Receiving 502 on https://auth.example.org, with no debug message on log

[rukh-debug]

I am trying to setup authelia with traefik with, but I have been stuck on 502 since hours with no debug message to troubleshoot. So hoping anyone here can show me where to look for help.

docker-compose.yml

version: '3.7'
services:
# =============================================================
#
#       TRAEFIK - reverse proxy
#
# =============================================================
  reverse-proxy:
    image: traefik:v2.11
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.file.directory=/FileProvider/"
      - "--providers.file.watch=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=web-secure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web-secure.address=:443"
      - "--serverstransport.insecureskipverify=true"
      - "--certificatesresolvers.selfresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.selfresolver.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.selfresolver.acme.dnschallenge.delaybeforecheck=10"
      - "--certificatesresolvers.selfresolver.acme.dnschallenge.resolvers=1.1.1.1:53"
      # - "--certificatesresolvers.selfresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.selfresolver.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.selfresolver.acme.storage=acme.json"
    environment:
      CF_API_EMAIL: ${CF_API_EMAIL}
      CF_API_KEY: ${CF_API_KEY}
      CLOUDFLARE_EMAIL: ${CLOUDFLARE_EMAIL}
      CLOUDFLARE_API_KEY: ${CLOUDFLARE_API_KEY}
          container_name: traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.api.entrypoints=web-secure"
      - "traefik.http.routers.api.tls.certresolver=selfresolver"
      - "traefik.http.routers.api.tls.domains[0].main=*.${DOMAIN}"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=authelia@docker"
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock  # So that Traefik can listen to the Docker events
      - /home/user/servers/traefik/acme.json:/acme.json
      - /home/user/servers/traefik/FileProvider/:/FileProvider/
    restart: always

# =============================================================
#
#       AUTHELIA
#
# =============================================================

  authelia:
    image: ghcr.io/authelia/authelia:master
    container_name: authelia
    volumes:
      - /home/rukh/servers/traefik/authelia:/config
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)'
      - 'traefik.http.routers.authelia.entrypoints=web-secure'
      - 'traefik.http.routers.authelia.tls=true'
      - "traefik.http.routers.authelia.tls.certresolver=selfresolver"
      - "traefik.http.routers.authelia.tls.domains[0].main=*.${DOMAIN}"
      - "traefik.docker.network=traefik_default"

      # The middleware that you use in every container that you want to protect
      - 'traefik.http.middlewares.authelia.forwardauth.address=http://auth.example.org/api/verify?rd=https://auth.${DOMAIN}/'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
    restart: unless-stopped
    environment:
      - TZ=${TIME_ZONE}

configuration.yaml

###############################################################
#                   Authelia configuration                    #
###############################################################

host: 0.0.0.0
port: 9091
log_level: debug
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
jwt_secret: this_IS_avery_Long_SECRET_which_probably_is_Secure
default_redirection_url: https://auth.example.org
totp:
  issuer: auth.example.org

authentication_backend:
  disable_reset_password: false
  file:
    path: /config/users_database.yml
    password:
      algorithm: sha512
      iterations: 1000
      salt_length: 16
      parallelism: 8
      memory: 1024

access_control:
  default_policy: bypass
  rules:
    # Rules applied to everyone
    - domain: domain1.example.org
      policy: one_factor
    - domain: domain2.example.org
      policy: bypass
    - domain: domain3.example.org
      policy: two_factor
session:
  name: EXAMPLE_session
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: ########some secret#########
  expiration: 1M # 1 month
  inactivity: 2w # 2 week
  domain: example.org # Should match whatever your root protected domain is

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  encryption_key: this_is_a_encryption_key_you_ASKED_FOR_182u192u129
  local:
    path: /config/db.sqlite3

notifier:
  smtp:
    username: example@example.org
    password: helloworld
    host: smtp-host.example.org
    port: 587
    sender: admin@example.org

users_database.yml

# List of users
users:
  userxyz:
    displayname: "Home User"
    password: "#HIDDEN"
    email: admin@example.org
    groups:
      - admins
      - dev

Running docker gives no log that can be helpful to debug.

