Postiz on Railway – login page loads but sign-in always bounces back to /login
izdaeco
FREEOP

a month ago

Service/Image

  • Host: https://postiz-production-a911.up.railway.app

  • Platform: Railway

  • Image: ghcr.io/gitroomhq/postiz-app (no custom code)

Symptom

  • /login loads normally.

  • Submitting credentials does not log in; it redirects back to /login (no visible error).

  • This is not a 404 problem; the page exists but session is never established.

What’s currently set (env):

FRONTEND_URL=https://postiz-production-a911.up.railway.app
NEXT_PUBLIC_BACKEND_URL=https://postiz-production-a911.up.railway.app/api
JWT_SECRET=*** set ***
(IS_GENERAL may be set depending on docs; please confirm if required)

Deployment: container uses its default entrypoint; Railway networking points the public domain to the container; no custom reverse proxy.

What I need from you to resolve:

  1. Confirm the required env list for the official image to enable login (exact keys and which are mandatory).

  2. Confirm the expected login/auth endpoints the image handles (what path is posted on submit) and whether a Set-Cookie session/JWT cookie should be issued on success.

  3. Check if the image on Railway needs any special header/port setting for cookies to stick on a *.up.railway.app HTTPS domain.

  4. Tell us if IS_GENERAL=true is required for self-host to expose normal auth, and whether any other auth flags (e.g., cookie name/domain, secure/samesite) must be set via env.

  5. If possible, point to a minimal, known-good env block for this image on Railway that results in a successful login.

Why this matters: the UI renders, but after form submit the app never persists a session (classic “login → refresh → back to /login”). We need the exact env/flags the official container expects on Railway so the cookie/session is created.

Thanks!

$10 Bounty

15 Replies

Railway
BOT

a month ago

Hey there! We've found the following might help you get unblocked faster:

If you find the answer from one of these, please let us know by solving the thread!

samgordon
PROTop 5% Contributor

a month ago

https://docs.postiz.com/installation/docker-compose

According to this it needs a ton more than just the main image to function.

samgordon

https://docs.postiz.com/installation/docker-composeAccording to this it needs a ton more than just the main image to function.

izdaeco
FREEOP

a month ago

Thanks Sam for your reply, I have the App on Railway with Postiz + Postgres + Redis running.
Symptom:/login loads, but after submit it bounces back to /login (no error).

Can you confirm the minimal, known-good env for self-host so sessions work?

FRONTEND_URL = https://<our-domain>
NEXT_PUBLIC_BACKEND_URL = https://<our-domain>/api
MAIN_URL = https://<our-domain>
JWT_SECRET = <set>
DATABASE_URL = postgres://...
REDIS_URL = redis://...
IS_GENERAL = true   (required?)
NOT_SECURED = true  (only if no HTTPS?)

Also: any cookie flags or special headers needed on Railway (*.up.railway.app)?

izdaeco

Thanks Sam for your reply, I have the App on Railway with Postiz + Postgres + Redis running.Symptom:/login loads, but after submit it bounces back to /login (no error).Can you confirm the minimal, known-good env for self-host so sessions work?FRONTEND_URL = https://<our-domain> NEXT_PUBLIC_BACKEND_URL = https://<our-domain>/api MAIN_URL = https://<our-domain> JWT_SECRET = <set> DATABASE_URL = postgres://... REDIS_URL = redis://... IS_GENERAL = true (required?) NOT_SECURED = true (only if no HTTPS?)Also: any cookie flags or special headers needed on Railway (*.up.railway.app)?

samgordon
PROTop 5% Contributor

a month ago

Is there an error in the service's deployment logs?

samgordon

Is there an error in the service's deployment logs?

izdaeco
FREEOP

a month ago

No — nothing obvious in deploy logs.
Container starts clean; health is OK. Login attempts don’t throw errors or stack traces — they just 302/redirect back to /login. Example from earlier: requestId qlLBbGZvSSCiS6iZnpoFkQ (GET /auth/login → 404 at that time). Now /login renders but sign-in still bounces with no error line. Looks like a session/auth config issue, not a crash.

samgordon
PROTop 5% Contributor

a month ago

Please just share your entire deployment logs.

samgordon

Please just share your entire deployment logs.

