_EXTERNAL_PORT=9080 and that did not work, I got the redirect_uri error reported earlier.
  3. It does not work even if I tried to set the ZITADEL_PORT=9080.

I had another service running on 8080 and I had to change it's external port # to something other than 8080 and then I was able to bring up Zitadel's console login page.

I believe this is a bug - if the option is there to listen on custom port and be able to use docker to redirect ports - it should work - I think the code is expecting everything to be configured for 8080. That is not how other services I have deployed work.

@fforootd
Copy link
Member

Following @fforootd approach works and I am able to get to the login page. I tried it without any reverse proxy (no nginx, traefik etc).

That is great to hear 🚀

What does not work if I try to using any custom external port - aka I tried to set ZITADEL_EXTERNAL_PORT=9080 and that did not work, I got the redirect_uri error reported earlier.
It does not work even if I tried to set the ZITADEL_PORT=9080.

Hm this is weird though, what was the redirect uri like when you set this?
Did you restart Zitadel?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fforootd fforootd

Labels
bug Something isn't working
Projects
No open projects
Kanban
Archived in project
Milestone
No milestone
Development

No branches or pull requests