Nah, nothing to do with the deploy
Nah, nothing to do with the deploy command. So can you see both URLs?
36 Replies
Checking just now ⏲️
Both URLs are present
Can you screenshot it
and where you self hosting this?
Railway or
Na on a VPS, Sure I can Screenshot it, sec
The funny thing is that there's no error message or anything hinting towards non-functionality.
What? When i had the same issue, i can't even live push updates with
bunx convex dev
I can do everything, everything works fine, except for logging in.
Wait, at the end of http actions url, you have
/http at the end i assume?Should look like this
No, it's should not be necessary when you're binding 3210, the http actions get published, I can safely query convex.my-host.com/http/.well-known/openid-configuration and all other auth endpoints
Oh wait 🤔
Do you have railway account, or do you know how to set up in local. We need to troubleshoot this one by one. First we need to find out if it is the issue of the code, then anything else.
I don't have a railway account. Give me a second, I'm gonna see what the CONVEX_SITE_URL comes up with
Maybe that's the issue
CONVEX_SITE_URL is
convex.my-host.com but it should be /http right?Are you using OAuth? If not, you dont even need to set it up according to the doc(if my memory is correct)
Nope, convex_sit_url should be
http://localhost:3000 in dev environmentYeah that's what AI told me before but then I get another error.
That's
SITE_URL I believeThis one right
Yes, that's the setup for the /.well-known/openid-configuration stuff
Apparently it is necessary otherwise convex will present "no auth configuration provider found"
How about you start a fresh new project, with only convex auth set up + your env. Check if any issue.
Having set
CONVEX_SITE_URL to convex.my-host.com/http delivers {"type":"AuthError","error":"No auth provider found matching the given token","baseVersion":0,"authUpdateAttempted":true}
Mh, yeah thought of that but then I would have 2 problems instead of one 😄
It's so funny, so after clearing cookies/localstorage, I get the same result: Login doesn't respond with errors, I get a valid JWT (inspected with jwt.io) but I'm not being logged in.
The issuer is correct with what I have in the authentication tab.
Can you make a screenshot of what your Authentication tab shows?Emm... You’ll probably need to start fresh—forget everything you currently have, set up a new Git project and a new Convex backend from scratch.
Sure sec
]
Which is exactlly the same as HTTP ACTION URL
That's what I have as well
Not in here
Oh yeah I restarted the container
you dont have
/http at the end of Action URL
I did reset it after your first screenshot
And still failing?
Yes
Well ... failing to login. I get a valid JWT 😄
LMAO
convex is too complicated bruh
how about, you host on railway or fly.io first
Yeah that's what I meant by "probably migrating away". Having auth inside convex makes this 10x complicated.
So we can diagnose if it is the issue of VPS
Won't work because of compliance reasons. It's a privacy-RAG application.
I thought of it maybe being a traefik issue, but on the other hand, I never had issues with this before and have a working setup on another machine 😄
It doesn't make sense.
nah, dont put any sensitive data in. Just debugging the auth issue.
I appreciate the suggestion, but I don't see how moving to another hosting provider will help in any way.
I set
npx convex env set AUTH_LOG_LEVEL DEBUG and even with that I don't get any helpful error or info message other than "it worked"
I appreciate your effort though, thank you very much for taking the time. I feel a little less lost right now 🙂I understand the compliance constraints. I suggested deploying to another host simply to help narrow down the cause. Right now we’re looking at two potential culprits:
1. The code
2. The VPS
By isolating them one at a time, we can pinpoint the issue more effectively.
If you can spin up a scaled-down version of your project (without the compliance restrictions) and debug each component step by step, we’re much more likely to find the root cause—otherwise, it’s unlikely we’ll uncover the issue.
What do you mean with
debug each component step by step?
I can bind the container ports into my localhost via ssh tunnel, this way authentication is working. I though about if traefik somehow messes with the JWT but it doesn't appear to do so.
I can do whatever it takes with this bare metal server. That's what I wanted to say 😄
I got it to work in the end 🤦♂️
No traefik shenanigans, simple nginx in front, exposing just my nginx with a forward for convex behind it