Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redirect_uri protocol issue #12

Open
sugarfunk opened this issue Dec 2, 2023 · 18 comments
Open

redirect_uri protocol issue #12

sugarfunk opened this issue Dec 2, 2023 · 18 comments

Comments

@sugarfunk
Copy link

I am running into the same issue as #6 but not able to resolve with the same troubleshooting. No matter what I do oauth is using http and thus failing.

My Docker Compose

version: '3.9'
services:
grist-omnibus:
image: gristlabs/grist-omnibus:latest
container_name: grist
volumes:
- '/home/username/docker/grist/data:/persist'
environment:
- PASSWORD=redacted
- EMAIL=redacted
- TEAM=redacted
- 'URL=https://grist.redacted'
- 'HTTPS=external'
ports:
- '9999:80'

Loads fine, but after clicking login with email I get this.
image

and here is the related log/error

2023-12-02 21:58:03.479 - debug: Auth[GET]: grist.redacted.com / customHostSession=, method=GET, host=grist.redacted.com, path=/, org=redacted, email=[email protected], userId=1, altSessionId=dcS1dKfetP9AjFutPaKBpS
2023-12-02 21:58:03.480 - debug: Authorizer: redirecting to sign up
time="2023-12-02T21:58:03Z" level=warning msg="You are using "secure" cookies for a request that was not received via https. You should either redirect to https or pass the "insecure-cookie" config option to permit cookies via http." handler=Auth host=grist.redacted.com method=GET proto=http rule=default source_ip=172.31.0.1 uri="/auth/login?next=%2F"
time="2023-12-02T21:58:05Z" level=error msg="Failed to parse authorization request: Unregistered redirect_uri ("http://grist.redacted.com/_oauth\")."
@dsagal
Copy link
Member

dsagal commented Dec 3, 2023

I think the key difference is the value of the HTTPS variable. With auto or manual, traefik will terminate SSL, i.e. handle https connections. With external, it assumes something else (in front of traefik?) terminates SSL. But that part isn't addressed in #6 -- maybe some other step is needed (like telling traefik to respect X-Forwarded-Proto header)?

Could you share the details of what's handling HTTPS in your setup?

@sugarfunk
Copy link
Author

@dsagal thanks for replying.

Yes, I already have Traefik on a different box handling traffic and certs. I also tried the forward proto.

So I connect https just fine with this setup. There is no issue until I click one of the three login options (Login with email,Google, Ms). That's when the http error pops up.

@dsagal
Copy link
Member

dsagal commented Dec 4, 2023 via email

@sugarfunk
Copy link
Author

sugarfunk commented Dec 4, 2023 via email

@magixus
Copy link

magixus commented Dec 22, 2023
edited
Loading

I'm having this issue as well, and I have same setup as #6 except HTTPS=external because am running nginx and letsencrypt in host. setting https as auto also result in same issue.

and if you try to change redirect_uri you'll have the following error:

time="2023-12-22T17:44:49Z" level=error msg="Code exchange failed with provider" error="oauth2: cannot fetch token: 400 Bad Request\nResponse: {\"error\":\"invalid_request\",\"error_description\":\"redirect_uri did not match URI from initial request.\"}" handler=AuthCallback host=domain.ltd method=GET proto=http rule=default source_ip=x.x.x.x uri="/_oauth?code=iqvpghcrhic3etzdemsh5dvyz&state=2837200e1ebb3488c6ca01f43bd999c4%3Aoidc%3Ahttps%3A%2F%2Fdomain.ltd%2Fauth%2Flogin"

@nasmi3
Copy link

nasmi3 commented Jan 9, 2024

Hi,
I have a fresh install of Grist omnibus and also get the same issue. As @magixus explained, changing the uri manually in the url does not solve the problem.
The problem happens with both the HTTPS env variable on external and auto.

@dsagal dsagal mentioned this issue Jan 10, 2024
Merged
@dsagal
Copy link
Member

dsagal commented Jan 10, 2024
edited
Loading

I found the issue, and have PR #13 that addresses it. You can give it a shot as follows:

I'd appreciate your feedback on whether it is indeed sufficient for your setup.

