Login does not fail but stays on login screen #1608

New Issue

MrUnknownDE · 2026-04-05T19:37:07+02:00

MrUnknownDE commented

2026-04-05 19:37:07 +02:00

Originally created by @seitzbg on 4/15/2025

Login does not fail but stays on login screen. Invalid username/password shows a red modal which is expected. Valid just returns me to an empty login form.

Any help appreciated!

Configs below:

Docker-compose:

name: pangolin
services:
  pangolin:
    image: fosrl/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
    volumes:
      - /config/pangolin/config:/app/config
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "3s"
      timeout: "3s"
      retries: 5

  gerbil:
    image: fosrl/gerbil:latest
    container_name: gerbil
    restart: unless-stopped
    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --reachableAt=http://gerbil:3003
      - --generateAndSaveKeyTo=/var/config/key
      - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
      - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
    volumes:
      - /config/pangolin/var:/var/config
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    ports:
      - 51820:51820/udp
      - 443:443 # Port for traefik because of the network_mode
      - 80:80 # Port for traefik because of the network_mode

  traefik:
    image: traefik:v3.3.5
    container_name: traefik
    restart: unless-stopped
    network_mode: service:gerbil # Ports appear on the gerbil service
    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --configFile=/etc/traefik/traefik_config.yml
    environment:
      CLOUDFLARE_DNS_API_TOKEN: "wat"
    volumes:
      - /config/pangolin/config/traefik/:/etc/traefik:ro # Volume to store the Traefik configuration
      - /config/pangolin/var/log/traefik:/var/log/traefik
      - /config/pangolin/config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates

networks:
  default:
    driver: bridge
    name: pangolin

config.yml

# To see all available options, please visit the docs:
# https://docs.fossorial.io/Pangolin/Configuration/config

app:
    dashboard_url: "http://localhost:3002"
    log_level: "debug"
    save_logs: false

domains:
    domain1:
        base_domain: "fiber.house"
        cert_resolver: "letsencrypt"
        prefer_wildcard_cert: true

server:
    external_port: 3000
    internal_port: 3001
    next_port: 3002
    internal_hostname: "pangolin"
    session_cookie_name: "p_session_token"
    resource_access_token_param: "p_token"
    resource_access_token_headers:
        id: "P-Access-Token-Id"
        token: "P-Access-Token"
    resource_session_request_param: "p_session_request"
    cors:
        origins: ["https://pangolin.fiber.house"]
        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
        headers: ["X-CSRF-Token", "Content-Type"]
        credentials: false

traefik:
    http_entrypoint: "web"
    https_entrypoint: "websecure"

gerbil:
    start_port: 51820
    base_endpoint: "localhost"
    block_size: 24
    site_block_size: 30
    subnet_group: 100.89.100.0/20
    use_subdomain: true

rate_limits:
    global:
        window_minutes: 1
        max_requests: 500

users:
    server_admin:
        email: "wat@gmail.com"
        password: "wat"

flags:
    require_email_verification: false
    disable_signup_without_invite: true
    disable_user_create_org: true
    allow_raw_resources: true
    allow_base_domain_resources: true

traefik_config:

api:
  insecure: true
  dashboard: true

providers:
  http:
    endpoint: "http://pangolin:3001/api/v1/traefik-config"
    pollInterval: "5s"
  file:
    filename: "/etc/traefik/dynamic_config.yml"

experimental:
  plugins:
    badger:
      moduleName: "github.com/fosrl/badger"
      version: "v1.1.0"

log:
  level: "DEBUG"
  format: "common"

certificatesResolvers:
  letsencrypt:
    acme:
      dnsChallenge:
        provider: "cloudflare"
      email: "wat@gmail.com"
      storage: "/letsencrypt/acme.json"
      caServer: "https://acme-v02.api.letsencrypt.org/directory"

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    transport:
      respondingTimeouts:
        readTimeout: "30m"
    http:
      tls:
        certResolver: "letsencrypt"

serversTransport:
  insecureSkipVerify: true

dynamic_config:

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

  routers:
    # HTTP to HTTPS redirect router
    main-app-router-redirect:
      rule: "Host(`pangolin.fiber.house`)" # REPLACE THIS WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - web
      middlewares:
        - redirect-to-https

    # Next.js router (handles everything except API and WebSocket paths)
    next-router:
      rule: "Host(`pangolin.fiber.house`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
        domains:
          - main: "pangolin.fiber.house"
            sans:
              - "*.mesh.fiber.house"

    # API router (handles /api/v1 paths)
    api-router:
      rule: "Host(`pangolin.fiber.house`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

    # WebSocket router
    ws-router:
      rule: "Host(`pangolin.fiber.house`)" # REPLACE THIS WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt

  services:
    next-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3002" # Next.js server

    api-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3000" # API/WebSocket server

