Light
Light•2mo ago

4.0.0-rc.2 - V2 Login Issues

I am running Zitadel as a Docker container and it runs nicely. However for some reason the Login V2 never works for me, even on a fresh setup. I always run into "status_code: 5, Not found". Version 3.3.1 on the other hand works flawlessly for me, which still uses v1. If I enable v2 for an app in 3.3.1 I run into the same issue as I do no with 4.0.0.-rc.2. Am I missing some crucial configuration somewhere? Here is my minimal zitadel service: 
  zitadel:
    image: "ghcr.io/zitadel/zitadel:v3.3.1"
    # image: "ghcr.io/zitadel/zitadel:v4.0.0-rc.2"
    restart: "always"
    env_file:
      - ./zitadel/.env
    environment:
      - ZITADEL_EXTERNALDOMAIN=${TENANT_HOSTNAME_PREFIX}-auth.${DOMAIN_NAME}
    command: "start-from-init --masterkeyFromEnv"
  zitadel:
    image: "ghcr.io/zitadel/zitadel:v3.3.1"
    # image: "ghcr.io/zitadel/zitadel:v4.0.0-rc.2"
    restart: "always"
    env_file:
      - ./zitadel/.env
    environment:
      - ZITADEL_EXTERNALDOMAIN=${TENANT_HOSTNAME_PREFIX}-auth.${DOMAIN_NAME}
    command: "start-from-init --masterkeyFromEnv"
Here is my .env: 
# Based on https://zitadel.com/docs/self-hosting/manage/configure

# Postgres configuration
ZITADEL_DATABASE_POSTGRES_HOST=postgres
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=xyz

# Zitadel configuration
ZITADEL_EXTERNALPORT=8080
ZITADEL_EXTERNALSECURE=true
ZITADEL_MASTERKEY=xyz
ZITADEL_TLS_ENABLED=false

# Zitadel human service account
ZITADEL_FIRSTINSTANCE_ORG_NAME=localmind
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME=root
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD=xyz
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED=false
# Based on https://zitadel.com/docs/self-hosting/manage/configure

# Postgres configuration
ZITADEL_DATABASE_POSTGRES_HOST=postgres
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=xyz

# Zitadel configuration
ZITADEL_EXTERNALPORT=8080
ZITADEL_EXTERNALSECURE=true
ZITADEL_MASTERKEY=xyz
ZITADEL_TLS_ENABLED=false

# Zitadel human service account
ZITADEL_FIRSTINSTANCE_ORG_NAME=localmind
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME=root
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD=xyz
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED=false
Any help is appreciated :)
8 Replies
Rajat
Rajat•2mo ago
hey @Light thanks for the question, I will look into it and will get back.
Light
LightOP•2mo ago
Thank you @Rajat !
Rajat
Rajat•2mo ago
hi @Light few suggestions/questions. Can you please try 
ZITADEL_EXTERNALDOMAIN=https://${TENANT_HOSTNAME_PREFIX}-auth.${DOMAIN_NAME}
ZITADEL_EXTERNALDOMAIN=https://${TENANT_HOSTNAME_PREFIX}-auth.${DOMAIN_NAME}
or else I am assuming that your TENANT_HOSTNAME_PREFIX already has https:// prefixed?. The "Not found" (status 5) occurs because authentication redirects fail when the generated URLs are invalid. also, can you share your screenshot?. Do you see any relevant error messages or logs in the Zitadel container when the error occurs?. Are you using any reverse proxy( Highly doubt but asking just in case 😄 ) also, which document did you followed to setup the rc4? Please link that too. Thanks
Light
LightOP•2mo ago
Hi @Rajat, I just tried adding http:// (we currently don't use https in our test setup) and that now allowed me to run v4.0.0 and login! However it still uses the v1 login. If I enable the v2 login for my OICD app I see the following Not found error in my browser (see screenshots). We do use a reverse proxy as we have a microservice setup. Essentially we have different domains for different services one of them being dev-auth.localhost in our current test setup which redirects to zitadel. However it is worth nothing that this login issue happened also before we used a reverse proxy. I also honestly didn't really use any specific documentation for rc4. I followed the existing docs you guys have :) I suspect that I forgot an .env variable somewhere or that sth else is misconfigured. Do you have any docs that might help?
No description
No description
Rajat
Rajat•2mo ago
we have a troubleshoot page that lists out common issues https://zitadel.com/docs/support/troubleshooting#disable-the-permission-check also, maybe I am wrong(self hosted are always tricky 😄 so an open discussion) but we have these standard config https://zitadel.com/docs/self-hosting/manage/custom-domain#standard-config ZITADEL_EXTERNALSECURE=true but because you are not using HTTPS, pls set ZITADEL_EXTERNALSECURE=false and restart everything. Also, if this doesn't gets resolved, then probably it could be a bug, I will also check it with my engineers internally.
Light
LightOP•2mo ago
Oh I see. I looked through these pages already and sadly didn't anything that was related. I also have ZITADEL_EXTENERALSECURE=false, I sent an old config of mine earlier where I hadn't yet changed that flag. Maybe it's a bug, but I think others would have raised a Github Issue already if that would be the case. But yeah, maybe it gets resolved with the full 4.0.0 release. We can use the v1 login for now, that's fine too.
Rajat
Rajat•2mo ago
sure, please do that, I will check with my engineer internally and get back to you,
Light
LightOP•2mo ago
Thanks a lot!

Did you find this page helpful?