@dsagal
Copy link
Member

dsagal commented Jan 15, 2024

The latest docker image includes the fix. The README includes these updated instructions for when running behind another reverse proxy:

If you run the omnibus behind a separate reverse proxy that terminates SSL, then you should set HTTPS=external, and set an additional environment variable TRUSTED_PROXY_IPS to the IP address or IP range of the proxy. This may be a comma-separated list, e.g. 127.0.0.1/32,192.168.1.7. See Traefik's forwarded headers.

@ibarot1981
Copy link

Hi,

I have npm on a seperate host where I am terminating SSL.

My env variables:
URL = https://grist.domain.tld
HTTPS = external
TRUSTED_PROXY_IPS = <ip_of_npm>

When i start the container, I get the following error in the logs :

<>
info [grist-omnibus] Checking dex... at https://grist..tld/dex/.well-known/openid-configuration
debug [grist-omnibus] not ready: FetchError: maximum redirect reached at: https://grist..tld/dex/.well-known/openid-configuration
<>

when accessing the app through browser, I get ERR_TOO_MANY_REDIRECTS.

I am not sure if I have messed up something in npm or its something to do with grist.

Thanks in advance.

@dsagal
Copy link
Member

dsagal commented Jan 29, 2024

@ibarot1981 , what the container is doing is checking that the services it's running (such as Dex) are actually accessible at the URL you configured. It should be making a fetch to the exact URL you specified. Sometimes it's tricky to ensure that the public URL you configured is also accessible from inside the container.

@ibarot1981
Copy link

ibarot1981 commented Jan 29, 2024
edited
Loading

@ibarot1981 , what the container is doing is checking that the services it's running (such as Dex) are actually accessible at the URL you configured. It should be making a fetch to the exact URL you specified. Sometimes it's tricky to ensure that the public URL you configured is also accessible from inside the container.

Hi, thanks for your reply.

I am not sure how to proceed here. Before I stumbled along this issue here, I followed the docker compose guide here
[https://github.com/gristlabs/grist-omnibus]

Since I am terminating SSL at NPM on a seperate host, earlier I gave the following env values :
URL : http://grist.domain.tld --- (Note : No HTTPS)
No other variables like HTTPS or TRUSTED_PROXY_IPS entered.

I could get the login page and also login with the EMAIL and PASSWORD variables as provided but immediately after login I got an error on the browser.

image

at this point, nothing worked and it got stuck at this page.

On searching I found this thread and so I added HTTPS=external and TRUSTED_PROXY_IPS= my internal IP for NPM
But now I get the fetch maximum redirect error.

Is there anything more I need to do apart from adding the above two variables and changing URL from http to https?

Thank you.

@dsagal
Copy link
Member

dsagal commented Jan 29, 2024

Hmm, I attempted to test, and I am getting the "418 I am a teapot" response code for everything, which is stumping me. I'll have to come back later to figure out what's wrong with my setup (it's not a clean slate). Also, there have been a few changes recently, and it's possible something broke again for HTTPS=external :(

As far as things to check:

  1. The URL should in fact include https:// if using external SSL termination.
  2. The hostname in URL must resolve to the correct IP address from the grist-omnibus container.
  3. This IP address should be accessible.
  4. The certificate should be valid (not self-signed, for example)
  5. The reverse proxy (the piece that's receiving /https requests and forwarding them to grist-omnibus) needs forward websocket requests as well. That wouldn't affect Dex or the initial login and page load, but comes into play when trying to open a document.

