ReTool Self-hosted authentication error

I'm having trouble setting up self-hosted ReTool.

I ran through the steps of Deploy Self-hosted Retool with Docker Compose | Retool Docs.

  • I'm launching docker-compose without workflows, so I deactivated the relevant lines in docker-compose.yml as per the quickstart guide.
  • I used tryretool/backend:3.24.14
  • I use the command docker-compose up to launch. No sudo and no -d. Including sudo does not change the behaviour. The -d flag hides console logs, but I want to see the error message so I can post it here.
  • I get the error
    failed to read /home/bram/Documents/mriguidance/retool-onpremise/docker.env: line 8: unexpected character "+" in variable name
    
    The docker.env file has a variable named JWT_SECRET that takes up four lines. I resolved this error by putting the entire secret on one line.
  • I waited ample time (10 minutes) to make sure all docker containers had a chance to start up. The error I see is as follows:
    retool-onpremise-postgres-1           | 2024-01-31 13:15:18.010 UTC [55] DETAIL:  Password does not match for user "retool_internal_user".
    retool-onpremise-postgres-1           | 	Connection matched pg_hba.conf line 95: "host all all all md5"
    retool-onpremise-api-1                | Failing checking database migrations
    retool-onpremise-api-1                | /node_modules/sequelize/lib/dialects/postgres/connection-manager.js:143
    retool-onpremise-api-1                |                 reject(new sequelizeErrors.ConnectionError(err));
    retool-onpremise-api-1                |                        ^
    retool-onpremise-api-1                | 
    retool-onpremise-api-1                | ConnectionError [SequelizeConnectionError]: password authentication failed for user "retool_internal_user"
    retool-onpremise-api-1                |     at Client._connectionCallback (/node_modules/sequelize/lib/dialects/postgres/connection-manager.js:143:24)
    retool-onpremise-api-1                |     at Client._handleErrorWhileConnecting (/node_modules/pg/lib/client.js:305:19)
    retool-onpremise-api-1                |     at Client._handleErrorMessage (/node_modules/pg/lib/client.js:325:19)
    retool-onpremise-api-1                |     at Connection.emit (node:events:517:28)
    retool-onpremise-api-1                |     at /node_modules/pg/lib/connection.js:114:12
    retool-onpremise-api-1                |     at Parser.parse (/node_modules/pg-protocol/dist/parser.js:40:17)
    retool-onpremise-api-1                |     at Socket.<anonymous> (/node_modules/pg-protocol/dist/index.js:11:42)
    retool-onpremise-api-1                |     at Socket.emit (node:events:517:28)
    retool-onpremise-api-1                |     at addChunk (node:internal/streams/readable:335:12)
    retool-onpremise-api-1                |     at readableAddChunk (node:internal/streams/readable:308:9) {
    retool-onpremise-api-1                |   parent: error: password authentication failed for user "retool_internal_user"
    retool-onpremise-api-1                |       at Parser.parseErrorMessage (/node_modules/pg-protocol/dist/parser.js:287:98)
    retool-onpremise-api-1                |       at Parser.handlePacket (/node_modules/pg-protocol/dist/parser.js:126:29)
    retool-onpremise-api-1                |       at Parser.parse (/node_modules/pg-protocol/dist/parser.js:39:38)
    retool-onpremise-api-1                |       at Socket.<anonymous> (/node_modules/pg-protocol/dist/index.js:11:42)
    retool-onpremise-api-1                |       at Socket.emit (node:events:517:28)
    retool-onpremise-api-1                |       at addChunk (node:internal/streams/readable:335:12)
    retool-onpremise-api-1                |       at readableAddChunk (node:internal/streams/readable:308:9)
    retool-onpremise-api-1                |       at Readable.push (node:internal/streams/readable:245:10)
    retool-onpremise-api-1                |       at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {
    retool-onpremise-api-1                |     length: 116,
    retool-onpremise-api-1                |     severity: 'FATAL',
    retool-onpremise-api-1                |     code: '28P01',
    retool-onpremise-api-1                |     detail: undefined,
    retool-onpremise-api-1                |     hint: undefined,
    retool-onpremise-api-1                |     position: undefined,
    retool-onpremise-api-1                |     internalPosition: undefined,
    retool-onpremise-api-1                |     internalQuery: undefined,
    retool-onpremise-api-1                |     where: undefined,
    retool-onpremise-api-1                |     schema: undefined,
    retool-onpremise-api-1                |     table: undefined,
    retool-onpremise-api-1                |     column: undefined,
    retool-onpremise-api-1                |     dataType: undefined,
    retool-onpremise-api-1                |     constraint: undefined,
    retool-onpremise-api-1                |     file: 'auth.c',
    retool-onpremise-api-1                |     line: '337',
    retool-onpremise-api-1                |     routine: 'auth_failed'
    retool-onpremise-api-1                |   },
    retool-onpremise-api-1                |   original: error: password authentication failed for user "retool_internal_user"
    retool-onpremise-api-1                |       at Parser.parseErrorMessage (/node_modules/pg-protocol/dist/parser.js:287:98)
    retool-onpremise-api-1                |       at Parser.handlePacket (/node_modules/pg-protocol/dist/parser.js:126:29)
    retool-onpremise-api-1                |       at Parser.parse (/node_modules/pg-protocol/dist/parser.js:39:38)
    retool-onpremise-api-1                |       at Socket.<anonymous> (/node_modules/pg-protocol/dist/index.js:11:42)
    retool-onpremise-api-1                |       at Socket.emit (node:events:517:28)
    retool-onpremise-api-1                |       at addChunk (node:internal/streams/readable:335:12)
    retool-onpremise-api-1                |       at readableAddChunk (node:internal/streams/readable:308:9)
    retool-onpremise-api-1                |       at Readable.push (node:internal/streams/readable:245:10)
    retool-onpremise-api-1                |       at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {
    retool-onpremise-api-1                |     length: 116,
    retool-onpremise-api-1                |     severity: 'FATAL',
    retool-onpremise-api-1                |     code: '28P01',
    retool-onpremise-api-1                |     detail: undefined,
    retool-onpremise-api-1                |     hint: undefined,
    retool-onpremise-api-1                |     position: undefined,
    retool-onpremise-api-1                |     internalPosition: undefined,
    retool-onpremise-api-1                |     internalQuery: undefined,
    retool-onpremise-api-1                |     where: undefined,
    retool-onpremise-api-1                |     schema: undefined,
    retool-onpremise-api-1                |     table: undefined,
    retool-onpremise-api-1                |     column: undefined,
    retool-onpremise-api-1                |     dataType: undefined,
    retool-onpremise-api-1                |     constraint: undefined,
    retool-onpremise-api-1                |     file: 'auth.c',
    retool-onpremise-api-1                |     line: '337',
    retool-onpremise-api-1                |     routine: 'auth_failed'
    retool-onpremise-api-1                |   }
    retool-onpremise-api-1                | }
    
    It appears the retool-onpremise-api can't login somewhere. It retries every 15 seconds or so, always with the same error message.

I'm guessing my problem is the format of the JWT password. If so, how to set the password for retool_internal_user correctly?

If not, how can I launch ReTool self-hosted?

1 Like

I have set HTTP_PROXY env value in docker.env before compose-up and got the same error message