Initial setup fails with 404 - Web UI sends API requests to wrong port #956

New Issue

Closed

opened 2026-04-05 18:03:00 +02:00 by MrUnknownDE · 0 comments

MrUnknownDE commented 2026-04-05 18:03:00 +02:00

Owner

Copy Link

Originally created by @stlas on 9/5/2025

Bug Description

When attempting to create the initial server admin account through the Web UI, the request fails with a 404 error. The Web UI incorrectly sends API requests to port 8080 (Web UI port) instead of port 3000 (API port).

Steps to Reproduce

1. Fresh installation of Pangolin (tested with v1.8.0 and latest)
2. Start container with standard port mapping:
   • 3000:3000 (API)
   • 8080:3002 (Web UI)
3. Navigate to http://server:8080
4. Fill in initial setup form with email, password, and setup token
5. Click "Create Admin Account"
6. Observe 404 error

Expected Behavior

API request should go to http://server:3000/api/v1/auth/set-server-admin

Actual Behavior

API request goes to http://server:8080/api/v1/auth/set-server-admin (wrong port)

Environment

• Pangolin Version: 1.8.0, 1.9.3, latest
• Deployment: Docker (fosrl/pangolin)
• OS: Debian 12
• Browser: Chrome/Firefox (all affected)

Additional Context

• Setup token is correctly generated in logs: Token: xmxfh6yjpyd95zx9so0qh3ed6y39tbam
• Database shows token exists and is unused
• Direct API calls to port 3000 fail with "CSRF token missing or invalid"
• Network tab shows: PUT http://server:8080/api/v1/auth/set-server-admin 404 (Not Found)

Workaround Attempts

1. ✗ Nginx reverse proxy - Still hits wrong port
2. ✗ Direct API calls - Blocked by CSRF protection
3. ✗ Different versions - All affected

Suggested Fix

The Next.js frontend should be configured to send API requests to the correct port (3000) or use relative URLs that get properly proxied.

Config Used

app:
  dashboard_url: "http://XXX.XXX.XXX.XXX:8080"
  log_level: "info"

server:
  external_port: 3000
  internal_port: 3001
  next_port: 3002
  secret: "secret-key-here"

domains:
  example:
    base_domain: "example.com"
    cert_resolver: "self-signed"

This makes initial setup impossible without modifying the deployment or using workarounds.

*Originally created by @stlas on 9/5/2025* ### Bug Description When attempting to create the initial server admin account through the Web UI, the request fails with a 404 error. The Web UI incorrectly sends API requests to port 8080 (Web UI port) instead of port 3000 (API port). ### Steps to Reproduce 1. Fresh installation of Pangolin (tested with v1.8.0 and latest) 2. Start container with standard port mapping: - 3000:3000 (API) - 8080:3002 (Web UI) 3. Navigate to `http://server:8080` 4. Fill in initial setup form with email, password, and setup token 5. Click "Create Admin Account" 6. Observe 404 error ### Expected Behavior API request should go to `http://server:3000/api/v1/auth/set-server-admin` ### Actual Behavior API request goes to `http://server:8080/api/v1/auth/set-server-admin` (wrong port) ### Environment - **Pangolin Version:** 1.8.0, 1.9.3, latest - **Deployment:** Docker (fosrl/pangolin) - **OS:** Debian 12 - **Browser:** Chrome/Firefox (all affected) ### Additional Context - Setup token is correctly generated in logs: `Token: xmxfh6yjpyd95zx9so0qh3ed6y39tbam` - Database shows token exists and is unused - Direct API calls to port 3000 fail with "CSRF token missing or invalid" - Network tab shows: `PUT http://server:8080/api/v1/auth/set-server-admin 404 (Not Found)` ### Workaround Attempts 1. ✗ Nginx reverse proxy - Still hits wrong port 2. ✗ Direct API calls - Blocked by CSRF protection 3. ✗ Different versions - All affected ### Suggested Fix The Next.js frontend should be configured to send API requests to the correct port (3000) or use relative URLs that get properly proxied. ### Config Used ```yaml app: dashboard_url: "http://XXX.XXX.XXX.XXX:8080" log_level: "info" server: external_port: 3000 internal_port: 3001 next_port: 3002 secret: "secret-key-here" domains: example: base_domain: "example.com" cert_resolver: "self-signed" ``` This makes initial setup impossible without modifying the deployment or using workarounds.

MrUnknownDE closed this issue 2026-04-05 18:03:00 +02:00

MrUnknownDE added the stalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestalestale labels 2026-04-05 18:03:03 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/dev-minor-updates-b4e5d6b9c5

revert-2766-feature/systemd-install-instructions

dependabot/npm_and_yarn/prod-patch-updates-05702d39f2

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

alerting-rules

private-site-ha

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4

1.15.4-s.1

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.1-s.1

1.15.2

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

Improvement

Improvement

Improvement

Improvement

Look Into

Security

Security

api

api

authentication

authentication

authentication

authentication

authentication

authentication

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

config

config

config

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

docker

docker

docker

docker

docker

documentation

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

go

go

go

go

go

go

go

go

go

go

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

networking

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

question

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

ui

ui

ui

ui

ui

ui

wontfix

No Label stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

MrUnknownDE

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pangolin#956