@allquixotic
Copy link

allquixotic commented Feb 5, 2024
edited
Loading

I am also getting the "too many redirects" / "FetchError:maximum redirect reached" error with grist checking for dex. Seems like a traefik redirect loop inside the container. I have:

  • nginx and letsencrypt as a reverse proxy

docker run -p 127.0.0.1:4321:80 -e TRUSTED_PROXY_IPS=<my_public_ip>/32,127.0.0.1/32 -e URL=https://<my_site.com> -e TEAM=foo -e EMAIL='[email protected]' -e HTTPS=external -e insecure-cookie=true -e INSECURE_COOKIE=true -v /home/user/grist/dex.yaml:/custom/dex.yaml -v /home/user/grist/persist:/persist -i --rm --name grist grist-omnibus:latest and I built the image locally with docker build -t grist-omnibus:latest . after cloning the main branch of this repo.

If I just run gristlabs/grist-omnibus:latest, I get grist version 1.1.1, which is ancient and doesn't support forms :( but it starts successfully. I had to build the image locally to get up to grist 1.1.10. Not sure why it doesn't pull 1.1.11...

Also in my logs I see: Feb 05 12:26:35 dcprod run.sh[10065]: 2024-02-05 17:26:35.329 - warn: Failed to create GoogleAuth endpoint: GOOGLE_CLIENT_SECRET is not defined

yet in my dex.yaml I have

 - type: google
   id: google
   name: Google
   config:
     issuer: https://accounts.google.com
     clientID: a real value
     clientSecret: a real value 
     redirectURI: '{{ getenv "APP_HOME_URL" }}/dex/callback'
     insecureSkipEmailVerified: true
     scopes:
     - openid
     - email
     - profile

@allquixotic
Copy link

I narrowed down my issue (the redirect loop) to HTTPS=external. I added another dedicated IP address to my box (so it doesn't conflict with nginx), changed the config to use it, remapped the ports, and everything starts up and works with HTTPS=auto. So yeah, HTTPS=external is broken.

@TOMDM
Copy link

TOMDM commented Mar 29, 2024

external seeming to be broken is now a blocker for me.
Has anyone found a fix?

@BobWs
Copy link

BobWs commented Aug 10, 2024

Having the same problem with grist-omnibus and NPM. I have installed grist-omnibus on docker on a Synology NAS using portainer. I also run NPM (Nginx-Proxy-Manager) as a reverse-proxy server for all my docker containers.

Has anyone found a solution to get this working with NPM (external reverse-proxy server)?

Here is my docker-compose file:

version: '3.8'

services:
  grist:              
    container_name: grist
    image: gristlabs/grist-omnibus:latest
    hostname: grist
    security_opt:
      - no-new-privileges:true
    mem_limit: 1024m
    mem_reservation: 512m
    healthcheck:
      test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s  
    ports:
      - "8070:80"
      - "44380:443"
    volumes: 
      - /volume1/docker/saas/grist/data:/persist
    environment:
      URL: 'https://saas.domain.tld'
      TEAM: 'cool-beans'
      EMAIL: '[email protected]'
      PASSWORD: "******************"
      HTTPS: 'external'
      TRUSTED_PROXY_IPS: 192.168.178.0/24            
    restart: "unless-stopped"
    networks:
      home:      

networks:
  home:
    external: true

Here is the log:

Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:03 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
error [grist-omnibus] grist failed: exited with 1
time="2024-08-10T06:14:03Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:03 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:04 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:04Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:04 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:05 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:05Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:05 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:06Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:06Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:06Z" level=info msg="config issuer: https://saas.domain.tld/dex"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
time="2024-08-10T06:14:06Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:06Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:06Z" level=info msg="config connector: google"
time="2024-08-10T06:14:06Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:06Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:06Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:06Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:07 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:07Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:07 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:07Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:07Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:07Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:07Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:07Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:07Z" level=info msg="config connector: google"
time="2024-08-10T06:14:07Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:07Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:07Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:07Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:08 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:09Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:09 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:09Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:09Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:09Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:09Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:09Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:09Z" level=info msg="config connector: google"
time="2024-08-10T06:14:09Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:09Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:09Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:09Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:11 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:11Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:11 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:11Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:11Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:11Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:11Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:11Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:11Z" level=info msg="config connector: google"
time="2024-08-10T06:14:11Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:11Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:11Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:11Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:15 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:15Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:15 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:15Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:15Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:15Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:15Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:15Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:15Z" level=info msg="config connector: google"
time="2024-08-10T06:14:15Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:15Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:15Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:15Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:23 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:23Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:23 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:23Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:23Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:23Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:23Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:23Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:23Z" level=info msg="config connector: google"
time="2024-08-10T06:14:23Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:23Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:23Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:23Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:14:36 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:14:36Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:14:36 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:14:37Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:14:37Z" level=info msg="config using log level: debug"
time="2024-08-10T06:14:37Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:14:37Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:14:37Z" level=info msg="config static client: Grist"
time="2024-08-10T06:14:37Z" level=info msg="config connector: google"
time="2024-08-10T06:14:37Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:14:37Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:14:37Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:14:37Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:15:03 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:15:03Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:15:03 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:15:03Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:15:03Z" level=info msg="config using log level: debug"
time="2024-08-10T06:15:03Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:15:03Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:15:03Z" level=info msg="config static client: Grist"
time="2024-08-10T06:15:03Z" level=info msg="config connector: google"
time="2024-08-10T06:15:03Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:15:03Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:15:03Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:15:03Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:15:55 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:15:55Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:15:55 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:15:55Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:15:55Z" level=info msg="config using log level: debug"
time="2024-08-10T06:15:55Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:15:55Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:15:55Z" level=info msg="config static client: Grist"
time="2024-08-10T06:15:55Z" level=info msg="config connector: google"
time="2024-08-10T06:15:55Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:15:55Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:15:55Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:15:55Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:16:56 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
time="2024-08-10T06:16:56Z" level=info msg="Configuration loaded from flags."
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
2024/08/10 06:16:56 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:16:56Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:16:56Z" level=info msg="config using log level: debug"
time="2024-08-10T06:16:56Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:16:56Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:16:56Z" level=info msg="config static client: Grist"
time="2024-08-10T06:16:56Z" level=info msg="config connector: google"
time="2024-08-10T06:16:56Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:16:56Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:16:56Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:16:56Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:17:57 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:17:57Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:17:57 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:17:57Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:17:57Z" level=info msg="config using log level: debug"
time="2024-08-10T06:17:57Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:17:57Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:17:57Z" level=info msg="config static client: Grist"
time="2024-08-10T06:17:57Z" level=info msg="config connector: google"