izdaeco
FREEOP

a month ago

2025-11-08T19:20:58.827559880Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RoutesResolver] AutopostController {/autopost}: +0ms 2025-11-08T19:20:58.827565245Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost, GET} route +0ms 2025-11-08T19:20:58.827571279Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost, POST} route +0ms 2025-11-08T19:20:58.827576002Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost/:id, PUT} route +0ms 2025-11-08T19:20:58.827581939Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost/:id, DELETE} route +0ms 2025-11-08T19:20:58.827587994Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost/:id/active, POST} route +0ms 2025-11-08T19:20:58.827593860Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/autopost/send, POST} route +0ms 2025-11-08T19:20:58.827600067Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RoutesResolver] SetsController {/sets}: +0ms 2025-11-08T19:20:58.830510676Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/sets, GET} route +0ms 2025-11-08T19:20:58.830517566Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/sets, POST} route +0ms 2025-11-08T19:20:58.830525082Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/sets, PUT} route +1ms 2025-11-08T19:20:58.830531886Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/sets/:id, DELETE} route +0ms 2025-11-08T19:20:58.830538715Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RoutesResolver] ThirdPartyController {/third-party}: +0ms 2025-11-08T19:20:58.830545651Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party/list, GET} route +0ms 2025-11-08T19:20:58.830552350Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party, GET} route +0ms 2025-11-08T19:20:58.830558521Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party/:id, DELETE} route +2ms 2025-11-08T19:20:58.830568611Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party/:id/submit, POST} route +0ms 2025-11-08T19:20:58.830575953Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party/function/:id/:functionName, POST} route +0ms 2025-11-08T19:20:58.832876957Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/third-party/:identifier, POST} route +0ms 2025-11-08T19:20:58.832886179Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RoutesResolver] PublicIntegrationsController {/public/v1}: +0ms 2025-11-08T19:20:58.832893246Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/public/v1/upload, POST} route +1ms 2025-11-08T19:20:58.832928255Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/public/v1/find-slot/:id, GET} route +0ms 2025-11-08T19:20:58.832935818Z [inf] 2|backend | [Nest] 74232 - 11/08/2025, 7:20:58 PM  LOG [RouterExplorer] Mapped {/public/v1/posts, GET} route +0ms 2025-11-08T19:20:58.832941224Z [inf] 2|b

samgordon
PROTop 5% Contributor

a month ago

Please understand that is the most unreadable format.

Are these HTTP logs or deployment logs.

izdaeco
FREEOP

a month ago

Should I get json or csv?

