Self hosted Zitadel v4.2.2 hangs after initial successful login
Use-case: I'm setting up v4 Zitadel from scratch.
Environment: I have a self hosted version running on a VPS.
Version: v4.2.2 (Postgres 17.6)
Stack: Debian 12, Docker, Traefik
What you expected to happen: After successful login the console is displayed.
What went wrong: No idea.
Attachments:
1) Screenshot of screen that is displayed after successful login.
2) My Docker Compose files and Zitadel config files (IMPORTANT NOTE: In the Zitadel configs I'm using secrets, these are handled in a pre-process container. This works as intended.) >>> The updated config has been added in a following message!!
Additional information:
I can access the different health endpoints:
grpcurl api.auth.xxx.com:443 zitadel.admin.v1.AdminService/Healthz
curl https://api.auth.xxx.com/admin/v1/healthz
curl https://api.auth.xxx.com/debug/healthz
7 Replies
Hi @nidkil, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Configure ZITADEL with Traefik :
Shows step-by-step how to run ZITADEL behind Traefik using Docker Compose, including TLS, health checks, and recommended login URLs for verifying full system health. 2. [Bug]: Zitadel v4 in docker compose :
Describes user reports of similar issues after a fresh v4 install with Docker and Traefik, and suggests workarounds like starting with a clean directory and removing old volumes. Feel free to tag @Ask Inkeep with additional questions.
Shows step-by-step how to run ZITADEL behind Traefik using Docker Compose, including TLS, health checks, and recommended login URLs for verifying full system health. 2. [Bug]: Zitadel v4 in docker compose :
Describes user reports of similar issues after a fresh v4 install with Docker and Traefik, and suggests workarounds like starting with a clean directory and removing old volumes. Feel free to tag @Ask Inkeep with additional questions.
I cleaned up the config.
hey @nidkil thanks for ypur question, I will takre a look at it
I got it up and running. There are a lot of inconsistencies and errors in the documentation that threw me off, e.g.:
1) v4 does not have separate ports for REST/HTTP (8080) and gRPC (3000) anymore, like in the basic plain vanilla example (https://zitadel.com/docs/self-hosting/deploy/compose).
2) I have a setup where I am using 3 domains: api.auth.xxx.com (REST/gRPC), management.auth.xxx.com (console) and user.auth.xxx.com (login). Adding these additional domains using the API is very frustrating. Listing domains only works with the machine-user PAT, while adding and removing requires the system-admin JWT. Why? Why doesn't the JWT support listing?
Overall the documentation is really subpar and makes the learning experience frustrating.
hey @nidkil thanks a lot for the feedback, we are working to fix the doc and make it better, we had several users stating similar factors. Apologies for inconvinience.
can you pls open a github issue for the doc that you found frustating?
Thanks
Will do @Rajat.
Do you think it would be interesting to share my config? I have made the following split and I protect the UI using mTLS:
- manage.auth.xxx.com (mTLS)
- api.auth.xxx.com (TLS for both REST & gRPC)
- user.auth.xxx.com (mTLS)
All front-ends used are protected by mTLS.
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@402392037158289409>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