kondik
kondik2mo ago

now i am trying to make convex auth work

now i am trying to make convex auth work, but i keep having 'could not verify token claim' error, due to the lack of ideas how to make it work, i swapped from selfhost, to cloud solution just to check if its even working and i noticed that auth domain is different in selfhost and cloud (there is also a chance that this is result of me modifying container/coolify env variables)
4 Replies
Emma
Emma2mo ago
This is correct, the default port serving backend traffic is 3210 and the default port for HTTP actions is 3211. So if you want to remove the http you could use a proxy to point a different url to port 3211. You followed the manual instructions for setting up convex auth? what are CONVEX_CLOUD_ORIGIN and CONVEX_SITE_ORIGIN set to?
kondik
kondikOP2mo ago
'CONVEX_CLOUD_ORIGIN=${SERVICE_FQDN_CONVEX_6791}'
'CONVEX_SITE_ORIGIN=${SERVICE_FQDN_CONVEX_6791}/http
'CONVEX_CLOUD_ORIGIN=${SERVICE_FQDN_CONVEX_6791}'
'CONVEX_SITE_ORIGIN=${SERVICE_FQDN_CONVEX_6791}/http
in coolify, where SERVICE_FQDN_CONVEX_6791 equals <backend-url> , the same as CONVEX_SELF_HOSTED_URL in client env originally SERVICE_FQDN_CONVEX_6791 was equal to dashboard url, and i had to change it to be able to go through oauth and yes, i followed manual instructions for auth
Emma
Emma2mo ago
and it worked when you used the cloud product? also to avoid confusion CONVEX_CLOUD_ORIGIN and CONVEX_SITE_ORIGIN are set in the container running your backend. And then your auth environment variables are set with npx convex env or in the dashboardand should be the same as in the cloud product
kondik
kondikOP2mo ago
yeah its working on cloud, i just changed .env.local to cloud urls, and used npx convex dev auth the only difference i used password login, not oauth, but both were not working on selfhost convex cloud origin and site origin are set in docker compose, provided in coolify 
services:
  backend:
    image: 'ghcr.io/get-convex/convex-backend:4499dd4fd7f2148687a7774599c613d052950f46'
    volumes:
      - 'data:/convex/data'
    environment:
      - SERVICE_FQDN_BACKEND_3210
      - 'INSTANCE_NAME=${INSTANCE_NAME:-self-hosted-convex}'
      - 'INSTANCE_SECRET=${SERVICE_HEX_32_SECRET}'
      - 'CONVEX_RELEASE_VERSION_DEV=${CONVEX_RELEASE_VERSION_DEV:-}'
      - 'ACTIONS_USER_TIMEOUT_SECS=${ACTIONS_USER_TIMEOUT_SECS:-}'
      - 'CONVEX_CLOUD_ORIGIN=${SERVICE_FQDN_CONVEX_6791}'
      - 'CONVEX_SITE_ORIGIN=${SERVICE_FQDN_CONVEX_6791}/http'
      - 'DATABASE_URL=${DATABASE_URL:-}'
      - 'DISABLE_BEACON=${DISABLE_BEACON:-}'
      - 'REDACT_LOGS_TO_CLIENT=${REDACT_LOGS_TO_CLIENT:-}'
      - 'CONVEX_SELF_HOSTED_URL=${SERVICE_FQDN_CONVEX_6791}'
    healthcheck:
      test: 'curl -f http://127.0.0.1:3210/version'
      interval: 5s
      start_period: 5s
  dashboard:
    image: 'ghcr.io/get-convex/convex-dashboard:4499dd4fd7f2148687a7774599c613d052950f46'
    environment:
      - SERVICE_FQDN_CONVEX_6791
      - NEXT_PUBLIC_DEPLOYMENT_URL=$SERVICE_FQDN_BACKEND_3210
    depends_on:
      backend:
        condition: service_healthy
    healthcheck:
      test: 'wget -qO- http://127.0.0.1:6791/'
      interval: 5s
      start_period: 5s
services:
  backend:
    image: 'ghcr.io/get-convex/convex-backend:4499dd4fd7f2148687a7774599c613d052950f46'
    volumes:
      - 'data:/convex/data'
    environment:
      - SERVICE_FQDN_BACKEND_3210
      - 'INSTANCE_NAME=${INSTANCE_NAME:-self-hosted-convex}'
      - 'INSTANCE_SECRET=${SERVICE_HEX_32_SECRET}'
      - 'CONVEX_RELEASE_VERSION_DEV=${CONVEX_RELEASE_VERSION_DEV:-}'
      - 'ACTIONS_USER_TIMEOUT_SECS=${ACTIONS_USER_TIMEOUT_SECS:-}'
      - 'CONVEX_CLOUD_ORIGIN=${SERVICE_FQDN_CONVEX_6791}'
      - 'CONVEX_SITE_ORIGIN=${SERVICE_FQDN_CONVEX_6791}/http'
      - 'DATABASE_URL=${DATABASE_URL:-}'
      - 'DISABLE_BEACON=${DISABLE_BEACON:-}'
      - 'REDACT_LOGS_TO_CLIENT=${REDACT_LOGS_TO_CLIENT:-}'
      - 'CONVEX_SELF_HOSTED_URL=${SERVICE_FQDN_CONVEX_6791}'
    healthcheck:
      test: 'curl -f http://127.0.0.1:3210/version'
      interval: 5s
      start_period: 5s
  dashboard:
    image: 'ghcr.io/get-convex/convex-dashboard:4499dd4fd7f2148687a7774599c613d052950f46'
    environment:
      - SERVICE_FQDN_CONVEX_6791
      - NEXT_PUBLIC_DEPLOYMENT_URL=$SERVICE_FQDN_BACKEND_3210
    depends_on:
      backend:
        condition: service_healthy
    healthcheck:
      test: 'wget -qO- http://127.0.0.1:6791/'
      interval: 5s
      start_period: 5s
For now, I'll use a cloud solution, but I hope to migrate to self-hosting in the future.

Did you find this page helpful?