izdaeco
FREEOP

a month ago

and they are deployment. these are http

You reached the start of the range

Nov 8, 2025, 1:18 AM

POST

/api/auth/login

502

499ms

GET

/

307

316ms

GET

/auth

200

733ms

GET

/_next/static/media/636a5ac981f94f8b-s.p.woff2

200

10ms

GET

/_next/static/media/c49dcee81b580683-s.p.woff2

200

10ms

GET

/_next/static/css/33837376c2418a71.css

200

18ms

GET

/_next/static/css/af6cfd20f90a7281.css

200

19ms

GET

/_next/static/css/2756a78c11fa7da5.css

200

19ms

GET

/_next/static/css/573491d13f406afa.css

200

21ms

GET

/_next/static/css/5aead8e379fe8d39.css

200

21ms

GET

/_next/static/chunks/main-app-38c8a49396c520cc.js

200

56ms

GET

/_next/static/chunks/webpack-8b7cedae782b0c42.js

200

56ms

GET

/_next/static/chunks/203-ed4af3ab328cf23b.js

200

54ms

GET

/_next/static/chunks/5530-1d9ce0ceb531781c.js

200

54ms

GET

/_next/static/chunks/1554-23f8b6a1eebafea2.js

200

44ms

GET

/_next/static/chunks/app/global-error-0257ff716bd086ab.js

200

55ms

GET

/_next/static/chunks/5994-392ab905f3477325.js

200

54ms

GET

/_next/static/chunks/3950-86124086d009e9e7.js

200

44ms

GET

/_next/static/chunks/6340-ab304623a629e67d.js

200

44ms

GET

/_next/static/chunks/app/(app)/auth/page-66bd0c7f3957ee0e.js

200

44ms

GET

/_next/static/chunks/3679-fadc2a26454a712b.js

200

54ms

GET

/_next/static/chunks/3014-5f0c32748e3d2489.js

200

129ms

GET

/_next/static/chunks/3370-f544efd7da9afa96.js

200

130ms

GET

/_next/static/chunks/app/(app)/layout-6488b83762aea775.js

200

128ms

GET

/_next/static/chunks/3765-64fcbd530994e45e.js

200

119ms

GET

/_next/static/chunks/app/(app)/auth/layout-0b60fdc45c9ebd1f.js

200

119ms

GET

/_next/static/chunks/7376-bad9088320d8f11d.js

200

119ms

GET

/_next/static/css/e9613564b08b581c.css

200

172ms

GET

/_next/static/chunks/4199-350fd1fc5ed6dd88.js

200

130ms

GET

/_next/static/chunks/9327-77510703535902ab.js

200

208ms

GET

/_next/static/chunks/938-1efb2c5be4e65c5f.js

200

199ms

GET

/_next/static/chunks/1528-fa991afec8e3d341.js

200

211ms

GET

/_next/static/chunks/4763-e9693363768839dd.js

200

199ms

GET

/_next/static/chunks/59c6eb5a-5e08dc3fd5501795.js

200

210ms

GET

/_next/static/chunks/1dd3208c-819023a06e8df5d7.js

200

211ms

GET

/_next/static/chunks/cd24890f-b0a50f11ebc40b2b.js

200

210ms

GET

/_next/static/chunks/5258-270baf38a4b7de63.js

200

209ms

GET

/_next/static/chunks/fce859f2-a04ab799863cbf0a.js

200

201ms

GET

/postiz.svg

200

4ms

GET

/_next/static/chunks/911.8219a19f7f2a4f8a.js

200

5ms

GET

/auth/login

200

59ms

GET

/auth/login-box.png

304

26ms

GET

/auth/bg-login.png

304

6ms

GET

/auth/login-box.png

200

564ms

GET

/auth/bg-login.png

200

567ms

GET

/favicon.ico

200

4ms

POST

/api/auth/register

200

351ms

GET

/launches

307

8ms

GET

/auth/login

200

21ms

GET

/_next/static/chunks/app/(app)/auth/login/page-5475cf1ef2953509.js

200

27ms

GET

/_next/static/chunks/2c344fa8-0fa1775378bfb4a1.js

200

31ms

GET

/auth

200

123ms

GET

/_next/static/chunks/9429-fd0efc331d577460.js

200

110ms

GET

/auth/bg-login.png

304

6ms

GET

/auth/login-box.png

304

10ms

GET

/postiz.svg

304

7ms

GET

/auth/login

200

10ms

GET

/auth/login

200

183ms

GET

/_next/static/chunks/app/(app)/auth/login/page-5475cf1ef2953509.js

200

4ms

GET

/_next/static/chunks/2c344fa8-0fa1775378bfb4a1.js

200

6ms

GET

/_next/static/chunks/9429-fd0efc331d577460.js

200

176ms

GET

/_next/static/css/34a72a2dfc6ca7d9.css

200

4ms

GET

/auth

200

23ms

GET

/auth/forgot

200

23ms

POST

/api/auth/login

200

83ms

GET

/auth/login

200

124ms

GET

/auth/bg-login.png

304

6ms

GET

/postiz.svg

304

6ms

GET

/auth/login-box.png

304

16ms

GET

/auth

200

16ms

GET

/auth/forgot

200

15ms

GET

/favicon.ico

304

3ms

GET

/auth/login

200

36ms

GET

/auth

200

13ms

GET

/auth/forgot

200

15ms

GET

/auth/login

200

33ms

GET

/auth/login

200

38ms

GET

/auth/bg-login.png

304

8ms

GET

/auth/login-box.png

304

13ms

GET

/postiz.svg

304

14ms

GET

/auth

200

20ms

GET

/auth/forgot

200

20ms

GET

/favicon.ico

304

3ms

GET

/auth/login-box.png

200

3s

GET

/auth/bg-login.png

200

3s

POST

/api/auth/login

200

83ms

GET

/auth/login

200

32ms

GET

/postiz.svg

304

6ms

GET

/auth/login-box.png

304

12ms

GET

/auth/bg-login.png

304

13ms

GET

/auth/forgot

200

14ms

GET

/auth

200

15ms

GET

/auth/login-box.png

304

8ms

GET

/auth/bg-login.png

304

9ms

GET

/favicon.ico

304

2ms

POST

/api/auth/login

200

84ms

GET

/auth/login

200

31ms

GET

/auth/bg-login.png

304

5ms

GET

/postiz.svg

304

4ms

GET

/auth/login-box.png

304

8ms

GET

/auth

200

17ms

GET

/auth/forgot

200

17ms

GET

/auth/bg-login.png

304

18ms

GET

/auth/login-box.png

304

18ms

GET

/favicon.ico

304

3ms

izdaeco
FREEOP

a month ago

I got both formats json and csv attached. Im new to this and use chatgpt to understand and reply. Thanks for your help we need it because he cant figure it out

Attachments

logs.176263...
logs.176263...
izdaeco
FREEOP

a month ago

Sam the login still bounces; logs attached.
Service is Postiz + Postgres + Redis on Railway. /login loads, but submit returns to /login with no error.
Deploy/runtime logs don’t show stack traces or 5xx; looks like session/cookie config.
Can you provide the minimal, known-good env for self-host that enables login/session on a single public URL?
Keys we have/expect:

MAIN_URL = https://<domain>
FRONTEND_URL = https://<domain>
NEXT_PUBLIC_BACKEND_URL = https://<domain>/api
DATABASE_URL = postgres://…
REDIS_URL = redis://…
JWT_SECRET = <set>
IS_GENERAL = true
NOT_SECURED = true  # only if not using HTTPS

Also confirm if any cookie flags are required on *.up.railway.app (domain/SameSite/Secure). Thanks

izdaeco
FREEOP

a month ago

Can anyone offer any help here??

izdaeco

Can anyone offer any help here??

samgordon
PROTop 5% Contributor

a month ago

I would recommend asking in a support area more dedicated to your service. This is not a Railway issue.

candide
HOBBY

a month ago

You might need to add the following env variable to the template:

NOT_SECURED=false

(ref: https://github.com/gitroomhq/postiz-app/issues/1007)

Loading...