Unable to login to account due to Cookie "auth-token" has been rejected

Current issue:
When attempting to sign-in to my local penpot account I receive a banner saying “Something wrong has happened”. When investigating the network activity and console logs in my browser I see the following:

I was not able to find any noteworthy logs on the backend/frontend containers however I could supply this if needed.

Current setup:
On a remote computer over LAN I am trying to connect to a hosted penpot server using the docker-compose provided in the tutorial.

Things I’ve Tried:

  1. I noticed some users on various other threads recommend adding the following flag to the docker-compose: disable-secure-session-cookies. I have tried this and saw no change in the issue described above after re-deploying the docker containers.
  2. My local server has a public domain with SSL cert. which I manage traffic to via nginx proxy manager hosted on the same machine. I tried putting penpot behind this public URI but I did not have any success (never resolves host). I know the docker-compose comes with traefik but I did not enable it assuming the two would have issues together. I was curious if anyone else has success putting penpot behind nginx reverse proxy? I’d imagine getting it to work with nginx would resolve this cookie issue as I would have a SSL cert when users access.

Other notes:

  • I used Portainer stacks to deploy the docker-compose file
  • I was able to run the docker-compose file on my local machine and create an account successfully. This issue only occurred when using the same docker-compose on another device on my LAN and then trying to access it remotely on the LAN.
  • I would eventually like to put this behind a reverse proxy (nginx is what I currently use)

Any help would be much appreciated, thank you!

Hello, @beggr , thanks for joining our community.

By default, Penpot uses secure cookies; this means that both the frontend and the backend must be served from a https connection.

You can try to enable SSL in your proxy. Or else, can disable secure session cookies with a configuration flag, but this is not recommended for production usage.

By the way, Penpot docker images already use nginx as a reverse proxy to the application. Perhaps you don’t need to put another one in front of it. Or you can look at docker configuration files to see how to setup yours.