time="2024-05-16T21:35:48-04:00" level=debug msg="Loaded Configuration Sources" files="[/config/configuration.yml]" filters="[]"
time="2024-05-16T21:35:48-04:00" level=debug msg="Logging Initialized" fields.level=debug file= format= keep_stdout=false
time="2024-05-16T21:35:48-04:00" level=debug msg="Process user information" gid=0 gids="1,2,3,4,6,10,11,20,26,27" name=root uid=0 username=root
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration key 'authentication_backend.disable_reset_password' is deprecated in 4.36.0 and has been replaced by 'authentication_backend.password_reset.disable': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration key 'jwt_secret' is deprecated in 4.38.0 and has been replaced by 'identity_validation.reset_password.jwt_secret': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration key 'port' is deprecated in 4.30.0 and has been replaced by 'server.port': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration key 'log_level' is deprecated in 4.30.0 and has been replaced by 'log.level': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration key 'host' is deprecated in 4.30.0 and has been replaced by 'server.host': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration keys 'notifier.smtp.host' and 'notifier.smtp.port' are deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' in the format of '[tcp://]<hostname>[:<port>]': you are not required to make any changes as this has been automatically mapped for you to the value 'submission://smtp-relay.brevo.com:587', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: configuration keys 'server.host', 'server.port', and 'server.path' are deprecated in 4.38.0 and has been replaced by 'server.address' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': you are not required to make any changes as this has been automatically mapped for you to the value 'tcp://0.0.0.0:9091/', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T21:35:48-04:00" level=warning msg="Configuration: session: option 'domain' is deprecated in v4.38.0 and has been replaced by a multi-domain configuration: this has automatically been mapped for you but you will need to adjust your configuration to remove this message and receive the latest messages"
time="2024-05-16T21:35:48-04:00" level=info msg="Authelia untagged-v4.38.8 (master, 3869564) is starting"
time="2024-05-16T21:35:48-04:00" level=info msg="Log severity set to debug"
time="2024-05-16T21:35:48-04:00" level=info msg="Storage schema is being checked for updates"
time="2024-05-16T21:35:48-04:00" level=info msg="Storage schema is already up to date"

docker inspcet network

[
    {
        "Name": "traefik_default",
        "Id": "b938196a43dd2feddd284bd66b16110850c64b904bcb9a63a0590ae3cb4c2308",
        "Created": "2024-05-16T20:00:43.513980195-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "192.168.32.0/20",
                    "Gateway": "192.168.32.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "141e2773b2bfd18a8aec84f56c15acfd5c61e9d8b4958168db0a362ac5f8a20b": {
                "Name": "nodered",
                "EndpointID": "ea6d38be9925a0dbb8747e4e7aedd652dfe214e30537b4754c845eea738140e4",
                "MacAddress": "02:42:c0:a8:20:05",
                "IPv4Address": "192.168.32.5/20",
                "IPv6Address": ""
            },
            "1688979afe6c0ba6c51537992203d2700f3c5a84b15c10dc49101df38e029a64": {
                "Name": "authelia",
                "EndpointID": "10fc62e5f9e40ae35580e8c6da0b2a315c96698505f965a1062c127f4688c84b",
                "MacAddress": "02:42:c0:a8:20:06",
                "IPv4Address": "192.168.32.6/20",
                "IPv6Address": ""
            },
            "5dae3ed8d394e01848f797c091d6503ac5ff552dca70f171b09cfd11b58f03d3": {
                "Name": "grafana",
                "EndpointID": "92d32e35e267ac22e3e270fc16e4c0528558e8f910f980bf9fa4561a29a175f8",
                "MacAddress": "02:42:c0:a8:20:02",
                "IPv4Address": "192.168.32.2/20",
                "IPv6Address": ""
            },
            "a224b7c73e53e8135dbf26aee20fd73ad9b3793e49397a99fabc01479ec34b79": {
                "Name": "traefik",
                "EndpointID": "d3aa482dc7aa18cc3eddb79d72f2658915acede6cb9a1a365fb463a18ce2f979",
                "MacAddress": "02:42:c0:a8:20:03",
                "IPv4Address": "192.168.32.3/20",
                "IPv6Address": ""
            },
            "fc700a8fe8b8d2f0a309a6bdb82deeb38f64d53f6c097437dc7aa8a682744e4a": {
                "Name": "whoami",
                "EndpointID": "1e3eea8cd62176a565790d237496fce6cd7e4c22b7aa973a1b30836dd27f7958",
                "MacAddress": "02:42:c0:a8:20:04",
                "IPv4Address": "192.168.32.4/20",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "traefik",
            "com.docker.compose.version": "1.29.2"
        }
}
]

Response from server

wget -S https://auth.example.org
--2024-05-16 21:36:36--  https://auth.example.org/
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving auth.example.org (auth.example.org)... 146.190.188.151
Connecting to auth.example.org (auth.example.org)|146.190.188.151|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 502 Bad Gateway
  Date: Fri, 17 May 2024 01:36:36 GMT
  Content-Length: 11
  Content-Type: text/plain; charset=utf-8
2024-05-16 21:36:36 ERROR 502: Bad Gateway.

ps: domains and some secrets are modified on these files for security purpose

[glime-ai[bot]]

Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.

