Problem running all-in-one container on Synology (login fails, Sanctum tokens not saved) #2
Description
Hi,
I'm trying to run the Hi.Events all-in-one Docker container on a Synology NAS (DSM 7.2), but I'm facing a persistent login/authentication issue.
The registration form works fine and confirmation emails are sent successfully, but after logging in I always get 401 Unauthorized from /api/users/me.
💻 Environment
Host: Synology NAS (DSM 7.2)
Docker Compose path: /volume1/docker/hi.events/docker/all-in-one
Container base image: serversideup/php:beta-8.3.2-fpm-alpine
Network access: local IP 192.168.178.131
Frontend URL: http://192.168.178.131:8123
docker-compose.yml:
services: all-in-one: build: context: ./../../ dockerfile: Dockerfile.all-in-one container_name: all-in-one ports: - "8123:80" networks: - hi-events-network environment: - APP_ENV=production - APP_DEBUG=false - APP_URL=http://192.168.178.131:8123 - SESSION_DOMAIN=192.168.178.131 - SANCTUM_STATEFUL_DOMAINS=192.168.178.131:8123 - SESSION_SECURE_COOKIE=false - SESSION_SAME_SITE=lax - DATABASE_URL=postgresql://postgres:secret@postgres:5432/hi-events - REDIS_HOST=redis - REDIS_PORT=6379
Registration works (email confirmation is sent and user is stored in DB)
Login request (POST /api/auth/login) returns 200 OK
But subsequent requests to /api/users/me always return 401 Unauthorized
In browser DevTools, no cookies (hi_events_session or XSRF-TOKEN) are stored or sent
The Laravel log contains only this non-fatal warning:
[2025-10-05] production.DEBUG: Stripe secret key is not set...
So the app runs fine otherwise, just cannot persist authentication.
🧠 What I’ve tried
Checked config values in php artisan tinker:
config('session.domain') = "192.168.178.131" config('sanctum.stateful') = ["192.168.178.131:8123"] config('session.secure') = false config('session.same_site') = "lax"
Tried clearing cache and optimizing config:
php artisan config:clear php artisan optimize:clear php artisan cache:clear
Tried changing domain values in .env to localhost, to null, etc.
No difference — cookies are never created or stored.
🧩 Possible cause (guess)
From what I see, modern browsers (Chrome/Edge) don’t accept IP addresses as cookie domain.
That might explain why Sanctum doesn’t issue hi_events_session or XSRF-TOKEN.
So I suspect the SESSION_DOMAIN and SANCTUM_STATEFUL_DOMAINS configuration must be changed for local IP-based deployment (like on a Synology).
❓My questions
What should the correct .env and session.php configuration be for local access via IP (e.g. http://192.168.178.131:8123)?
Should I set SESSION_DOMAIN=null or leave it empty for Synology Docker?
Is there a way to make Sanctum issue cookies even for IP-based URLs (no hostname)?
Are there known issues when running this container behind Synology’s Docker proxy?
Could you provide an example working configuration (.env, docker-compose.yml) for self-hosted LAN setup?
🧾 Logs
From docker logs all-in-one:
GET /api/users/me HTTP/1.1 401
From /app/backend/storage/logs/laravel.log:
[2025-10-05 15:36:43] production.DEBUG: Stripe secret key is not set...
php artisan about:
Laravel 12.25.0, PHP 8.3.2, environment=production session.driver=cookie sanctum.stateful=["192.168.178.131:8123"]
🙏 Thank you!
If someone has successfully deployed Hi.Events on Synology or in a LAN-only environment (no DNS hostname),
please share the correct configuration or .env example to make Sanctum session cookies work properly.