Cannot unmarshal string into Go value of type v1.ClientConfig

[obel1x]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

Steps to reproduce

1. Deploy und run HaRP on Docker(rootless) as described at https://github.com/nextcloud/HaRP?tab=readme-ov-file#how-to-install-it
2. Container will become "unhealthy"

Expected behaviour

HaRP- Container should be healthy

Actual behaviour

No HaProxy will be started.

Infos

HaRP Release:
ghcr.io/nextcloud/nextcloud-appapi-harp:release
ID: sha256:e59d072e449fa0fc4d0da2ae5a97d703f34f19d0aa6aa98ec6c3e483adf6a114

Docker Info:

docker@pcserver2023:~> docker info
Client:
 Version:    29.1.2
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  v2.40.3
    Path:     /home/docker/.docker/cli-plugins/docker-compose

Server:
 Containers: 31
  Running: 29
  Paused: 0
  Stopped: 2
 Images: 32
 Server Version: 29.1.2
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1c4457e00facac03ce1d75f7b6777a7a851e5c41
 runc version: v1.3.4-0-gd6d73eb
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  rootless
  cgroupns
 Kernel Version: 6.4.0-150600.23.78-default
 Operating System: openSUSE Leap 15.6
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 30.8GiB
 Name: pcserver2023
 ID: 45699224-ea9c-4865-8dea-a53bb20b788c
 Docker Root Dir: /home/docker/.local/share/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine
 Firewall Backend: iptables

Container- Logs:

INFO: Creating /haproxy.cfg from haproxy.cfg.template...
INFO: No /certs/cert.pem found, disabling HTTPS frontends...
INFO: Final /haproxy.cfg:
# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
###############################################################################
# haproxy.cfg.template
#
# This template is processed by envsubst in start.sh to replace variables:
#   HP_EXAPPS_ADDRESS,
#   HP_EXAPPS_HTTPS_ADDRESS,
#   HP_TIMEOUT_CONNECT,
#   HP_TIMEOUT_CLIENT,
#   HP_TIMEOUT_SERVER,
#
## If /certs/cert.pem is not found, lines containing "_HTTPS_FRONTEND_" are
# commented out automatically in start.sh.
###############################################################################
global
    log stdout local0 warning
    maxconn 8192
    ca-base /etc/ssl/certs
defaults
    log global
    option httplog
    option dontlognull
    timeout connect 30s
    timeout client 30s
    timeout server 1800s
###############################################################################
# FRONTEND: ex_apps (HTTP)
###############################################################################
frontend ex_apps
    mode http
    bind "nextcloud-appapi-harp:8780"
    filter spoe engine exapps-spoe config /etc/haproxy/spoe-agent.conf
    http-request silent-drop if { var(txn.exapps.bad_request) -m int eq 1 }
    http-request return status 401 content-type text/plain string "401 Unauthorized" if { var(txn.exapps.unauthorized) -m int eq 1 }
    http-request return status 403 content-type text/plain string "403 Forbidden" if { var(txn.exapps.forbidden) -m int eq 1 }
    http-request return status 404 content-type text/plain string "404 Not Found" if { var(txn.exapps.not_found) -m int eq 1 }
    use_backend %[var(txn.exapps.backend)]
###############################################################################
# FRONTEND: ex_apps_https (only enabled if /certs/cert.pem exists)
###############################################################################
#_HTTPS_FRONTEND_ frontend ex_apps_https
#_HTTPS_FRONTEND_     mode http
#_HTTPS_FRONTEND_     bind 0.0.0.0:8781 ssl crt /certs/cert.pem
#_HTTPS_FRONTEND_     filter spoe engine exapps-spoe config /etc/haproxy/spoe-agent.conf
#_HTTPS_FRONTEND_     http-request silent-drop if { var(txn.exapps.bad_request) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 401 content-type text/plain string "401 Unauthorized" if { var(txn.exapps.unauthorized) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 403 content-type text/plain string "403 Forbidden" if { var(txn.exapps.forbidden) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 404 content-type text/plain string "404 Not Found" if { var(txn.exapps.not_found) -m int eq 1 }
#_HTTPS_FRONTEND_     use_backend %[var(txn.exapps.backend)]
###############################################################################
# BACKENDS: ex_apps & ex_apps_backend_w_bruteforce
###############################################################################
backend ex_apps_backend
    mode http
    server frp_server 0.0.0.0
    http-request set-path %[var(txn.exapps.target_path)]
    http-request set-dst var(txn.exapps.target_ip)
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-header EX-APP-ID %[var(txn.exapps.exapp_id)]
    http-request set-header EX-APP-VERSION %[var(txn.exapps.exapp_version)]
    http-request set-header AUTHORIZATION-APP-API %[var(txn.exapps.exapp_token)]
    http-request set-header AA-VERSION "32"  # TO-DO: temporary, remove it after we update all ExApps.
backend ex_apps_backend_w_bruteforce
    mode http
    server frp_server 0.0.0.0
    http-request set-path %[var(txn.exapps.target_path)]
    http-request set-dst var(txn.exapps.target_ip)
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-header EX-APP-ID %[var(txn.exapps.exapp_id)]
    http-request set-header EX-APP-VERSION %[var(txn.exapps.exapp_version)]
    http-request set-header AUTHORIZATION-APP-API %[var(txn.exapps.exapp_token)]
    http-request set-header AA-VERSION "32"  # TO-DO: temporary, remove it after we update all ExApps.
    filter spoe engine exapps-bruteforce-protection-spoe config /etc/haproxy/spoe-agent.conf
###############################################################################
# BACKEND: nextcloud_control (HTTP)
###############################################################################
backend nextcloud_control_backend
    mode http
    server nextcloud_control 127.0.0.1:8200
    http-request set-path %[var(txn.exapps.target_path)]
###############################################################################
# BACKEND: docker_engine (HTTP)
###############################################################################
backend docker_engine_backend
    mode http
    server frp_server 127.0.0.1
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-path %[var(txn.exapps.target_path)]
    # docker system _ping
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
    # docker inspect image
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
    # container inspect: GET containers/%s/json
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
    # container inspect: GET containers/%s/logs
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET
    # image pull: POST images/create?fromImage=%s
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
    http-request deny
backend agents
    mode tcp
    timeout connect 5s
    timeout server  3m
    option spop-check
    server agent1 127.0.0.1:9600 check
INFO: FRP server configuration generated at /frps.toml.
INFO: Detected /var/run/docker.sock, generating /frpc-docker.toml configuration file...
INFO: Starting Python HaProxy Agent on 127.0.0.1:8200 and 127.0.0.1:9600...
INFO: Starting FRP server on 0.0.0.0:8782...
INFO: Starting FRP client for Docker Engine...
INFO: Starting HAProxy...
error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type v1.ClientConfig
[NOTICE]   (1) : Initializing new worker (37)
[NOTICE]   (1) : haproxy version is 3.1.2-cda631a
[WARNING]  (1) : Process 29 exited with code 1 (Exit)
[NOTICE]   (1) : Loading success.

[oleksandr-nc]

Hello, the error error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type v1.ClientConfig means that some value in the frpc config is incorrect.

There's definitely room for improvement here, as we currently don't output the frpc configuration to the log when an error occurs, and this clearly needs to be done.

I'll try to implement a PR for the configuration output to make it easier to identify problems.

In the meantime, could you please post the command you used to deploy HaRP, and what docker run values ​​you tried?