---

It seems like you are encountering a 502 Bad Gateway error when trying to set up Authelia with Traefik. This error typically indicates that Traefik is unable to communicate properly with the Authelia service. Here are a few steps and checks you can perform to troubleshoot and resolve the issue:

1. Check Docker Network Configuration:
   Ensure that both Traefik and Authelia containers are on the same Docker network. This allows them to communicate with each other. You can specify the network under the networks section in your docker-compose.yml.

2. Verify Authelia's URL in Traefik Configuration:
   The forwardauth.address in Traefik's middleware configuration should point to the correct internal URL of the Authelia container. Since both are in the same Docker environment, this URL should typically be something like http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/. Make sure the URL is correct and reachable from within the Traefik container.

3. Check Authelia's Logs:
   Since you have set the log level to debug in Authelia, check the logs for any errors or warnings that might indicate what is going wrong. Look for messages related to failed login attempts or configuration errors.

4. Traefik Middleware Configuration:
   Ensure that the middleware authelia@docker is correctly defined in Traefik and that it points to the correct forwardAuth configuration. This middleware should be applied to the routes you want to protect with Authelia.

5. SSL/TLS Configuration:
   Verify that your SSL/TLS certificates are correctly configured and valid. A misconfiguration here could cause Traefik to fail establishing a secure connection to Authelia.

6. Firewall and Network Accessibility:
   Check if there are any firewall rules that might be blocking the communication between Traefik and Authelia. Ensure that the necessary ports are open and accessible.

7. Docker Service Health Checks:
   Implement health checks in your Docker services to ensure that they are up and running before they receive traffic. This can be done using the healthcheck instruction in your docker-compose.yml.

8. Environment Variables:
   Double-check all environment variables and placeholders like ${DOMAIN} are correctly set in your environment or .env file, as these are crucial for the configuration to work correctly.

If after these checks the issue still persists, consider increasing the verbosity of the logs in Traefik as well to get more detailed error information, and verify the network connectivity between the containers using tools like docker exec to ping or curl the Authelia container from the Traefik container.

This comment was generated by Glime.

[james-d-elliott]

The proxy is responding with the 502 by the look of it, not Authelia itself. The proxy will have the information about what's occurring.

[james-d-elliott]

Those warnings are fine to ignore. Try setting logs to trace so we can see where it's up to.

[rukh-debug]

