@Tinkerer

Tinkerer@lemmy.ca · edit-2 7 days ago

Proxmox does say docker isn’t officially supported in LXC. That being said I’m running 10 docker containers with no issues on an LXC. I have recently had some weird database not connecting issues and other strange new docker containers not working in an LXC for some reason. If you can I would try the same setup but in a VM and see what happens.

I recently was trying to get authentik setup via docker and it just wouldn’t work. I gave up and spun up a VM, ran the same docker compose file and it worked right away.

Hopefully this helps?

Tinkerer@lemmy.ca · 7 days ago

Sorry I’d this has been answered but are you running this in docker on a VM or LXC?

Tinkerer@lemmy.ca · 1 month ago

I’ve just setup headscale in docker and it worked right away. It’s even faster than when I was using tailscale. It was very easy to setup and I’ve been using it for about a month with no issues. Doesn’t really help but I haven’t used gluetun myself.

Tinkerer@lemmy.ca · 1 month ago

I’m using sunshine on my main Linux gaming rig with my own head scale instance running and use moonlight on my client PC and its very nice and smooth. I use it to access my main LAN gaming rig from another remote network. Not sure if that’s your use case but I’ve also used sunshine and moonlight within my lan so I can remotely play on my bedroom TV.

Tinkerer@lemmy.ca · 2 months ago

I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, https://zitadel.com/docs/self-hosting/deploy/compose

This is what shows:

[+] Running 3/3
 ✔ Network root_zitadel      Created                                                                                                         0.0s 
 ✘ Container root-db-1       Error                                                                                                          60.8s 
 ✔ Container root-zitadel-1  Created                                                                                                         0.0s 
dependency failed to start: container root-db-1 is unhealthy

docker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…

I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:

time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"

Tinkerer@lemmy.ca · 2 months ago

Here is the compose file I’m using:

services:
  postgresql:
    image: postgres:16-alpine
    container_name: postgresql
    restart: unless-stopped
    networks:
      - authentik
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - ./database:/var/lib/postgresql/data
    ports:
      - 5432:5432
    environment:
      POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
      POSTGRES_USER: postgres
      POSTGRES_DB: authentik
  redis:
    image: redis:alpine
    container_name: redis
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - ./redis:/data
    networks:
      - authentik
  server:
    image: ghcr.io/goauthentik/server:2025.6.4
    container_name: authentik-server
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: postgres
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    ports:
      - 9000:9000
      - 9443:9443
    networks:
      - authentik
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy
  worker:
    image: ghcr.io/goauthentik/server:2025.6.4
    container_name: authentik-worker
    restart: unless-stopped
    command: worker
    networks:
      - authentik
    environment:
      AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: postgres
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy
networks:
  authentik:

Tinkerer@lemmy.ca · 2 months ago

Here are the logs when starting up Authentik docker compose:

authentik-worker  | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139}
authentik-worker  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947}
authentik-worker  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": 
authentik-server  | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"}
authentik-server  | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"}
authentik-server  | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"}
authentik-server  | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
authentik-server  | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"}
authentik-server  | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
authentik-server  | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"}
authentik-server  | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6}
authentik-server  | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862}
authentik-server  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268}
authentik-server  | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":

Tinkerer@lemmy.ca · edit-2 2 months ago

time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75” time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused” time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”

When I run docker compose up it’s initializes all the containers and then the zdb container fails to load and I get the error messages above. I can’t seem to paste my docker compose file or environment files since it formats the code very weirdly and makes it hard to read.

Tinkerer@lemmy.ca · 2 months ago

Yeah I’ll grab some logs and post my files tonight when I get time :)

Tinkerer@lemmy.ca · edit-2 2 months ago

I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result. For reference I’m using Ubuntu server so maybe I’ll try a different distro…

Tinkerer@lemmy.ca · 2 months ago

Ah thanks for that info I’ll definitely take a look

Tinkerer@lemmy.ca · 2 months ago

Can I ask how you have this setup? Do you also have a reverse proxy setup or just WG on your router and everything gets routed via your router?

Tinkerer@lemmy.ca · 2 months ago

I used wireguard self hosted for a bit but my work network is pretty locked down and I couldn’t find a UDP port that wasn’t blocked. How are you guys setting up wireguard in your home network? Or is it better to host it on a cloud VM?

I’m using tailscale right now because it punches through every firewall but I don’t like using external providers and I’m worried it will eventually enshittify. I have a cloudflare domain but I can’t really use any UDP port for my VPN as it’s blocked.

Tinkerer@lemmy.ca · 5 months ago

I’m self hosting audiobookshelf with tailscale. Also use home assistant with music assistant to play my podcasts on all my home speakers as well.

Tinkerer@lemmy.ca · 7 months ago

This the main reason I switched from traefik, I can have certificates on all my internal stuff and not just on my docker host. I personally love NPM but maybe I’ll give NPMPlus a try, I have never heard of it.

Tinkerer@lemmy.ca · 9 months ago

This, my ssd randomly disappeared on my proxmox server January 1st so I had to start from scratch. Didn’t have any docker compose backups or lxc backups… I suppose this time I can do everything right now lol

Tinkerer@lemmy.ca · 9 months ago

I know the desktop, and mobile apps work without https, however I can’t remember if you can set it up via those apps?

I ran vaultwarden for a couple of years without q certificate, I just couldn’t log into my instance via the browser.

Tinkerer@lemmy.ca · 9 months ago

Start off small, get an old PC that has an i5or better that’s got vt-d support. start off with 8gb of RAM or more. Then throw proxmox on it and you are off to the races. It will save you a lot of money since you can run multiple virtual machines or lxc containers. This is how I started out, my proxmox host now has 26gb of RAM and its running very smoothly . i like opnsense as a router and firewall but its a little advanced but amazing, also get an access point and a switch and you can start building your network. You could also even run opnsense in a VM but that gets a little confusing but its an option.

Tinkerer@lemmy.ca · 9 months ago

I’m running cloudflare and NPM, I did a DNS challenge to get my wildcard cert, then put in access lists so for my internal hosts only private IP address subnet can access them. I have my OPNsense firewall also redirect any of those internal hosts request back to my NPM host. I have everything internal with a valid https cert.