Vaungo•2mo ago

v2 login not found on fresh install (v4-rc.2)

On a fresh install of v4-rc.2 (using Docker) running on my local machine for testing, I always get the error {"code":5,"message":"Not Found"}, I presume this is the new v2 UI. Is one of my options misconfigured? I initially started testing the latest stable release, but wanted to check out the new login form and to be able to build my own in the future. Do I need to run a reverse proxy for /ui/v2/login running with the zitadel/typescript repo? Here is my docker compose file, based on the original provided docker compose mentioned in the docs.

services:
  zitadel:
    restart: always
    image: 'ghcr.io/zitadel/zitadel:v4.0.0-rc.2'
    command: 'start-from-init --masterkey "xxx" --tlsMode disabled'
    environment:
      ZITADEL_DATABASE_POSTGRES_HOST: host.docker.internal
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: 'xxx'
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: 'xxx'
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALSECURE: false
    ports:
      - '8080:8080'

services:
  zitadel:
    restart: always
    image: 'ghcr.io/zitadel/zitadel:v4.0.0-rc.2'
    command: 'start-from-init --masterkey "xxx" --tlsMode disabled'
    environment:
      ZITADEL_DATABASE_POSTGRES_HOST: host.docker.internal
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: 'xxx'
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: 'xxx'
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALSECURE: false
    ports:
      - '8080:8080'

41 Replies

Rajat Singh•2mo ago

hey @Vaungo welcome and good morning, yes its failing for me too, I will check with my team. Please run any othet older versions if its a fresh deployment(only for testing)

Gigi the Giraffe (Zitadel)•2mo ago

🎉 Looks like you just helped out another community member! Thanks for being so helpful <@403882453653127168>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀

Light•2mo ago

+1, happening for me too with all v4 release candidates

Rajat•2mo ago

hey @Light I have raised this internally, I will get back to you all soon 🙂

Light•2mo ago

@Vaungo @Ben did you find a solution to this? I am still experiencing this, even on v4-rc3 :/

Rajat•2mo ago

hey @Light yes for me to, v4-rc3 is broken and identfied already, i fix is on the way

Light•2mo ago

Awesome!

Ozzzkar•2mo ago

sounds like that issue may be because you have the wrong path set for the v2 login or that v2 isn't exposed on the right path

Rajat•2mo ago

hey @Ozzzkar what was the path you set for the V2 login

Ozzzkar•2mo ago

When I first installed Zitadel, login V2 was working. But then after I pressed a button to reset some settings in the web console, login V2 stopped working and instead login V1 showed up. Then I had to configure the login V2 base URL manually in the setting and then it started working again after setting it to this https://my-zitadel-domain.example.com/ui/v2/login It sounds to me like OP's issue is that the traffic going to the V2 URL doesn't end up at the V2 container but rather at the V1 container Which is the same container as the other Zitadel components are running in

Rajat•2mo ago

hey @Ozzzkar can you pls share your doker file?

Ozzzkar•2mo ago

You mean values.yaml for the Helm chart? I installed using Kubernetes + Helm

Rajat•2mo ago

can I see your values.yaml for the helm chart, just curous to see the setup 😄

Ozzzkar•2mo ago

i'm using the latest version of your helm chart https://github.com/zitadel/zitadel-charts/tree/zitadel-9.0.0-rc.2/charts/zitadel and my values are roughly these:

zitadel:
  image:
    tag: v4.0.0
  zitadel:
    configmapConfig:
      Log:
        Level: info
        Formatter:
          Format: json
      LogStore:
        Access:
          Stdout:
            Enabled: true
    masterkeySecretName: zitadel
    configSecretName: zitadel
  ingress:
    enabled: true
    className: alb
    annotations:
      alb.ingress.kubernetes.io/healthcheck-path: /healthz
      alb.ingress.kubernetes.io/group.order: '10' # the login ingress below gets order 0 which is higher priority
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        [..]
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: topology.kubernetes.io/zone
      [..]
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      [..]
  login:
    image:
      tag: v4.0.0
    ingress:
      enabled: true
      className: alb
      annotations:
        alb.ingress.kubernetes.io/healthcheck-path: /ui/v2/login
    affinity:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          [..]
    topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: topology.kubernetes.io/zone
        [..]
      - maxSkew: 1
        topologyKey: kubernetes.io/hostname
        [..]

zitadel:
  image:
    tag: v4.0.0
  zitadel:
    configmapConfig:
      Log:
        Level: info
        Formatter:
          Format: json
      LogStore:
        Access:
          Stdout:
            Enabled: true
    masterkeySecretName: zitadel
    configSecretName: zitadel
  ingress:
    enabled: true
    className: alb
    annotations:
      alb.ingress.kubernetes.io/healthcheck-path: /healthz
      alb.ingress.kubernetes.io/group.order: '10' # the login ingress below gets order 0 which is higher priority
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        [..]
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: topology.kubernetes.io/zone
      [..]
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      [..]
  login:
    image:
      tag: v4.0.0
    ingress:
      enabled: true
      className: alb
      annotations:
        alb.ingress.kubernetes.io/healthcheck-path: /ui/v2/login
    affinity:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          [..]
    topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: topology.kubernetes.io/zone
        [..]
      - maxSkew: 1
        topologyKey: kubernetes.io/hostname
        [..]

