Hub starts but throws an error

Hey there :wave:

I’m trying to setup hub for family use, but stuck with this error:

ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (executor-thread-1) HTTP Request to /api/config failed, error id: baa872aa-97c4-49c3-9dbe-1d73aa2832ce-114: java.lang.NullPointerException: Cannot invoke "io.quarkus.oidc.runtime.OidcProvider.getMetadata()" because "io.quarkus.oidc.runtime.TenantConfigBean.getDefaultTenant().provider" is null
        at io.quarkus.oidc.runtime.OidcConfigurationMetadataProducer.produce(OidcConfigurationMetadataProducer.java:26)
        at io.quarkus.oidc.runtime.OidcConfigurationMetadataProducer_ProducerMethod_produce_a59da20ebfc42c6899b40e9ef42b822382f9d2af_Bean.doCreate(Unknown Source)
        at io.quarkus.oidc.runtime.OidcConfigurationMetadataProducer_ProducerMethod_produce_a59da20ebfc42c6899b40e9ef42b822382f9d2af_Bean.create(Unknown Source)
        at io.quarkus.oidc.runtime.OidcConfigurationMetadataProducer_ProducerMethod_produce_a59da20ebfc42c6899b40e9ef42b822382f9d2af_Bean.create(Unknown Source)
        at io.quarkus.arc.impl.RequestContext.getIfActive(RequestContext.java:74)
        at io.quarkus.arc.impl.ClientProxies.getDelegate(ClientProxies.java:30)
        at io.quarkus.oidc.OidcConfigurationMetadataProducer_ProducerMethod_produce_a59da20ebfc42c6899b40e9ef42b822382f9d2af_ClientProxy.arc$delegate(Unknown Source)
        at io.quarkus.oidc.OidcConfigurationMetadataProducer_ProducerMethod_produce_a59da20ebfc42c6899b40e9ef42b822382f9d2af_ClientProxy.getAuthorizationUri(Unknown Source)
        at org.cryptomator.hub.api.ConfigResource.getConfig(ConfigResource.java:49)
        at org.cryptomator.hub.api.ConfigResource_Subclass.getConfig$$superforward(Unknown Source)
        at org.cryptomator.hub.api.ConfigResource_Subclass$$function$$1.apply(Unknown Source)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:73)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97)
        at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:27)
        at io.quarkus.security.runtime.interceptor.PermitAllInterceptor.intercept(PermitAllInterceptor.java:23)
        at io.quarkus.security.runtime.interceptor.PermitAllInterceptor_Bean.intercept(Unknown Source)
        at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:62)
        at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor.intercept(StandardSecurityCheckInterceptor.java:44)
        at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor_PermitAllInterceptor_Bean.intercept(Unknown Source)
        at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
        at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:30)
        at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:27)
        at org.cryptomator.hub.api.ConfigResource_Subclass.getConfig(Unknown Source)
        at org.cryptomator.hub.api.ConfigResource$quarkusrestinvoker$getConfig_26efc0c58e5a85c8a7d0d04e72f6a132d5d501aa.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Unknown Source)

The related part of docker-compose.yaml

  init-config:
    container_name: init-config
    image: bash:5
    volumes:
      - $SERVER_DIR/cryptomator/db-init:/db-init
    command:
      - bash
      - '-c'
      - |-
        cat >/db-init/initdb.sql << 'EOF'
        CREATE USER hub WITH ENCRYPTED PASSWORD 'hub';
        CREATE DATABASE hub WITH ENCODING 'UTF8';
        GRANT ALL PRIVILEGES ON DATABASE hub TO hub;
        EOF
  postgres:
    container_name: postgres
    image: postgres:14-alpine
    depends_on:
      init-config:
        condition: service_completed_successfully
    volumes:
      - $SERVER_DIR/cryptomator/db-init:/docker-entrypoint-initdb.d
      - $SERVER_DIR/cryptomator/db-data:/var/lib/postgresql/data
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 256M
    healthcheck:
      test:
        - CMD
        - pg_isready
        - '-U'
        - postgres
      interval: 10s
      timeout: 3s
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: postgres
      POSTGRES_INITDB_ARGS: '--encoding=UTF8'
    networks:
      - cryptonet
  hub:
    container_name: hub
    image: ghcr.io/cryptomator/hub:stable
    depends_on:
      postgres:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
    healthcheck:
      test:
        - CMD-SHELL
        - (curl -f http://localhost:8080/q/health/live && curl -f http://localhost:8080/api/config) || exit 1
      interval: 10s
      timeout: 3s
    restart: unless-stopped
    environment:
      HUB_PUBLIC_ROOT_PATH: /
      HUB_KEYCLOAK_PUBLIC_URL: https://crypt.local.{{ domain }}/kc
      HUB_KEYCLOAK_LOCAL_URL: https://crypt.local.{{ domain }}/kc
      HUB_KEYCLOAK_REALM: cryptomator
      HUB_KEYCLOAK_SYNCER_USERNAME: syncer
      HUB_KEYCLOAK_SYNCER_PASSWORD: e9f94369-817c-46c6-b653-43d6c8d720c0
      HUB_KEYCLOAK_SYNCER_CLIENT_ID: admin-cli
      HUB_KEYCLOAK_SYNCER_PERIOD: 5m
      HUB_KEYCLOAK_OIDC_CRYPTOMATOR_CLIENT_ID: cryptomator
      QUARKUS_OIDC_AUTH_SERVER_URL: https://crypt.local.{{ domain }}/kc/realms/cryptomator
      QUARKUS_OIDC_TOKEN_ISSUER: https://crypt.local.{{ domain }}/kc/realms/cryptomator
      QUARKUS_OIDC_CLIENT_ID: cryptomatorhub
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgres:5432/hub
      QUARKUS_DATASOURCE_USERNAME: hub
      QUARKUS_DATASOURCE_PASSWORD: hub
      QUARKUS_HTTP_HEADER__CONTENT_SECURITY_POLICY__VALUE: default-src 'self'; connect-src 'self' api.cryptomator.org https://crypt.local.{{ domain }}/kc/; object-src 'none'; child-src 'self'; img-src * data:; frame-ancestors 'none'
    networks:
      - cryptonet
      - traefiknet
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefiknet"
      - "traefik.http.routers.hub-https.rule=Host(`crypt.local.{{ domain }}`)"
      - "traefik.http.routers.hub-https.entrypoints=websecure"
      - "traefik.http.routers.hub-https.service=hub"
      - "traefik.http.services.hub.loadbalancer.server.port=8080"
      - "traefik.http.routers.hub-https.tls=true"
      - "traefik.http.routers.hub-https.tls.certresolver=myresolver"

Any help would be appreciated.