I
Immich3y ago
Mjolnir

Admin Registration Error - Solved!

Hi there, I have got an Immich stack running in docker swarm behind Traefik and Authentik. I can successfully navigate to the Admin Registration screen where I can put in my email/name/pwd. But when I click Sign-up, nothing happens. In the browser console, I get this error: Object { message: "Request failed with status code 404", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…}, stack: "" } with a response URL of "https://immich.domain.tld/api/auth/admin-sign-up" I initially thought it was an Authentik thing blocking something, but I have since updated the provider to allow ^/api/.*. But nothing has changed. All containers/services are running in the stack and I checked the logs of everything, and the only thing that looks out of place is the postgres error ERROR: relation "system_config" does not exist at character 128 I do see LOG [RouterExplorer] Mapped {/auth/admin-sign-up, POST} route +2ms in the server logs... not sure if that is relevant.
7 Replies
Mjolnir
MjolnirOP3y ago
Docker compose: Here is my yml for the server and web. I do not use the immich proxy: 
version: "3.8"

services:
  immich-server:
    image: altran1502/immich-server:release
    entrypoint: ["/bin/sh", "./start-server.sh"]
    networks:
      - traefik_public
      - internal
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.services.media-immich-api.loadbalancer.server.port: "3001"
        traefik.http.routers.media-immich-api.rule: "Host(`immich.domain.tld`) && Pathprefix(`/api`)"
        traefik.http.routers.media-immich-api.tls: "true"
        traefik.http.routers.media-immich-api.tls.certresolver: "cloudflare"
        traefik.http.routers.media-immich-api.entrypoints: "https"
        traefik.http.routers.media-immich-api.middlewares: "secure@file"
    volumes:
      - /share/appdata/immich/photos:/usr/src/app/upload
    env_file:
      - /share/appdata/config/immich/immich.env
    environment:
      - NODE_ENV=production
    depends_on:
      - redis
      - database
    restart: always

  immich-web:
    image: altran1502/immich-web:release
    entrypoint: ["/bin/sh", "./entrypoint.sh"]
    env_file:
      - /share/appdata/config/immich/immich.env
    networks:
      - traefik_public
      - internal
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.services.media-immich.loadbalancer.server.port: "3000"
        traefik.http.routers.media-immich.rule: "Host(`immich.domain.tld`)"
        traefik.http.routers.media-immich.tls: "true"
        traefik.http.routers.media-immich.tls.certresolver: "cloudflare"
        traefik.http.routers.media-immich.entrypoints: "https"
        traefik.http.routers.media-immich.middlewares: "secure@file"
    restart: always

  database:
    image: postgres:14
    restart: unless-stopped
    networks:
      - internal
    volumes:
      - "/share/appdata/immich/pgdata:/var/lib/postgresql/data"
    env_file:
      - /share/appdata/config/immich/immich.env
version: "3.8"

services:
  immich-server:
    image: altran1502/immich-server:release
    entrypoint: ["/bin/sh", "./start-server.sh"]
    networks:
      - traefik_public
      - internal
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.services.media-immich-api.loadbalancer.server.port: "3001"
        traefik.http.routers.media-immich-api.rule: "Host(`immich.domain.tld`) && Pathprefix(`/api`)"
        traefik.http.routers.media-immich-api.tls: "true"
        traefik.http.routers.media-immich-api.tls.certresolver: "cloudflare"
        traefik.http.routers.media-immich-api.entrypoints: "https"
        traefik.http.routers.media-immich-api.middlewares: "secure@file"
    volumes:
      - /share/appdata/immich/photos:/usr/src/app/upload
    env_file:
      - /share/appdata/config/immich/immich.env
    environment:
      - NODE_ENV=production
    depends_on:
      - redis
      - database
    restart: always

  immich-web:
    image: altran1502/immich-web:release
    entrypoint: ["/bin/sh", "./entrypoint.sh"]
    env_file:
      - /share/appdata/config/immich/immich.env
    networks:
      - traefik_public
      - internal
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.services.media-immich.loadbalancer.server.port: "3000"
        traefik.http.routers.media-immich.rule: "Host(`immich.domain.tld`)"
        traefik.http.routers.media-immich.tls: "true"
        traefik.http.routers.media-immich.tls.certresolver: "cloudflare"
        traefik.http.routers.media-immich.entrypoints: "https"
        traefik.http.routers.media-immich.middlewares: "secure@file"
    restart: always

  database:
    image: postgres:14
    restart: unless-stopped
    networks:
      - internal
    volumes:
      - "/share/appdata/immich/pgdata:/var/lib/postgresql/data"
    env_file:
      - /share/appdata/config/immich/immich.env
Solved! I needed to add to the server service: 
traefik.http.middlewares.service-immich-api-strip.stripprefix.prefixes: "/api"
traefik.http.routers.media-immich-api.middlewares: secure@file,service-immich-api-strip
traefik.http.middlewares.service-immich-api-strip.stripprefix.prefixes: "/api"
traefik.http.routers.media-immich-api.middlewares: secure@file,service-immich-api-strip
jrasm91
jrasm913y ago
Sweet!
Mjolnir
MjolnirOP3y ago
Yup! Now trying to set up SSO with Authentik 😅
jrasm91
jrasm913y ago
Following the guide?
Mjolnir
MjolnirOP3y ago
Yes, but I've misunderstood Authentik + traefik works.
I thought I could create an OAuth provider and hook it into my embedded outpost, but it doesn't like that because you can only hook in proxy providers. So I have an OAuth provider and application but no outpost A bit out of scope for this discord server though 🙂
jrasm91
jrasm913y ago
Yeah I'm not sure how it works with traefik unless you are only using it to terminate tls
Mjolnir
MjolnirOP3y ago
Just to close this off, in Authentik, you create an OAuth provider, link the necessary details as per immich docs, remove the Traefik forward auth middleware, then it should be good to go 🙂

Did you find this page helpful?