How to setup OIDC with dex from yunohost #114
Description
I like to setup HabitSync on https://habits.domain2.de via docker-compose with OIDC-Support from yunohost's dex-server which is installed in domain https://dex.domain1.de
My compose.yaml looks like this:
services:
web:
image: ghcr.io/jofoerster/habitsync:latest
environment:
- BASE_URL=https://habits.domains2.de/
- APP_SECURITY_ISSUERS_DEX_URL=https://dex.domain1.de/
- APP_SECURITY_ISSUERS_DEX_CLIENT-ID=habitsync
- APP_SECURITY_ISSUERS_DEX_NEEDS-CONFIRMATION=true # New users need to to be 'let in' by other user, default: true
- JWT_SECRET=v2G+DZTX7YCXf0ZWbmV5lSlX7yLiknU82WFR7aRzGBk=
volumes:
- /opt/synchabit:/data #optional for direct access to database, user 6842:6842 needs access
user: 6842:6842 # optional, run as user with id 6842, same as the application user in the container
ports:
- 6842:6842 # Application accessible under this port
- 9092:9092 # For database access, optional
networks: {}
Within dex I created habitsync
- id: habitsync
redirectURIs:- https://habits.domain2.de/auth-callback
name: habitsync
secret: v2G+DZTX7YCXf0ZWbmV5lSlX7yLiknU82WFR7aRzGBk=
- https://habits.domain2.de/auth-callback
Unfortunately after starting the container changes to unhealthy.
When I enter the page https://habits.domains2.de I get a wordpress-Welcome Page without access-controll or any login.
The terminal says this:
web-1 |
web-1 | . ____ _ __ _ _
web-1 | /\ / ' __ _ () __ __ _ \ \ \
web-1 | ( ( )__ | '_ | '| | ' / ` | \ \ \
web-1 | \/ )| |)| | | | | || (| | ) ) ) )
web-1 | ' || .__|| ||| |_, | / / / /
web-1 | =========||==============|/=////
web-1 |
web-1 | :: Spring Boot :: (v3.4.4)
web-1 |
web-1 | 2025-11-02T12:10:02.716Z INFO 7 --- [syncserver] [ main] d.j.habitsync.SyncserverApplication : Starting SyncserverApplication v0.16.3 using Java 21.0.8 with PID 7 (/app/app.jar started by appuser in /)
web-1 | 2025-11-02T12:10:02.732Z INFO 7 --- [syncserver] [ main] d.j.habitsync.SyncserverApplication : No active profile set, falling back to 1 default profile: "default"
web-1 | 2025-11-02T12:10:12.401Z INFO 7 --- [syncserver] [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
web-1 | 2025-11-02T12:10:12.811Z INFO 7 --- [syncserver] [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 349 ms. Found 16 JPA repository interfaces.
web-1 | 2025-11-02T12:10:17.341Z INFO 7 --- [syncserver] [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 6842 (http)
web-1 | 2025-11-02T12:10:17.371Z INFO 7 --- [syncserver] [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
web-1 | 2025-11-02T12:10:17.372Z INFO 7 --- [syncserver] [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.39]
web-1 | 2025-11-02T12:10:17.437Z INFO 7 --- [syncserver] [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
web-1 | 2025-11-02T12:10:17.440Z INFO 7 --- [syncserver] [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 12177 ms
web-1 | 2025-11-02T12:10:20.013Z INFO 7 --- [syncserver] [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
web-1 | 2025-11-02T12:10:20.569Z INFO 7 --- [syncserver] [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection conn1: url=jdbc:h2:file:/data/habittracker-db user=SA
web-1 | 2025-11-02T12:10:20.574Z INFO 7 --- [syncserver] [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
web-1 | 2025-11-02T12:10:21.257Z INFO 7 --- [syncserver] [ main] org.flywaydb.core.FlywayExecutor : Database: jdbc:h2:file:/data/habittracker-db (H2 2.3)
web-1 | 2025-11-02T12:10:21.494Z INFO 7 --- [syncserver] [ main] o.f.core.internal.command.DbValidate : Successfully validated 10 migrations (execution time 00:00.147s)
web-1 | 2025-11-02T12:10:21.516Z INFO 7 --- [syncserver] [ main] o.f.core.internal.command.DbMigrate : Current version of schema "PUBLIC": 0.15.0
web-1 | 2025-11-02T12:10:21.526Z INFO 7 --- [syncserver] [ main] o.f.core.internal.command.DbMigrate : Schema "PUBLIC" is up to date. No migration necessary.
web-1 | 2025-11-02T12:10:22.024Z INFO 7 --- [syncserver] [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
web-1 | 2025-11-02T12:10:22.241Z INFO 7 --- [syncserver] [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 6.6.11.Final
web-1 | 2025-11-02T12:10:22.383Z INFO 7 --- [syncserver] [ main] o.h.c.internal.RegionFactoryInitiator : HHH000026: Second-level cache disabled
web-1 | 2025-11-02T12:10:23.345Z INFO 7 --- [syncserver] [ main] o.s.o.j.p.SpringPersistenceUnitInfo : No LoadTimeWeaver setup: ignoring JPA class transformer
web-1 | 2025-11-02T12:10:23.676Z INFO 7 --- [syncserver] [ main] org.hibernate.orm.connections.pooling : HHH10001005: Database info:
web-1 | Database JDBC URL [Connecting through datasource 'HikariDataSource (HikariPool-1)']
web-1 | Database driver: undefined/unknown
web-1 | Database version: 2.3.232
web-1 | Autocommit mode: undefined/unknown
web-1 | Isolation level: undefined/unknown
web-1 | Minimum pool size: undefined/unknown
web-1 | Maximum pool size: undefined/unknown
web-1 | 2025-11-02T12:10:28.113Z INFO 7 --- [syncserver] [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000489: No JTA platform available (set 'hibernate.transaction.jta.platform' to enable JTA platform integration)
web-1 | 2025-11-02T12:10:28.147Z INFO 7 --- [syncserver] [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
web-1 | 2025-11-02T12:10:30.637Z INFO 7 --- [syncserver] [ main] o.s.d.j.r.query.QueryEnhancerFactory : Hibernate is in classpath; If applicable, HQL parser will be used.
web-1 | 2025-11-02T12:10:33.319Z INFO 7 --- [syncserver] [ main] org.quartz.impl.StdSchedulerFactory : Using default implementation for ThreadExecutor
web-1 | 2025-11-02T12:10:33.356Z INFO 7 --- [syncserver] [ main] org.quartz.core.SchedulerSignalerImpl : Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
web-1 | 2025-11-02T12:10:33.358Z INFO 7 --- [syncserver] [ main] org.quartz.core.QuartzScheduler : Quartz Scheduler v.2.3.2 created.
web-1 | 2025-11-02T12:10:33.362Z INFO 7 --- [syncserver] [ main] o.s.s.quartz.LocalDataSourceJobStore : Using db table-based data access locking (synchronization).
web-1 | 2025-11-02T12:10:33.366Z INFO 7 --- [syncserver] [ main] o.s.s.quartz.LocalDataSourceJobStore : JobStoreCMT initialized.
web-1 | 2025-11-02T12:10:33.367Z INFO 7 --- [syncserver] [ main] org.quartz.core.QuartzScheduler : Scheduler meta-data: Quartz Scheduler (v2.3.2) 'schedulerFactoryBean' with instanceId 'NON_CLUSTERED'
web-1 | Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
web-1 | NOT STARTED.
web-1 | Currently in standby mode.
web-1 | Number of jobs executed: 0
web-1 | Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.