Rajat•2mo ago

hey @Ozzzkar after discussing with my colluages I think you were correct about actions v1, but its not an issue but a known limitation that won't be fixed since Actions v1 are being replaced by Actions v2

borales•2mo ago

same for me with the released 4.0.0 (with postgresql 17) docker logs don't tell much, everything looks fine:

zitadel  | time="2025-08-01T16:02:11Z" level=info msg="server is listening on [::]:8080" caller="/home/runner/work/zitadel/zitadel/cmd/start/start.go:677"

when I try to navigate to http://localhost:8080/ui/console -> I get a redirect to /ui/v2/login/login?authRequest=V2_... with

{
  code: 5,
  message: "Not Found"
}

{
  code: 5,
  message: "Not Found"
}

it's a fresh installation

Light•2mo ago

I find it hard to believe that the Zitadel devs wouldn't run into the same issue themselves. So it must be a simple misconfiguration from our side? 🤔

Ozzzkar•2mo ago

have you enabled the ingress for zitadel-login? (this is the kubernetes resource name for login v2)

borales•2mo ago

I am trying to run this locally with docker (compose), no k8s for now I want to keep it as simple as possible for initial research of the product, but I'm having hard time even running it I copied all the configs from https://zitadel.com/docs/self-hosting/deploy/compose 1:1 somehow it started, so I was able to create an org and project inside. then I restarted the docker - everything broke down, traefik throws up with a bunch of errors:

2025-08-02T08:04:33Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:51399: remote error: tls: bad certificate
2025-08-02T08:04:33Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:288 > Serving default certificate for request: "api.segment.io"
2025-08-02T08:04:33Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:39859: remote error: tls: bad certificate
2025-08-02T08:04:34Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:288 > Serving default certificate for request: "api.segment.io"
2025-08-02T08:04:34Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:34412: remote error: tls: bad certificate

2025-08-02T08:04:33Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:51399: remote error: tls: bad certificate
2025-08-02T08:04:33Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:288 > Serving default certificate for request: "api.segment.io"
2025-08-02T08:04:33Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:39859: remote error: tls: bad certificate
2025-08-02T08:04:34Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:288 > Serving default certificate for request: "api.segment.io"
2025-08-02T08:04:34Z DBG log/log.go:245 > http: TLS handshake error from 192.168.65.1:34412: remote error: tls: bad certificate

login and zitadel show no changes in the logs. the whole setup is so fragile. the moment I try remove traefik from the setup - zitadel starts loosing db creds or something else. is the general suggestion to stick with v3 or what?

Han•2mo ago

is there any solution?

borales•2mo ago

https://github.com/zitadel/zitadel/issues/10379 I made a ticket I didn't see any similar tickets there, as they try to reroute everyone to discord

Mustafa•2mo ago

How can it be that you know this issue, have not fixed it and still released 4.0.0 as a stable release? There is a workaround to do the setup with v3 and then upgrade to v4 but still…

Ozzzkar•2mo ago

the path is part of the docker compose file so that looks right

    labels:
      - "traefik.http.routers.login.rule=PathPrefix(`/ui/v2/login`)"

    labels:
      - "traefik.http.routers.login.rule=PathPrefix(`/ui/v2/login`)"

I wonder if running docker compose up -d would make any difference. Maybe something got stale when Docker restarted

Rajat•2mo ago

hey guys @Ozzzkar @borales @Vaungo the issue to this error of npot found was very simple actually, I only got the response from my engineers just now. can you try it with all files in a clean directory and with fresh data? docker compose down -v mkdir /tmp/clean cd /tmp/clean and then try running all the wget/docker commands form here https://zitadel.com/docs/self-hosting/deploy/compose docker thinks it should mount not yet existing directories (not files) and it creates the directories. This breaks future attempts of docker compose up. That is why you kept on getting this error

borales•2mo ago

@Rajat thanks, it let me in. Although when I add a JWT key for my API app - they are not saved (the list of keys remains empty). I attached a few log lines from zitadel. Any idea what could be wrong?

