Openid-configuration url timeout

james

Hello @tlem4
Can you provide me the full box log after a systemctl restart box.service?

TLeM4

box.log after the command:

2026-04-17T15:11:17.390Z box: Received SIGTERM. Shutting down.
2026-04-17T15:11:17.390Z platform: uninitializing platform
2026-04-17T15:11:17.391Z platform: onDeactivated: stopping post activation services
2026-04-17T15:11:17.392Z tasks: stopAllTasks: 0 tasks are running. sending abort signal
2026-04-17T15:11:17.392Z shell: tasks: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/stoptask.sh all
2026-04-17T15:11:17.424Z database: pool closed
2026-04-17T15:11:19.425Z box: Shutdown complete
2026-04-17T15:11:20.804Z server: ==========================================
2026-04-17T15:11:20.804Z server:            Cloudron 9.1.6  
2026-04-17T15:11:20.804Z server: ==========================================
2026-04-17T15:11:20.804Z platform: initialize: start platform
2026-04-17T15:11:20.805Z tasks: stopAllTasks: 0 tasks are running. sending abort signal
2026-04-17T15:11:20.806Z shell: tasks: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/stoptask.sh all
2026-04-17T15:11:20.850Z locks: releaseAll: all locks released
2026-04-17T15:11:20.853Z reverseproxy: writeDashboardConfig: writing dashboard config for mydomain.fr
2026-04-17T15:11:20.857Z shell: reverseproxy: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/restartservice.sh nginx
2026-04-17T15:11:20.993Z oidcserver: Using existing OIDC EdDSA key
2026-04-17T15:11:20.994Z oidcserver: Using existing OIDC RS256 key
2026-04-17T15:11:20.996Z oidcserver: start: create provider for my.mydomain.fr at /openid
2026-04-17T15:11:21.013Z platform: onActivated: starting post activation services
2026-04-17T15:11:21.013Z platform: startInfra: checking infrastructure
2026-04-17T15:11:21.013Z platform: startInfra: infra is uptodate at version 49.9.0
2026-04-17T15:11:21.013Z platform: onInfraReady: platform is ready. infra changed: false
2026-04-17T15:11:21.014Z apps: schedulePendingTasks: scheduling app tasks
2026-04-17T15:11:21.048Z services: applyMemoryLimit: turn {"memoryLimit":536870912,"recoveryMode":false}
2026-04-17T15:11:21.048Z shell: docker: docker update --memory 536870912 --memory-swap -1 turn
2026-04-17T15:11:21.054Z services: applyMemoryLimit: mysql {"memoryLimit":3221225472,"recoveryMode":false}
2026-04-17T15:11:21.055Z shell: docker: docker update --memory 3221225472 --memory-swap -1 mysql
2026-04-17T15:11:21.060Z services: applyMemoryLimit: sftp {"requireAdmin":true}
2026-04-17T15:11:21.060Z shell: docker: docker update --memory 268435456 --memory-swap -1 sftp
2026-04-17T15:11:21.064Z services: applyMemoryLimit: mail {"memoryLimit":3355443200,"recoveryMode":false}
2026-04-17T15:11:21.064Z shell: docker: docker update --memory 3355443200 --memory-swap -1 mail
2026-04-17T15:11:21.067Z services: applyMemoryLimit: postgresql {"memoryLimit":2684354560,"recoveryMode":false}
2026-04-17T15:11:21.067Z shell: docker: docker update --memory 2684354560 --memory-swap -1 postgresql
2026-04-17T15:11:21.073Z services: applyMemoryLimit: graphite {"memoryLimit":671088640}
2026-04-17T15:11:21.073Z shell: docker: docker update --memory 671088640 --memory-swap -1 graphite
2026-04-17T15:11:21.078Z shell: services: grep -q avx /proc/cpuinfo
2026-04-17T15:11:21.094Z apptaskmanager: started
2026-04-17T15:11:21.095Z cron: startJobs: starting cron jobs with hour 3 and minute 39
2026-04-17T15:11:21.148Z services: applyMemoryLimit: skipping mongodb (not running)
2026-04-17T15:11:21.150Z cron: handleBackupScheduleChanged: schedule never (Europe/Paris)
2026-04-17T15:11:21.150Z services: applyMemoryLimit: redis-0660801c-9af3-46d6-8413-045f0d0c9e7a {}
2026-04-17T15:11:21.150Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-0660801c-9af3-46d6-8413-045f0d0c9e7a
2026-04-17T15:11:21.154Z services: applyMemoryLimit: redis-6f68b28b-6d66-42ce-9616-39d7287cfdf7 {}
2026-04-17T15:11:21.154Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-6f68b28b-6d66-42ce-9616-39d7287cfdf7
2026-04-17T15:11:21.158Z services: applyMemoryLimit: redis-90baa052-9e87-4a2e-aade-02fd268255a5 {}
