Hi all, I've been trying to deploy the stack using the docker-compose YAML file, as shown in the "how to get started" guide

Hi all,

I’ve been trying to deploy the stack using the docker-compose YAML file as shown in the “how to get started” guide, in the URL https://thethingsstack.io/v3.5.1/guides/getting-started/, but I have not been able to make it work. I’ve created self-signed certificates.

By following the exact steps shown in the guide, a “internal server error” shows up after logging in. If I omit the --redirect-uri flags shown in the configuration steps, the error is replaced by (a seemingly coming from OAuth) error that says “Client is not authorized to request a token using this method”.

What am I doing wrong? I’ve followed the exact steps as the ones in the guide.

Thanks beforehand, bye!

Hi, it’s me again.
No one has encountered this problem? If not, does anyone know if it’s possible to install TTN without using Docker?

Thank you in advice.

In addition, I leave here a screenshot of my problem in case someone has time to help me.


I just installed everything. Followed the guide. And I encounter the same problem as you. I am currently trying to figure out what could be causing it. Will post if I fix it.

Solved it.
Another user posted this:

It seems that I am not getting the certificates from Lets Encrypt, I also do not get any logs or output regarding it. But changing all URLs to HTTP solves it, at least for now.

Hi Fluffybucket, thank you so much! I’ll try it today. I’ll let you know if it works. :grin:

Hi Fluffybucket,

I’ve been trying what you suggested but it has not worked for me. Changing all URLs to HTTP still returns the same “internal server error”. Using HTTPS still fails.

I have some doubts regarding Let’s Encrypt that are not addressed at all in the Getting Started guide. For what I’ve read, I understand Let’s Encrypt works (basically) by making sure the domain belongs to the person requesting the certificate.

If that’s so, then how can I prove the domain thethings.example.com belongs to me when it does not exist? I’ve tried adding an entry to my local /etc/hosts file so that thethings.example.com forwards to my local machine, but this has not worked. Do I really need to own a domain? How else can I make Let’s Encrypt work?

Thank you so much!!!

You can not. You need a valid domain name with a system that can be reached from the internet to use let’s encrypt.
You also need to modify the file and substitute thethings.example.com with your own valid name for things to work.

1 Like

i had the same internal error page but i found a typo in my docker-compose.yml.

i had a space in betwenn = and the secret you use for the oauth command for the console

after deleting the space and running the config commands again all was up and running

Hi kersing,

So, you mean a domain name needs to be registered for me to complete the “Getting Started” guide? This is not stated anywhere in the guide. Moreover, it is stated in the Configuration section that, and I quote, “In this guide we’ll set environment variables in the docker-compose.yml file to configure The Things Stack as a private deployment on thethings.example.com.”.

Hi wasn,

Thanks for the response but that wasn’t the case for us. :grin:

@agispert could you post your docker-compose.yml file?
Also, you could just use an IP instead of a domain name, as a domain name will get resolved to an IP anyway. You can also try and redo the docker-compose run --rm stack is-db create-oauth-client step for the console and see if you entered the correct secret.

Hi fluffybucket,
Here you have my docker-compose.yml.
About the secret, in the logs it says that there is none defined and that it generates one. Is that the problem?

Thanks alot!!!

I am assuming that you have generated a secret for this:

- TTN_LW_CONSOLE_OAUTH_CLIENT_SECRET=<gen_secret> # generate a good one (openssl rand -hex 32)

But this needs to be the same secret used when you create the oauth client for the console, i.e.

docker-compose run --rm stack is-db create-oauth-client \
  --id console \
  --name "Console" \
  --owner admin \
  --secret <gen_secret>\
  --redirect-uri "https://thethings.example.com/console/oauth/callback" \
  --redirect-uri "/console/oauth/callback"

Hi flufybucket,
I did what you said and I still get the same error:


Try and clear cookies and the cache. Just in case it has saved some old token.

Sorry but I wrote it wrong the previus message, I get a different error “Bad Request”. I’ll try to clear the coockies and cache.

I’ve try it. The left window is right after clearing the cookies and cache. The right one is just in incognito mode. Why are they different errors?


Without looking at what the two different requests actually sends, it is hard to know exactly. But I expect that in your cache there is some old token stored that it is using (for oauth). And in the incognito, it does not use that.

I can only think that there has been some configuration error, try and redo everything from scratch.

I have redone the configuration many times. Is there any step that has to be done and is not in the guide? Is anything that I’m forgetting in the docker-compose.yml?