I try to install grist on my server using docker, nginx reverse proxy and authentik for authentication. The connection to the side and different teams is possible and authentikation works like a charm but if i open up ore create a new document i always got the information that i’m offline ore the connection is lost.
My docker-compose.yaml:
version: '3'
services:
grist:
image: gristlabs/grist
restart: always
env_file:
- .env
ports:
- "9844:8484"
volumes:
- ./persist:/persist
My .env file:
TZ="Europe/Berlin"
APP_HOME_URL="https://grist.domain.tdl"
APP_DOC_URL="https://grist.domain.tdl"
#APP_DOC_INTERNAL_URL="http://localhost:8484"
GRIST_PAGE_TITLE_SUFFIX=" - Grist"
GRIST_DEFAULT_EMAIL=mymailaddress@local.host
GRIST_SESSION_SECRET=<SomeSecret>
GRIST_SANDBOX_FLAVOR=gvisor
#GRIST_ORG_IN_PATH=true
#GRIST_DATA_DIR=/persist/docs
#GRIST_SINGLE_ORG=grist
# Authentik
GRIST_SAML_IDP_LOGIN=https://login.domain.tdl/application/saml/grist/sso/binding/redirect/
GRIST_SAML_IDP_LOGOUT=https://login.domain.tdl/if/session-end/grist
GRIST_SAML_SP_HOST=https://grist.domain.tdl
GRIST_SAML_SP_KEY=/persist/Grist_private_key.pem
GRIST_SAML_SP_CERT=/persist/Grist_certificate.pem
GRIST_SAML_IDP_CERTS=/persist/authentik.pem
GRIST_SAML_IDP_UNENCRYPTED=0
My reverseproxy setting:
server {
listen 0.0.0.0:80 ;
listen [::0]:80 ;
server_name grist.domain.tdl;
location /.well-known/acme-challenge {
root /var/lib/acme/acme-challenge;
auth_basic off;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 0.0.0.0:443 http2 ssl ;
listen [::0]:443 http2 ssl ;
server_name grist.domain.tdl;
location /.well-known/acme-challenge {
root /var/lib/acme/acme-challenge;
auth_basic off;
}
ssl_certificate /var/lib/acme/grist.domain.tdl/fullchain.pem;
ssl_certificate_key /var/lib/acme/grist.domain.tdl/key.pem;
ssl_trusted_certificate /var/lib/acme/grist.domain.tdl/chain.pem;
location / {
proxy_pass http://localhost:9844;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
}
i tried to set the APP_DOC_URL to the grist url and i tried to use APP_DOC_INTERNAL_URL=http://localhost:8484 and i tried it without booth. I run the container without persist volume and without authentik setup only the APP_HOME_URL to the domain i use for grist. But everytime the same issue. The only thing i can figure out is, that the reverse proxy need some modifications but i don’t know which!