*Originally created by @seitzbg on 4/15/2025* Login does not fail but stays on login screen. Invalid username/password shows a red modal which is expected. Valid just returns me to an empty login form. Any help appreciated! Configs below: Docker-compose: ``` name: pangolin services: pangolin: image: fosrl/pangolin:latest container_name: pangolin restart: unless-stopped volumes: - /config/pangolin/config:/app/config healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] interval: "3s" timeout: "3s" retries: 5 gerbil: image: fosrl/gerbil:latest container_name: gerbil restart: unless-stopped depends_on: pangolin: condition: service_healthy command: - --reachableAt=http://gerbil:3003 - --generateAndSaveKeyTo=/var/config/key - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth volumes: - /config/pangolin/var:/var/config cap_add: - NET_ADMIN - SYS_MODULE ports: - 51820:51820/udp - 443:443 # Port for traefik because of the network_mode - 80:80 # Port for traefik because of the network_mode traefik: image: traefik:v3.3.5 container_name: traefik restart: unless-stopped network_mode: service:gerbil # Ports appear on the gerbil service depends_on: pangolin: condition: service_healthy command: - --configFile=/etc/traefik/traefik_config.yml environment: CLOUDFLARE_DNS_API_TOKEN: "wat" volumes: - /config/pangolin/config/traefik/:/etc/traefik:ro # Volume to store the Traefik configuration - /config/pangolin/var/log/traefik:/var/log/traefik - /config/pangolin/config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates networks: default: driver: bridge name: pangolin ``` config.yml ``` # To see all available options, please visit the docs: # https://docs.fossorial.io/Pangolin/Configuration/config app: dashboard_url: "http://localhost:3002" log_level: "debug" save_logs: false domains: domain1: base_domain: "fiber.house" cert_resolver: "letsencrypt" prefer_wildcard_cert: true server: external_port: 3000 internal_port: 3001 next_port: 3002 internal_hostname: "pangolin" session_cookie_name: "p_session_token" resource_access_token_param: "p_token" resource_access_token_headers: id: "P-Access-Token-Id" token: "P-Access-Token" resource_session_request_param: "p_session_request" cors: origins: ["https://pangolin.fiber.house"] methods: ["GET", "POST", "PUT", "DELETE", "PATCH"] headers: ["X-CSRF-Token", "Content-Type"] credentials: false traefik: http_entrypoint: "web" https_entrypoint: "websecure" gerbil: start_port: 51820 base_endpoint: "localhost" block_size: 24 site_block_size: 30 subnet_group: 100.89.100.0/20 use_subdomain: true rate_limits: global: window_minutes: 1 max_requests: 500 users: server_admin: email: "wat@gmail.com" password: "wat" flags: require_email_verification: false disable_signup_without_invite: true disable_user_create_org: true allow_raw_resources: true allow_base_domain_resources: true ``` traefik_config: ``` api: insecure: true dashboard: true providers: http: endpoint: "http://pangolin:3001/api/v1/traefik-config" pollInterval: "5s" file: filename: "/etc/traefik/dynamic_config.yml" experimental: plugins: badger: moduleName: "github.com/fosrl/badger" version: "v1.1.0" log: level: "DEBUG" format: "common" certificatesResolvers: letsencrypt: acme: dnsChallenge: provider: "cloudflare" email: "wat@gmail.com" storage: "/letsencrypt/acme.json" caServer: "https://acme-v02.api.letsencrypt.org/directory" entryPoints: web: address: ":80" websecure: address: ":443" transport: respondingTimeouts: readTimeout: "30m" http: tls: certResolver: "letsencrypt" serversTransport: insecureSkipVerify: true ``` dynamic_config: ``` http: middlewares: redirect-to-https: redirectScheme: scheme: https routers: # HTTP to HTTPS redirect router main-app-router-redirect: rule: "Host(`pangolin.fiber.house`)" # REPLACE THIS WITH YOUR DOMAIN service: next-service entryPoints: - web middlewares: - redirect-to-https # Next.js router (handles everything except API and WebSocket paths) next-router: rule: "Host(`pangolin.fiber.house`) && !PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN service: next-service entryPoints: - websecure tls: certResolver: letsencrypt domains: - main: "pangolin.fiber.house" sans: - "*.mesh.fiber.house" # API router (handles /api/v1 paths) api-router: rule: "Host(`pangolin.fiber.house`) && PathPrefix(`/api/v1`)" # REPLACE THIS WITH YOUR DOMAIN service: api-service entryPoints: - websecure tls: certResolver: letsencrypt # WebSocket router ws-router: rule: "Host(`pangolin.fiber.house`)" # REPLACE THIS WITH YOUR DOMAIN service: api-service entryPoints: - websecure tls: certResolver: letsencrypt services: next-service: loadBalancer: servers: - url: "http://pangolin:3002" # Next.js server api-service: loadBalancer: servers: - url: "http://pangolin:3000" # API/WebSocket server ```

MrUnknownDE closed this issue

2026-04-05 19:37:07 +02:00

Sign in to join this conversation.

Branches Tags

main

dev

dependabot/npm_and_yarn/dev-minor-updates-b4e5d6b9c5

revert-2766-feature/systemd-install-instructions

dependabot/npm_and_yarn/prod-patch-updates-05702d39f2

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

alerting-rules

private-site-ha

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

No Label stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pangolin#1608