Unable to open grist-omnibus portal

Adhitya_Virtus · March 2, 2025, 2:12pm

Hi,

I know the same problem seems already asked and answered here:

but I have to re-ask again because it seems I am facing a different errors.

So basically I have deployed grist and grist-oss docker on Truenas Scale 22.12.3.3 without any significant problems, and even have it reversed proxied through Cloudflare tunnel along with my other few docker apps (no traefik used). I’m tempted to use the omnibus version as it will allow me to have multiple users login via Google or Microsoft authentication (that’s what I understand).

I can have the docker deployed with green active status, but I cannot access the URL portal at all, and I’m still trying to use the localhost, no reverse proxy yet. My current installation environment/settings are (inputted through truenas):

HTTPS=auto
TEAM=pgn-fcma
EMAIL=mypersonal@email
PASSWORD=securepassword
URL=http:/localhost:9999
on port forwarding:
- Container port=80
- Node port=9999
- Protocol=TCP
  *Host Path=the same as my grist-oss mount and /persist

When I checked the log, the main error I noticed (keep repeating every few seconds) are:

2025-03-02T13:46:46.125803462Z info [grist-omnibus] Checking dex… at http:/localhost:9999/dex/.well-known/openid-configuration
2025-03-02T13:46:46.126385165Z debug [grist-omnibus] not ready: TypeError [ERR_INVALID_PROTOCOL]: Protocol “http:” not supported. Expected “https:”

So I thought it might be because I’m forwarding port 80 to 9999, which is weird since that is the guide from the official github. So I changed my URL environment to https://localhost:9999 and port forward container port 443 through node port 9999. I restarted the docker again and still cant access the web url, with new error repeating:

2025-03-02T13:51:12.637397470Z info [grist-omnibus] Checking dex… at https:/localhost:9999/dex/.well-known/openid-configuration
2025-03-02T13:51:12.642117016Z debug [grist-omnibus] not ready: FetchError: request to https:/localhost:9999/dex/.well-known/openid-configuration failed, reason: write EPROTO C08C8A405D7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:354:

So now I am stuck and kindly need the community help here. Is it possible because of my certificate? Right now my other docker app using certificate from truescale cert-manager, cloudnative-pg, and prometheus-operator that I set up years ago. Honestly I forgot on how they set up, but I am sure it uses those 3 app/docker to run, so I just let it run for years. But isn’t the omnibus automatically use Let’s Encrypt if I put the HTTPS environment to ‘auto’, it shouldn’t be the problem, right?

Thank you in advance.

PS. I cropped all the double // in each localhost link above to avoid posting links in this thread (new user can’t post links more than 2).

paul-grist · March 3, 2025, 1:25pm

(Just double checking that this is either a typo or what you mean by cropping, and that your setting actually had a double slash?)

If using http and localhost, I’d suggest removing HTTPS=auto since https should not be used in this case.

Switching to https for localhost is a bit tricky, Let’s Encrypt will only work for publicly available domains I’d expect. Some suggestions here:

Adhitya_Virtus · March 4, 2025, 11:54am

Yeah I actually deleted one slash ‘/’ so I can copy it to here without being detected as a link (new user cannot copy more than 2 links).

I still did not find on how to fix this. According to chatgpt before your reply, I should remove HTTPS=auto if i’m using HTTP. I’ve removed it and also change the URL to use the local IP:port directly (since I cannot open my truenas UI via localhost either, so that can be another issue). I’m able to redeploy the container without any error in the log, but somehow still cannot access the web portal, either by local IP (while it works for other truenas GUI and other docker), or by localhost, or by 127.0.0.1. So at this point I give up.

However after reading the documentation, I’ve learned that I don’t actually need Dex for the authentication. Grist-oss already can accept OIDC. So following the guide I’ve managed to set up Google OAuth 2.0 to Grist-oss, since that’s the only thing I need from grist-omnibus anyway.

So thank you!