time="2024-05-16T22:08:26-04:00" level=debug msg="Loaded Configuration Sources" files="[/config/configuration.yml]" filters="[]"
time="2024-05-16T22:08:26-04:00" level=debug msg="Logging Initialized" fields.level=debug file= format= keep_stdout=false
time="2024-05-16T22:08:26-04:00" level=debug msg="Process user information" gid=0 gids="1,2,3,4,6,10,11,20,26,27" name=root uid=0 username=root
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration key 'host' is deprecated in 4.30.0 and has been replaced by 'server.host': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration key 'authentication_backend.disable_reset_password' is deprecated in 4.36.0 and has been replaced by 'authentication_backend.password_reset.disable': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration key 'log_level' is deprecated in 4.30.0 and has been replaced by 'log.level': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration key 'jwt_secret' is deprecated in 4.38.0 and has been replaced by 'identity_validation.reset_password.jwt_secret': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration key 'port' is deprecated in 4.30.0 and has been replaced by 'server.port': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration keys 'notifier.smtp.host' and 'notifier.smtp.port' are deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' in the format of '[tcp://]<hostname>[:<port>]': you are not required to make any changes as this has been automatically mapped for you to the value 'submission://smtp-relay.brevo.com:587', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: configuration keys 'server.host', 'server.port', and 'server.path' are deprecated in 4.38.0 and has been replaced by 'server.address' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': you are not required to make any changes as this has been automatically mapped for you to the value 'tcp://0.0.0.0:9091/', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:08:26-04:00" level=warning msg="Configuration: session: option 'domain' is deprecated in v4.38.0 and has been replaced by a multi-domain configuration: this has automatically been mapped for you but you will need to adjust your configuration to remove this message and receive the latest messages"
time="2024-05-16T22:08:26-04:00" level=info msg="Authelia untagged-v4.38.8 (master, 3869564) is starting"
time="2024-05-16T22:08:26-04:00" level=info msg="Log severity set to debug"
time="2024-05-16T22:08:26-04:00" level=info msg="Storage schema is being checked for updates"
time="2024-05-16T22:08:26-04:00" level=info msg="Storage schema is already up to date"
time="2024-05-16T22:16:40-04:00" level=debug msg="Loaded Configuration Sources" files="[/config/configuration.yml]" filters="[]"
time="2024-05-16T22:16:40-04:00" level=debug msg="Logging Initialized" fields.level=debug file= format= keep_stdout=false
time="2024-05-16T22:16:40-04:00" level=debug msg="Process user information" gid=0 gids="1,2,3,4,6,10,11,20,26,27" name=root uid=0 username=root
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration key 'port' is deprecated in 4.30.0 and has been replaced by 'server.port': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration key 'jwt_secret' is deprecated in 4.38.0 and has been replaced by 'identity_validation.reset_password.jwt_secret': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration key 'authentication_backend.disable_reset_password' is deprecated in 4.36.0 and has been replaced by 'authentication_backend.password_reset.disable': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration key 'log_level' is deprecated in 4.30.0 and has been replaced by 'log.level': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration key 'host' is deprecated in 4.30.0 and has been replaced by 'server.host': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration keys 'notifier.smtp.host' and 'notifier.smtp.port' are deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' in the format of '[tcp://]<hostname>[:<port>]': you are not required to make any changes as this has been automatically mapped for you to the value 'submission://smtp-relay.brevo.com:587', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: configuration keys 'server.host', 'server.port', and 'server.path' are deprecated in 4.38.0 and has been replaced by 'server.address' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': you are not required to make any changes as this has been automatically mapped for you to the value 'tcp://0.0.0.0:9091/', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0"
time="2024-05-16T22:16:40-04:00" level=warning msg="Configuration: session: option 'domain' is deprecated in v4.38.0 and has been replaced by a multi-domain configuration: this has automatically been mapped for you but you will need to adjust your configuration to remove this message and receive the latest messages"
time="2024-05-16T22:16:40-04:00" level=info msg="Authelia untagged-v4.38.8 (master, 3869564) is starting"
time="2024-05-16T22:16:40-04:00" level=info msg="Log severity set to debug"
time="2024-05-16T22:16:40-04:00" level=info msg="Storage schema is being checked for updates"
time="2024-05-16T22:16:40-04:00" level=info msg="Storage schema is already up to date"
time="2024-05-16T22:33:40-04:00" level=debug msg="Loaded Configuration Sources" caller="github.com/authelia/authelia/v4/internal/commands/context.go:266 (*CmdCtx).LogConfigure" files="[/config/configuration.yml]" filters="[]"
time="2024-05-16T22:33:40-04:00" level=debug msg="Logging Initialized" caller="github.com/authelia/authelia/v4/internal/commands/context.go:267 (*CmdCtx).LogConfigure" fields.level=trace file= format= keep_stdout=false
time="2024-05-16T22:33:40-04:00" level=debug msg="Process user information" caller="github.com/authelia/authelia/v4/internal/commands/context.go:307 (*CmdCtx).LogProcessCurrentUserRunE" gid=0 gids="1,2,3,4,6,10,11,20,26,27" name=root uid=0 username=root