time="2024-08-10T06:17:57Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:17:57Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:17:57Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:17:57Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:18:58 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:18:58Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:18:58 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:18:58Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:18:58Z" level=info msg="config using log level: debug"
time="2024-08-10T06:18:58Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:18:58Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:18:58Z" level=info msg="config static client: Grist"
time="2024-08-10T06:18:58Z" level=info msg="config connector: google"
time="2024-08-10T06:18:58Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:18:58Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:18:58Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:18:58Z" level=info msg="config refresh tokens rotation enabled: true"
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:19:59 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:19:59Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:19:59 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:19:59Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:19:59Z" level=info msg="config using log level: debug"
time="2024-08-10T06:19:59Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:19:59Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:19:59Z" level=info msg="config static client: Grist"
time="2024-08-10T06:19:59Z" level=info msg="config connector: google"
time="2024-08-10T06:19:59Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:19:59Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:19:59Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:19:59Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:21:00 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:21:00Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:21:00 traefik.go:80: command traefik error: error while building entryPoint websecure: error preparing server: error opening listener: listen tcp :443: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:21:00Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:21:00Z" level=info msg="config using log level: debug"
time="2024-08-10T06:21:00Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:21:00Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:21:00Z" level=info msg="config static client: Grist"
time="2024-08-10T06:21:00Z" level=info msg="config connector: google"
time="2024-08-10T06:21:00Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:21:00Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:21:00Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:21:00Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:22:01 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:22:01Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:22:01 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:22:01Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:22:01Z" level=info msg="config using log level: debug"
time="2024-08-10T06:22:01Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:22:01Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:22:01Z" level=info msg="config static client: Grist"
time="2024-08-10T06:22:01Z" level=info msg="config connector: google"
time="2024-08-10T06:22:01Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:22:01Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:22:01Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:22:01Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:23:02 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:23:02Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:23:02 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:23:02Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:23:02Z" level=info msg="config using log level: debug"
time="2024-08-10T06:23:02Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:23:02Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:23:02Z" level=info msg="config static client: Grist"
time="2024-08-10T06:23:02Z" level=info msg="config connector: google"
time="2024-08-10T06:23:02Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:23:02Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:23:02Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:23:02Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:24:03 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:24:03Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:24:03 traefik.go:80: command traefik error: error while building entryPoint websecure: error preparing server: error opening listener: listen tcp :443: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:24:03Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:24:03Z" level=info msg="config using log level: debug"
time="2024-08-10T06:24:03Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:24:03Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:24:03Z" level=info msg="config static client: Grist"
time="2024-08-10T06:24:03Z" level=info msg="config connector: google"
time="2024-08-10T06:24:03Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:24:03Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:24:03Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:24:03Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:25:04 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:25:04Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:25:04 traefik.go:80: command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:25:04Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:25:04Z" level=info msg="config using log level: debug"
time="2024-08-10T06:25:04Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:25:04Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:25:04Z" level=info msg="config static client: Grist"
time="2024-08-10T06:25:04Z" level=info msg="config connector: google"
time="2024-08-10T06:25:04Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:25:04Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:25:04Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:25:04Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1
Running Grist as user 1001 with primary group 1001
info [grist-omnibus] Calling traefik [
  '--providers.file.filename=/settings/traefik.yaml',
  '--entryPoints.web.address=:80',
  '--entrypoints.websecure.address=:443',
  '--entrypoints.web.http.redirections.entrypoint.scheme=https',
  '--entrypoints.web.http.redirections.entrypoint.to=websecure',
  '--entryPoints.web.forwardedHeaders.trustedIPs=192.168.178.0/24'
]
2024/08/10 06:26:05 Starting up on port 17102
creating container: waiting for sandbox to start: EOF
gvisor check failed (flags: -unprivileged -ignore-cgroups); consider different GVISOR_FLAGS or GRIST_SANDBOX_FLAVOR
time="2024-08-10T06:26:05Z" level=info msg="Configuration loaded from flags."
2024/08/10 06:26:05 traefik.go:80: command traefik error: error while building entryPoint websecure: error preparing server: error opening listener: listen tcp :443: bind: permission denied
info [grist-omnibus] No /custom/dex.yaml
info [grist-omnibus] Checking dex... at https://saas.domain.tld/dex/.well-known/openid-configuration
time="2024-08-10T06:26:05Z" level=info msg="Dex Version: v2.33.1-dirty, Go Version: go1.18.4, Go OS/ARCH: linux amd64"
time="2024-08-10T06:26:05Z" level=info msg="config using log level: debug"
time="2024-08-10T06:26:05Z" level=info msg="config issuer: https://saas.domain.tld/dex"
time="2024-08-10T06:26:05Z" level=info msg="config storage: sqlite3"
time="2024-08-10T06:26:05Z" level=info msg="config static client: Grist"
time="2024-08-10T06:26:05Z" level=info msg="config connector: google"
time="2024-08-10T06:26:05Z" level=info msg="config connector: microsoft"
time="2024-08-10T06:26:05Z" level=info msg="config connector: local passwords enabled"
time="2024-08-10T06:26:05Z" level=info msg="config skipping approval screen"
time="2024-08-10T06:26:05Z" level=info msg="config refresh tokens rotation enabled: true"
debug [grist-omnibus]   not ready: FetchError: request to https://saas.domain.tld/dex/.well-known/openid-configuration failed, reason: getaddrinfo ENOTFOUND saas.domain.tld
error [grist-omnibus] grist failed: exited with 1

@paulfitz
Copy link
Member

@Spoffy do you know happen to know if grist-omnibus is in a good state? This line in the logs above happens pretty early:

error [grist-omnibus] grist failed: exited with 1

followed by a:

permission denied

@AlexandreNarten
Copy link

Hello. I'm also experiencing the same issue. Have any solutions been found to deal with this? I have grist running on easypanel which runs a traefik instance as a reverse proxy infront of multiple apps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@paulfitz @allquixotic @dsagal @sugarfunk @TOMDM @BobWs @magixus @nasmi3 @AlexandreNarten @ibarot1981