Weird behavior using Docker Networks

[zolero]

Currently I've been struggling for hours now finding out finding our what's wrong with my Authentik setup. And as far as I have reached my investigations, this is a common issue: #2180 #4383, #3637, #5059, #2719, #3087,

Basic docker setup:

---
version: "3.8"

services:
  postgresql:
    image: docker.io/library/postgres:12-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
    networks:
      - network
  redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis:/data
    networks:
      - network
  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.5.3}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    volumes:
      - ./media:/media
      - ./templates:/templates
    env_file:
      - .env
    ports:
      - "9000:9000"
    expose:
      - 9000
    depends_on:
      - postgresql
      - redis
    networks:
      - network # Even defining network with just an basic setup sometimes failes.
#      - nginx-proxy <--- Fails as well
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.5.3}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./templates:/templates
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis
    networks:
      - network
volumes:
  database:
    driver: local
  redis:
    driver: local
networks:
  network:
    name: ${DOCKER_STACK}-network
#  nginx-proxy: <--- One extra network it fails everyhing
#    external: true
#    name: nginx-proxy

Whenever I deploy a fresh installation using networks, it succeeds and I can access the host. Although when I add an network to the server it instantly disconnects the worker and sometimes I just logout out of nowhere. Now when I try to setup a Authentik with a proxy server it fails and returns me an 403 error.

Please help,

  networks:
      - nginx-proxy

networks:
  network:
    name: ${DOCKER_STACK}-network
#  nginx-proxy: <--- One extra network it fails everyhing
#    external: true
#    name: nginx-proxy

[zolero]

Sometimes it works fine. For like 10 seconds, it fetches everything and nothing is wrong. But after a while it disconnects the worker. And than I try to login again and it everything keeps loading. As if something with the internal connection between the docker containers are interfering.

[zolero]

Look at this now when I remove an extra network it just works, but still not flawless. Once I add nginx-proxy it just logs me out.
https://puu.sh/JIxg2/ac1a44fa40.gif

[bloodyburger]

I have the same issue, trying to use existing docker network with SWAG

[bpmich]

I have been experiencing the same issue since release 2023.2 I believe. I have not been able to set up authentik on any of my systems with portainer. Closer inspection of the logs tells me that the session cookie is no longer being transmitted by my browser. In developer options, i can see a cookie generated after login. The expiration date is set to "session" and then the cookie quickly disappears. This is when we stop being able to access anything.

Same as Issue #4539

Docker networking has nothing to do with this, despite what other users have been mentioning. I have tried, and read reports of others trying to correct the docker networking or remove it outright. No luck still.

I am experiencing this out of box, as well. Initial setup flow has instant session invalidation. This issue seems to be overlooked, as there are varying reports all with a core around this session cookie.

[BeryJu]

The only cause for this that I can imagine is that authentik thinks it's behind a proxy that does ssl but isn't, in which case it'll set the secure flag on the cookie and the browser will discard it as it's not a secure origin.

Can you do a curl -L to your authentik URL and post the output?

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.