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration key 'log_level' is deprecated in 4.30.0 and has been replaced by 'log.level': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration key 'jwt_secret' is deprecated in 4.38.0 and has been replaced by 'identity_validation.reset_password.jwt_secret': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration key 'authentication_backend.disable_reset_password' is deprecated in 4.36.0 and has been replaced by 'authentication_backend.password_reset.disable': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration key 'host' is deprecated in 4.30.0 and has been replaced by 'server.host': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration key 'port' is deprecated in 4.30.0 and has been replaced by 'server.port': you are not required to make any changes as this has been automatically mapped for you, but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration keys 'notifier.smtp.host' and 'notifier.smtp.port' are deprecated in 4.38.0 and has been replaced by 'notifier.smtp.address' in the format of '[tcp://]<hostname>[:<port>]': you are not required to make any changes as this has been automatically mapped for you to the value 'submission://smtp-relay.brevo.com:587', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: configuration keys 'server.host', 'server.port', and 'server.path' are deprecated in 4.38.0 and has been replaced by 'server.address' in the format of '[tcp[(4|6)]://]<hostname>[:<port>][/<path>]' or 'tcp[(4|6)://][hostname]:<port>[/<path>]': you are not required to make any changes as this has been automatically mapped for you to the value 'tcp://0.0.0.0:9091/', but to stop this warning being logged you will need to adjust your configuration, and this configuration key and auto-mapping is likely to be removed in 5.0.0" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=warning msg="Configuration: session: option 'domain' is deprecated in v4.38.0 and has been replaced by a multi-domain configuration: this has automatically been mapped for you but you will need to adjust your configuration to remove this message and receive the latest messages" caller="github.com/authelia/authelia/v4/internal/commands/context.go:317 (*CmdCtx).ConfigValidateLogRunE"
time="2024-05-16T22:33:40-04:00" level=info msg="Authelia untagged-v4.38.8 (master, 3869564) is starting" caller="github.com/authelia/authelia/v4/internal/commands/root.go:62 (*CmdCtx).RootRunE"
time="2024-05-16T22:33:40-04:00" level=info msg="Log severity set to trace" caller="github.com/authelia/authelia/v4/internal/logging/logger.go:93 setLevelStr"
time="2024-05-16T22:33:40-04:00" level=trace msg="Starting scan of directory  for certificates" caller="github.com/authelia/authelia/v4/internal/utils/crypto.go:342 NewX509CertPool"
time="2024-05-16T22:33:40-04:00" level=trace msg="Configuring with Mandatory TLS" caller="github.com/authelia/authelia/v4/internal/notification/smtp_notifier.go:60 NewSMTPNotifier" provider=notifier
time="2024-05-16T22:33:40-04:00" level=trace msg="Configuring Provider" caller="github.com/authelia/authelia/v4/internal/notification/smtp_notifier.go:87 NewSMTPNotifier" domain=rubenk.dev helo=localhost port=587 provider=notifier timeout=5 tls="&{<nil> <nil> [] map[] <nil> <nil> <nil> <nil> <nil> 0x4000e52690 [] smtp-relay.brevo.com NoClientCert <nil> false [] false false [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0] <nil> <nil> <nil> 771 772 [] false 0 <nil> {{0 0} 0 0 {{} 0} {{} 0}} [] []}"
time="2024-05-16T22:33:40-04:00" level=trace msg="Performing Startup Check" caller="github.com/authelia/authelia/v4/internal/commands/root.go:105 doStartupChecks" provider=storage
time="2024-05-16T22:33:40-04:00" level=info msg="Storage schema is being checked for updates" caller="github.com/authelia/authelia/v4/internal/storage/sql_provider.go:338 (*SQLProvider).StartupCheck"
time="2024-05-16T22:33:40-04:00" level=info msg="Storage schema is already up to date" caller="github.com/authelia/authelia/v4/internal/storage/sql_provider.go:356 (*SQLProvider).StartupCheck"
time="2024-05-16T22:33:40-04:00" level=trace msg="Startup Check Completed Successfully" caller="github.com/authelia/authelia/v4/internal/commands/root.go:112 doStartupChecks" provider=storage
time="2024-05-16T22:33:40-04:00" level=trace msg="Performing Startup Check" caller="github.com/authelia/authelia/v4/internal/commands/root.go:115 doStartupChecks" provider=user
time="2024-05-16T22:33:40-04:00" level=trace msg="Startup Check Completed Successfully" caller="github.com/authelia/authelia/v4/internal/commands/root.go:122 doStartupChecks" provider=user
time="2024-05-16T22:33:40-04:00" level=trace msg="Performing Startup Check" caller="github.com/authelia/authelia/v4/internal/commands/root.go:125 doStartupChecks" provider=notification
time="2024-05-16T22:33:40-04:00" level=trace msg="Creating Startup Check Client" caller="github.com/authelia/authelia/v4/internal/notification/smtp_notifier.go:113 (*SMTPNotifier).StartupCheck" hostname=smtp-relay.brevo.com provider=notifier
time="2024-05-16T22:33:40-04:00" level=trace msg="Dialing Startup Check Connection" caller="github.com/authelia/authelia/v4/internal/notification/smtp_notifier.go:121 (*SMTPNotifier).StartupCheck" provider=notifier

[rukh-debug]

/app # ls
LICENSE         authelia        entrypoint.sh   healthcheck.sh
/app # netstat -tulpn | grep LISTEN
tcp        0      0 127.0.0.11:42887        0.0.0.0:*               LISTEN      -
/app # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.11:42887        0.0.0.0:*               LISTEN      -
udp        0      0 127.0.0.11:56029        0.0.0.0:*                           -
/app #

some netstat info if that helps.

[james-d-elliott]

It's having issues connecting to the SMTP server. As to why it's not timing out I'm not sure since we set a timeout.

[rukh-debug]

Thank you for the help and maintaining. That was it. changing to filesystem notifier resolved the issue. I'll see what's up with SMTP.

[james-d-elliott]

Can you ensure you keep enough backups that you can replicate it? I'd like to get to the bottom of why it's not timing out. So I'd like to be able to replicate it.

[rukh-debug]

Sure. I do have the backup.