Self hosted install keeps redirecting to login page


I installed retool on my desktop using docker compose. It came up fine and directed me to the login page. But after creating an Id, it keeps prompting me back to the login page when I try to login.

Could anyone give pointers on how to make it work.

Hey @suppandi - Have you tried uncommenting COOKIE_INSECURE=true in docker.env, and restarting the containers? That allows sending cookies over HTTP if we haven't set up a load balancer for HTTPS yet.

1 Like

That worked for me!

Do we need a load balancer to login via https:// ?

I would love to be able to connect via but currently I can only access by going to the server ip address directly, which then leads to errors about site security).

Any advice much appreciated :slight_smile:

Hey @bg1900 - You need something to handle TLS in order to have a secure connection, as the Retool app itself just runs unencrypted on the configured port (default of 3000 in all our deployment templates). If nothing is handling it, you can still access over HTTP with the above environment variable.

At least for docker-comose deployments, we include the https-portal container to handle automatically getting a free cert from Let's Encrypt, configuring an nginx server to use them, and then forwarding all the traffic it decrypts over to the Retool container. All you need for this to work is to configure any domain you own to route to your server's IP address (can get an unclaimed one from a registrar to use for a year for like $12 depending on the name).

Hi jamnn, thanks for the quick response!

I am using Docker on ubuntu.

So if I run a self-hosted Retool instance on a Digitalocean droplet then I can just point my website to that Droplet's IP address? and then in the "docker.env' file i just have it as --> http://api:3000 ?

No prob! I'm not super familiar with anything on the DigitalOcean side, would start a new post if you have more questions on that specifically since we're a little off of the original post. But in general, the --> http://api:3000 configuration in docker.env is for the https-portal container I mentioned. With that config, it requests a cert for (so you need to have set that domain's DNS to the server's public IP address independent of how it's hosted), listens for HTTP/HTTPS traffic on ports 80/443 of the host machine, and then forwards that traffic to port 3000 of the main Retool/api container.

ah ok. So so long as the firewall of the server hosting the retool allows connection on ports 80 and 443 then it should all work?

Yup! The traffic flow will look something like the diagram below, where the green containers are running on the server hosting Retool. 80 is really just needed to initially get the certs, and then 443 is what will be used after obtaining.

1 Like

perfect, all working now!

1 Like