#ENOTFOUND when using Authentik for OAuth

I previously set this up just fine months ago, but yesterday I went to reinstall the mobile app and found I couldn't sign in. I then figured out that sign in worked nowhere. When the sign in page loads, the logs show

[Nest] 8  - 10/07/2023, 8:06:52 PM   ERROR [ExceptionsHandler] getaddrinfo ENOTFOUND auth.domain.com
Error: getaddrinfo ENOTFOUND auth.domain.com
    at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:118:26)

I use Authentik just fine with nextcloud and vikunja, so I'm pretty sure it's not Authentik or my system. Currently logged in sessions work without issue.

Immich v1.81.1

I'm running this on TrueNAS Scale. I did try to run this past the Truecharts people, but integrations between apps is outside of their support scope.

I ran into this issue when my docker container couldn't talk to the DNS server. Make sure the container can resolve that URL.

(using authelia but same exact error)

What's the arg or env variable to set that? Truenas scale apps are close, but not exactly the same, as a normal docker compose install.

Not 100% sure with scale. With docker docker compose you basically do:

version: 2
services:
application:
dns:
8.8.8.8
4.4.4.4
192.168.9.45

So you may need to look up how to do it for Scale

Thanks! I think something's fundamentally wrong with my container, doing nslookup within the immich web container servfail's when it comes to my own domain.

So I figured out the DNS issue. Turns out truenas was calling back to my opnsense router, which didn't have a record to point back to Traefik for my domain.

However... now I'm getting

[Nest] 8  - 10/08/2023, 10:33:33 PM   ERROR [ExceptionsHandler] expected 200 OK, got: 301 Moved Permanently
OPError: expected 200 OK, got: 301 Moved Permanently
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)
    at Issuer.discover (/usr/src/app/node_modules/openid-client/lib/issuer.js:152:20)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthService.getOAuthClient (/usr/src/app/dist/domain/auth/auth.service.js:245:24)
    at async AuthService.authorize (/usr/src/app/dist/domain/auth/auth.service.js:158:24)
    at async /usr/src/app/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:17

when trying to log in.

I did change the issuer URL to https://auth.domain.tld/application/o/immich/.well-known/openid-configuration from /application/o/immich/ and I wonder if that might be the cause.

Is there a way to disable oauth from within the container?

Or just enable password login?

Ah found it
https://immich.app/docs/administration/server-commands

Woo. Got authentik login working again. Saving the issuer URL to https://auth.domain.tld/application/o/immich/ then back to https://auth.domain.tld/application/o/immich/.well-known/openid-configuration seemed to do the trick.

But it seems I was overzealous in my troubleshooting. Was thinking that maybe my container was borked, so deleted and reinstalled it, then restored my previous db backup with pgadmin. Now pics in the webUI don't load and I get a bunch of [Nest] 8 - 10/08/2023, 10:45:50 PM ERROR [AssetService] Cannot create read stream for asset errors.

Along with [Nest] 8 - 10/08/2023, 10:45:59 PM ERROR [ExceptionsHandler] ENOENT: no such file or directory, access 'upload/profile/fa2260ba-ca94-4e91-93d7-f6325125a679/f0f24e74-3a1f-4025-bc34-8135fa2ee5c4.png'

Which yea, that profile dir no longer exists.

In fact, there are no dirs in upload/profile

I don't mind setting this up again, I have all my media mounted into the container. What would be the best way to get things working again?

All my stuff shows under upload/library/admin, which I'm not 100% sure why admin... It's my user on truenas is the only thing that comes to mind.