I’ve just setup headscale in docker and it worked right away. It’s even faster than when I was using tailscale. It was very easy to setup and I’ve been using it for about a month with no issues. Doesn’t really help but I haven’t used gluetun myself.
I’m using sunshine on my main Linux gaming rig with my own head scale instance running and use moonlight on my client PC and its very nice and smooth. I use it to access my main LAN gaming rig from another remote network. Not sure if that’s your use case but I’ve also used sunshine and moonlight within my lan so I can remotely play on my bedroom TV.
I’ve also tried to run the docker compose file with not changes from the Zitadel documentation, https://zitadel.com/docs/self-hosting/deploy/compose
This is what shows:
[+] Running 3/3
✔ Network root_zitadel Created 0.0s
✘ Container root-db-1 Error 60.8s
✔ Container root-zitadel-1 Created 0.0s
dependency failed to start: container root-db-1 is unhealthy
docker ps -a then shows the root-zitadel-1 container created but not started, I can’t get any logs to show on the root-db-1 container even though it shows as running…
I start the root-zitadel-1 container and restart the root-db-1 container and this is what I get in the logs:
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:45Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:46Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:46Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:47Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:47Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
time="2025-07-24T13:41:48Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:70"
time="2025-07-24T13:41:48Z" level=fatal msg="unable to initialize the database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:63" error="failed to connect to `user=postgres database=postgres`: 172.18.0.2:5432 (db): dial error: dial tcp 172.18.0.2:5432: connect: connection refused"
Here is the compose file I’m using:
services:
postgresql:
image: postgres:16-alpine
container_name: postgresql
restart: unless-stopped
networks:
- authentik
healthcheck:
test: ["CMD-SHELL", "pg_isready -d authentik -U postgres"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ./database:/var/lib/postgresql/data
ports:
- 5432:5432
environment:
POSTGRES_PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
POSTGRES_USER: postgres
POSTGRES_DB: authentik
redis:
image: redis:alpine
container_name: redis
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ./redis:/data
networks:
- authentik
server:
image: ghcr.io/goauthentik/server:2025.6.4
container_name: authentik-server
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: postgres
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
volumes:
- ./media:/media
- ./custom-templates:/templates
ports:
- 9000:9000
- 9443:9443
networks:
- authentik
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
worker:
image: ghcr.io/goauthentik/server:2025.6.4
container_name: authentik-worker
restart: unless-stopped
command: worker
networks:
- authentik
environment:
AUTHENTIK_SECRET_KEY: 0rIgYE/fgWwkkhKXob6jQQ8M8Wp6tJzDc658GGb0C5r0QZOt
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: postgres
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: JKSHDFUHWEUEIORUhdsjhfglsdhuifghert
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
authentik:
Here are the logs when starting up Authentik docker compose:
authentik-worker | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364156.1238139}
authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364157.1261947}
authentik-worker | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":
authentik-server | {"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2025-07-24T13:35:48Z"}
authentik-server | {"event":"Loaded config","level":"debug","path":"/authentik/lib/default.yml","timestamp":"2025-07-24T13:35:48Z"}
authentik-server | {"event":"Loaded config from environment","level":"debug","timestamp":"2025-07-24T13:35:48Z"}
authentik-server | {"event":"Starting HTTP server","level":"info","listen":"0.0.0.0:9000","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
authentik-server | {"event":"Starting Metrics server","level":"info","listen":"0.0.0.0:9300","logger":"authentik.router.metrics","timestamp":"2025-07-24T13:35:49Z"}
authentik-server | {"event":"Starting HTTPS server","level":"info","listen":"0.0.0.0:9443","logger":"authentik.router","timestamp":"2025-07-24T13:35:49Z"}
authentik-server | {"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.613906, "file": "/authentik/lib/default.yml"}
authentik-server | {"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1753364149.6143358, "count": 6}
authentik-server | {"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364149.953862}
authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1753364150.955268}
authentik-server | {"event": "PostgreSQL connection failed, retrying... (connection failed: connection to server at \"172.18.0.3\", port 5432 failed: Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?)", "level": "info", "logger":
time=“2025-07-23T20:49:22Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”
time=“2025-07-23T20:49:22Z” level=fatal msg=“unable to initialize the database” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:68” error=“failed to connect to user=root database=postgres:\n\t127.0.0.1:5432 (localhost): dial error: dial tcp 127.0.0.1:5432: connect: connection refused\n\t[::1]:5432 (localhost): dial error: dial tcp [::1]:5432: connect: connection refused”
time=“2025-07-23T20:49:23Z” level=info msg=“initialization started” caller=“/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:75”
When I run docker compose up it’s initializes all the containers and then the zdb container fails to load and I get the error messages above. I can’t seem to paste my docker compose file or environment files since it formats the code very weirdly and makes it hard to read.
Yeah I’ll grab some logs and post my files tonight when I get time :)
I definitely can’t connect to the container as it doesn’t start. I’ve also tried without the .env file and that doesn’t work either. I’ve even setup a new LXC and started from scratch with the same result. For reference I’m using Ubuntu server so maybe I’ll try a different distro…
Ah thanks for that info I’ll definitely take a look
Can I ask how you have this setup? Do you also have a reverse proxy setup or just WG on your router and everything gets routed via your router?
I used wireguard self hosted for a bit but my work network is pretty locked down and I couldn’t find a UDP port that wasn’t blocked. How are you guys setting up wireguard in your home network? Or is it better to host it on a cloud VM?
I’m using tailscale right now because it punches through every firewall but I don’t like using external providers and I’m worried it will eventually enshittify. I have a cloudflare domain but I can’t really use any UDP port for my VPN as it’s blocked.
Ah that sucks then haha. I’m with you on not caring about early releases, when they are officially released then I care. Also even if that’s the case just put in an option to toggle early releases on or off for each show added no?
I’m surprised there isn’t an option in sonarr to only automatically search for episodes that are released. Unless there is and I’m missing it? In the past year I’ve noticed its worse, I keep getting .lnk files but luckily the system is smart enough to not import them. Hopefully a fix comes soon!
Can somebody suggest another privacy oriented domain hosting provider?