2026-04-17T15:11:21.158Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-90baa052-9e87-4a2e-aade-02fd268255a5
2026-04-17T15:11:21.161Z services: applyMemoryLimit: redis-9965a071-8f10-40a6-9d29-3bb08dd372f9 {}
2026-04-17T15:11:21.161Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-9965a071-8f10-40a6-9d29-3bb08dd372f9
2026-04-17T15:11:21.164Z services: applyMemoryLimit: redis-9cbe1195-9546-486b-aa23-45cbd746360c {}
2026-04-17T15:11:21.164Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-9cbe1195-9546-486b-aa23-45cbd746360c
2026-04-17T15:11:21.168Z services: applyMemoryLimit: redis-65145113-575e-4c78-9a19-749c7b51b597 {}
2026-04-17T15:11:21.168Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-65145113-575e-4c78-9a19-749c7b51b597
2026-04-17T15:11:21.171Z services: applyMemoryLimit: redis-65474843-0d88-42c0-8150-0f179cb76a7b {}
2026-04-17T15:11:21.171Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-65474843-0d88-42c0-8150-0f179cb76a7b
2026-04-17T15:11:21.174Z services: applyMemoryLimit: redis-a688f4ed-bc6e-4c62-86d7-d306eb44bf95 {}
2026-04-17T15:11:21.174Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-a688f4ed-bc6e-4c62-86d7-d306eb44bf95
2026-04-17T15:11:21.180Z services: applyMemoryLimit: redis-f950f135-f861-4fe3-87a3-5bf1805837ff {}
2026-04-17T15:11:21.180Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-f950f135-f861-4fe3-87a3-5bf1805837ff
2026-04-17T15:11:21.183Z services: applyMemoryLimit: redis-bf98bcba-ecff-47a5-bc71-238f557dd0ab {}
2026-04-17T15:11:21.183Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-bf98bcba-ecff-47a5-bc71-238f557dd0ab
2026-04-17T15:11:21.187Z cron: handleBackupScheduleChanged: schedule 00 00 13 * * * (Europe/Paris)
2026-04-17T15:11:21.198Z cron: handleBackupScheduleChanged: schedule 00 00 3 * * * (Europe/Paris)
2026-04-17T15:11:21.209Z cron: handleAutoupdateConfigChanged: schedule - 00 00 2 * * */Europe/Paris, policy - platform_and_apps
2026-04-17T15:11:21.212Z cron: Dynamic DNS setting changed to false
2026-04-17T15:11:21.213Z dockerproxy: start: listening on 172.18.0.1:3003
2026-04-17T15:11:21.213Z authserver: start: listening on 172.18.0.1:3006
2026-04-17T15:11:30.664Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:40.073Z shell: metrics: lsblk -ndo PKNAME /dev/vda3
2026-04-17T15:11:40.080Z shell: metrics: lsblk -ndo PKNAME /dev/vda
2026-04-17T15:11:40.646Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:50.695Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:51.216Z reverseproxy: writeDefaultConfig: writing configs for endpoint "ip"
2026-04-17T15:11:51.216Z shell: reverseproxy: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/restartservice.sh nginx
2026-04-17T15:11:51.358Z platform: onActivated: finished
2026-04-17T15:12:00.042Z scheduler: sync: clearing jobs of 04f4e451-155e-48be-a19f-54e17fc0bf32 (monica.mydomain2.net)
2026-04-17T15:12:00.044Z docker: deleteContainer: deleting 04f4e451-155e-48be-a19f-54e17fc0bf32-moncron
2026-04-17T15:12:00.138Z scheduler: createJobs: moncron (monica.mydomain2.net) will run in container 04f4e451-155e-48be-a19f-54e17fc0bf32-moncron
2026-04-17T15:12:00.667Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:10.699Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:20.651Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:30.654Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:40.652Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:50.651Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:13:00.654Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
{
  path: '/well-known-handler/openid-configuration',
  status: 500,
  error: ServerError [ServiceUnavailableError]: Response timeout
      at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/connect-timeout/index.js:84:8)
      at IncomingMessage.emit (node:events:508:28)
      at Timeout._onTimeout (/home/yellowtent/box/node_modules/connect-timeout/index.js:49:11)
      at listOnTimeout (node:internal/timers:605:17)
      at process.processTimers (node:internal/timers:541:7) {
    code: 'ETIMEDOUT',
    timeout: 60000
  }
}
2026-04-17T15:13:10.642Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive

james

Hello @tlem4
Can you please also share the output of:

journalctl -u nginx.service --no-pager

only the lines directly after the restart of the box.service are needed.

TLeM4

There are multiple restart here:

Apr 17 15:24:56 v2202511123714403001 nginx[95120]: 2026/04/17 15:24:56 [error] 95120#95120: *20887 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:24:56 v2202511123714403001 nginx[95120]: 2026/04/17 15:24:56 [error] 95120#95120: *20887 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/cloudron/status HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/cloudron/status", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:26:37 v2202511123714403001 nginx[97591]: 2026/04/17 15:26:37 [error] 97591#97591: *21376 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:26:37 v2202511123714403001 nginx[97591]: 2026/04/17 15:26:37 [error] 97591#97591: *21376 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/cloudron/status HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/cloudron/status", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"

james

Hello @tlem4
I don't think I will be able to assist here much further.
Please write a mail to support@cloudron.io and enable remote-support on your server.

james

Hello @tlem4
Another user is also running into this issue, so there is something going on.

nebulon

I was able to look at the logs, and I can see those occasional timeouts, but there is nothing further to match this to anything related as far as I can tell. Unless there is some temporary occasional network routing issue where we end up with timeouts, all I can think of that the system might be under heavy load in brief moments (below 1min) causing such a timeout.

TLeM4

Hi @nebulon ,
Thanks for investigation, but I'm sorry i don't think it's the explanation.
On friday we were able to reproduce the behavior just by going to the "/.well-known/openid-configuration" from our browsers but also from the server itself with wget, excluding any external network issue.
Your troubleshooting report tool also report same issue with some other path, the openid path is only the best one to see the issue.
The explanation of occasional timeouts is probably because the server has not many users and many apps do not require re-login or other path that has issue.

Finally, even if heavy load is the explanation, we do not change our habits, so were does it come from ? How to avoid that ? All the server load statistics are very good, and i made some test few minutes ago the url just always timeout even locally with wget.

edit: # wget http://127.0.0.1/ is timeouting too

girish

@tlem4 I am able to reproduce it. Making a fix .

girish

Fixed in https://git.cloudron.io/platform/box/-/commit/8251b4d0c7af80d93f637820d4828ad58c9ff173

girish

@tlem4 you can patch src/nginxconfig.ejs alone and that should be enough. systemctl restart box will regenerate the actual nginx configs and it will work now. Thanks for reporting!

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Openid-configuration url timeout