- 1 Post
- 29 Comments
I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?
I’m also looking for something. I just tried netdata but looks like there is a 5 node limit now? I’m green on netdata but seems like a lot of people are mad about it lol. I’ll give beszel a try but doesn’t look like it does logs? Any thoughts on Foss options for system logs and alerting as well?
51·2 months agoFrom what i know about netbird(which is not a lot). Buy its a beast to setup. I could never even get their standard docker compose file to work.
That being said I’m rocking headscale and love it, super easy to setup and tons of documentation. I’ll need to give netbird a other try when I get time though.
Yeah I would say so. You still having issues?
Did you go here and look at the supported codecs for encoding and decoding?
Ah OK what GPU are you using? are you using the integrated graphics of your CPU?
This is most likely because of encoding. Did you change any settings in jellyfin for hardware acceleration? Have you passed theough your GPU? You will need to find out what codecs your GPU supports and enable those in the jellyfin hardware encoding spot.
I run jellyfin on an LXC, so first get jellyfin installed personally I would separate jellyfin and your other docker containers, I have a separate VM for my podman containers. I need jellyfin up 100% of the time so that’s why its separate.
Work on the first problem, getting jellydin installed I wouldn’t use docker, just follow the steps for installing it on Ubuntu directly.
Second, to get the unprivileged lxc to work with your nas share follow this forum post: https://forum.proxmox.com/threads/tutorial-unprivileged-lxcs-mount-cifs-shares.101795/
Thirdly, read through the jellyfin docs for hardware acceleration. Its always best practice to not just run scripts blindly on your machine.
Lastly take a break if you can’t figure it out, when I’m stuck I always need to take a day and just think stuff over and I usually figure out why its not working by just doing that.
If you need any help let me know!
I’m going down this rabbit hole right now and porting all my docker containers to quadlets on rocky Linux 10 as well. Haven’t done arr stack yet but everything else has been a pretty smooth transition.
Don’t give up its worth it to be able to run rootless!
Proxmox does say docker isn’t officially supported in LXC. That being said I’m running 10 docker containers with no issues on an LXC. I have recently had some weird database not connecting issues and other strange new docker containers not working in an LXC for some reason. If you can I would try the same setup but in a VM and see what happens.
I recently was trying to get authentik setup via docker and it just wouldn’t work. I gave up and spun up a VM, ran the same docker compose file and it worked right away.
Hopefully this helps?
Sorry I’d this has been answered but are you running this in docker on a VM or LXC?
I’ve just setup headscale in docker and it worked right away. It’s even faster than when I was using tailscale. It was very easy to setup and I’ve been using it for about a month with no issues. Doesn’t really help but I haven’t used gluetun myself.
I’m using sunshine on my main Linux gaming rig with my own head scale instance running and use moonlight on my client PC and its very nice and smooth. I use it to access my main LAN gaming rig from another remote network. Not sure if that’s your use case but I’ve also used sunshine and moonlight within my lan so I can remotely play on my bedroom TV.
I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, https://zitadel.com/docs/self-hosting/deploy/compose
This is what shows:
[+] Running 3/3 ✔ Network root_zitadel Created 0.0s ✘ Container root-db-1 Error 60.8s ✔ Container root-zitadel-1 Created 0.0s dependency failed to start: container root-db-1 is unhealthydocker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…
I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused" time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70" time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
Here is the compose file I’m using:
services: postgresql: image: postgres:16-alpine container_name: postgresql restart: unless-stopped networks: - authentik healthcheck: test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ./database:/var/lib/postgresql/data ports: - 5432:5432 environment: POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert POSTGRES_USER: postgres POSTGRES_DB: authentik redis: image: redis:alpine container_name: redis command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ./redis:/data networks: - authentik server: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-server restart: unless-stopped command: server environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert volumes: - ./media:/media - ./custom-templates:/templates ports: - 9000:9000 - 9443:9443 networks: - authentik depends_on: postgresql: condition: service_healthy redis: condition: service_healthy worker: image: ghcr.io/goauthentik/server:2025.6.4 container_name: authentik-worker restart: unless-stopped command: worker networks: - authentik environment: AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: postgres AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates depends_on: postgresql: condition: service_healthy redis: condition: service_healthy networks: authentik:
Here are the logs when starting up Authentik docker compose:
authentik-worker | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947} authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": authentik-server | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"} authentik-server | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"} authentik-server | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"} authentik-server | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6} authentik-server | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268} authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":
time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75” time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to
user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused” time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”When I run docker compose up it’s initializes all the containers and then the zdb container fails to load and I get the error messages above. I can’t seem to paste my docker compose file or environment files since it formats the code very weirdly and makes it hard to read.
Yeah I’ll grab some logs and post my files tonight when I get time :)
I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result. For reference I’m using Ubuntu server so maybe I’ll try a different distro…
Ok looks like I figured it out, turns out Netbird doesn’t like wildcard certificates, I spun up a quick NPM reverse proxy in docker and everything is now working fine using a certificate for netbird.mydomain.com instead of a wildcard cert like *.mydomain.com