Zitedel_logs

borales•2mo ago

traefik-1        | 2025-08-04T20:34:02Z DBG github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:121 > 504 Gateway Timeout error="dial tcp 172.21.0.3:3000: i/o timeout"
traefik-1        | 192.168.65.1 - - [04/Aug/2025:20:33:32 +0000] "GET /ui/v2/login/login?authRequest=V2_331926501475745794 HTTP/2.0" 504 15 "-" "-" 1948 "login@docker" "http://172.21.0.3:3000" 30010ms

traefik-1        | 2025-08-04T20:34:02Z DBG github.com/traefik/traefik/v3/pkg/proxy/httputil/proxy.go:121 > 504 Gateway Timeout error="dial tcp 172.21.0.3:3000: i/o timeout"
traefik-1        | 192.168.65.1 - - [04/Aug/2025:20:33:32 +0000] "GET /ui/v2/login/login?authRequest=V2_331926501475745794 HTTP/2.0" 504 15 "-" "-" 1948 "login@docker" "http://172.21.0.3:3000" 30010ms

still something's wrong even without using jwt and only code - I get gatewate timeouts

D0gma_•2mo ago

I just ran into the exact same issue on a fresh v4.0.0 installation directly on Linux (no docker). I thought I was getting insane, it is quite annoying

Light•2mo ago

Hi @Rajat any updates on the fix?

Rajat•2mo ago

hey @Light pls share your docker file

Light•2mo ago

Of course @Rajat , here is my docker compose and the env we use for zitadel:

# Based on https://zitadel.com/docs/self-hosting/manage/configure

# Postgres configuration
ZITADEL_DATABASE_POSTGRES_HOST=postgres
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=xyz

# Zitadel configuration
ZITADEL_EXTERNALPORT=8080
ZITADEL_EXTERNALSECURE=false
ZITADEL_MASTERKEY=xyz
ZITADEL_TLS_ENABLED=false

# Zitadel human service account
ZITADEL_FIRSTINSTANCE_ORG_NAME=service
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME=admin@test.com
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD="6sH]Ez?4kH%1"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED=false

# Zitadel machine terraform account
ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH="/machinekey/zitadel-admin-sa.json"
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE=1

# Based on https://zitadel.com/docs/self-hosting/manage/configure

# Postgres configuration
ZITADEL_DATABASE_POSTGRES_HOST=postgres
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=xyz

# Zitadel configuration
ZITADEL_EXTERNALPORT=8080
ZITADEL_EXTERNALSECURE=false
ZITADEL_MASTERKEY=xyz
ZITADEL_TLS_ENABLED=false

# Zitadel human service account
ZITADEL_FIRSTINSTANCE_ORG_NAME=service
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME=admin@test.com
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD="6sH]Ez?4kH%1"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED=false

# Zitadel machine terraform account
ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH="/machinekey/zitadel-admin-sa.json"
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE=1

zitadel-compose.yml

Rajat•2mo ago

hey @Light it's fixed on rc4 and on latest , can you pls try, I just checked with my engineers

Light•2mo ago

Yess I will test it right now :)

Rajat•2mo ago

works!

Rajat•2mo ago

https://localhost/ui/console?login_hint=zitadel-admin@zitadel.localhost try this link ^^ once your containers are running

Light•2mo ago

@Rajat I just wiped everything (images, volumes, etc.) and started it up again. Unfortunately I run into the same "Not found" error again. I can't use your URL as my traefik does the routing to zitadel. Could you maybe send me your compose and env so I can compare and see if I have sth missing?

Rajat•2mo ago

mkdir /tmp/clean cd /tmp/clean and then the commands from the docs again

# Download the docker compose example configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml

# Download and adjust the example configuration file containing standard configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-config.yaml

# Download and adjust the example configuration file containing secret configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-secrets.yaml

# Download and adjust the example configuration file containing database initialization configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-init-steps.yaml

# Make sure you have the latest version of the images
docker compose pull

# Run the containers
docker compose up

# Download the docker compose example configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml

# Download and adjust the example configuration file containing standard configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-config.yaml

# Download and adjust the example configuration file containing secret configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-secrets.yaml

# Download and adjust the example configuration file containing database initialization configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/example-zitadel-init-steps.yaml

# Make sure you have the latest version of the images
docker compose pull

# Run the containers
docker compose up

Larzous•2mo ago

Not found is v2 missing. That’s what I get if o boot v4 on sec hosted without a v2 login

Rajat•2mo ago

hey @Light yes sure just do, remove all the running containers first, make sure you have /tmp/clean and then get inside the directory

docker compose down -v
mkdir /tmp/clean
cd /tmp/clean

docker compose down -v
mkdir /tmp/clean
cd /tmp/clean

every other file gets downladed via the command,the same files are also listed here you may need to change/adjust your traefik labels

Larzous•2mo ago

OK .. maybe this is the issue with me -- i've done so many docker compose up --force-redeploy my head is spinning.

Alexmge•2mo ago

Hey, have you found a way to make it work ? I am having this exact issue and its driving me insane.

Rajat•2mo ago

hey @Alexmge welcome to the server pls go ahead and open a new question on the thread with your exact use case and I will take a look in it

v2 login not found on fresh install (v4-rc.2)

Did you find this page helpful?