Hi there guys how you doing? I was able to setup gist behind a traefik server with google auth the page opens, redirect to google…I log in on google the authorization apparently gets to grist but it simple doesn’t log on. I tried with regular session and now I’m doing with redis. but still nothing. Got tired of smashing my brains so I decided to ask for your help.
here is my log
2024-09-30 12:31:02.799 - debug: Auth[GET]: grist.mydomain.com /session/access/all customHostSession=, method=GET, host=grist.mydomain.com, path=/session/access/all, org=docs, email=anon@getgrist.com, userId=1, altSessionId=nQpevA8Z8kPY4gqiCuQWGG
2024-09-30 12:31:03.023 - debug: Auth[GET]: grist.mydomain.com /orgs/0/workspaces customHostSession=, method=GET, host=grist.mydomain.com, path=/orgs/0/workspaces, org=docs, email=anon@getgrist.com, userId=1, altSessionId=r2f7xuB2NwAR4WFWvK3x7R
2024-09-30 12:31:32.069 - info: SamlConfig: got SAML response for myemail@myseconddomain.biz (Alexandre Leitão) redirecting to https://grist.mydomain.com/
2024-09-30 12:31:32.071 - error: ScopedSession[g-2d274f802a90e4a1128489a131f7472ba8c33dcde8db582726daeefa2c70445a]: Error updating sessionStore: Error: failed to load session
2024-09-30 12:31:32.120 - debug: Auth[GET]: grist.mydomain.com / customHostSession=, method=GET, host=grist.mydomain.com, path=/, org=docs, email=anon@getgrist.com, userId=1, altSessionId=ox48NsThtR5DNX3CfbuuZ5
2024-09-30 12:31:32.550 - debug: Auth[GET]: grist.mydomain.com /session/access/active customHostSession=, method=GET, host=grist.mydomain.com, path=/session/access/active, org=docs, email=anon@getgrist.com, userId=1, altSessionId=o39xTnETBwFN96iEkgbn17
And here is my compose file. I anonymized all the address but I double checked all of them. Redis is accessible and everything seems to fine apart from not loading the session and not creating a cookie probably
version: '3'
services:
grist:
container_name: grist
image: gristlabs/grist:latest
networks:
- traefik-stack_default
restart: unless-stopped
environment:
- PGID=1000
- PUID=1000
- DEBUG=1
- PORT=8485
- GRIST_BOOT_KEY=notrealkey
- APP_DOC_INTERNAL_URL=https://grist.mydomain.com
- APP_DOC_URL=https://grist.mydomain.com
- APP_HOME_URL=https://grist.mydomain.com
- GRIST_SINGLE_ORG=docs
- GRIST_ORG_IN_PATH=false
- GRIST_SAML_IDP_SKIP_SLO=true
- GRIST_SAML_SP_HOST=https://grist.mydomain.com
- GRIST_SAML_IDP_UNENCRYPTED=true
- GRIST_SAML_IDP_LOGIN=https://accounts.google.com/o/saml2/idp?idpid=notrealkey
- GRIST_SAML_IDP_LOGOUT=https://grist.mydomain.com
- GRIST_SAML_IDP_CERTS=/google/Google_2029-9-29-3912_SAML2_0.pem
- GRIST_SAML_SP_KEY=/google/file_private_key.key
- GRIST_SAML_SP_CERT=/google/certificate.crt
- GRIST_DOMAIN=https://grist.mydomain.com
- GRIST_SESSION_SECRET=notrealkey
- GRIST_SESSION_COOKIE_DOMAIN=grist.mydomain.com
- ALLOWED_ORIGINS=https://grist.mydomain.com
- GRIST_FORCE_SECURE_COOKIES=true
- HTTPS=true
- REDIS_URL=redis://redis:6379
ports:
- "8485:8485" # Port mapping for testing purposes in case Traefik has issues
volumes:
- /mnt/storage/grist/data:/persist
- /mnt/storage/grist/google:/google #certificates are here
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.grist-rtr.entrypoints=websecure"
- "traefik.http.routers.grist-rtr.rule=Host(\"grist.homelab.mydomain.com\") || Host(\"grist.mydomain.com\")"
- "traefik.http.routers.grist-rtr.tls=true"
- "traefik.http.routers.grist-rtr.tls.certresolver=production"
## HTTP Services
- "traefik.http.routers.grist-rtr.service=grist-svc"
- "traefik.http.services.grist-svc.loadbalancer.server.port=8485"
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.grist-rtr.middlewares=https-redirect"
networks:
traefik-stack_default:
external: true
and finally this is how my cookie window looks like when I log in
![image|690x233](upload://cp05PTXhGJR2iv8SpnV5PPko6QE.png)