Serverjwtauth temporal start failed

I am following Temporal JWT Authorization this example and trying to make the JWT work.

I started the jwks server and change the port to 61884.

go run ./serverjwtauth/key gen-and-serve

I used the docker-compose.yml and added 4 env to temporal and 1 env to temporal-admin-tools

  temporal:
    container_name: temporal
    depends_on:
      - postgresql
      - elasticsearch
    environment:
...
      - TEMPORAL_JWT_KEY_SOURCE1=http://host.docker.internal:61884/jwks.json
      - TEMPORAL_AUTH_AUTHORIZER=default
      - TEMPORAL_AUTH_CLAIM_MAPPER=default
      - TEMPORAL_CLI_AUTH=Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkdXRUtVemFJY0EzOGx0RlpYM1lfNGpJaHFwbU4xRG9GeW9tMUk4WFBmU3M9IiwidHlwIjoiSldUIn0.eyJleHAiOjE2OTYxNDkzNjUsInBlcm1pc3Npb25zIjpbInN5c3RlbTphZG1pbiJdLCJzdWIiOiJ0ZW1wb3JhbC1zYW1wbGVzLWdvIn0.PCIETv1EHH2y2H7bpQa2McY-0uhsUmPT6BWRli7k0knmWqCECF3q_USMxJOGr16SlB3Q7yRCDKSNPSbG7wqevQ
    image: temporalio/auto-setup:${TEMPORAL_VERSION}
...


  temporal-admin-tools:
    container_name: temporal-admin-tools
    depends_on:
      - temporal
    environment:
      - TEMPORAL_ADDRESS=temporal:7233 # used by temporal
      - TEMPORAL_CLI_ADDRESS=temporal:7233 # used by tctl
      - TEMPORAL_CLI_AUTH=Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkdXRUtVemFJY0EzOGx0RlpYM1lfNGpJaHFwbU4xRG9GeW9tMUk4WFBmU3M9IiwidHlwIjoiSldUIn0.eyJleHAiOjE2OTYxNDkzNjUsInBlcm1pc3Npb25zIjpbInN5c3RlbTphZG1pbiJdLCJzdWIiOiJ0ZW1wb3JhbC1zYW1wbGVzLWdvIn0.PCIETv1EHH2y2H7bpQa2McY-0uhsUmPT6BWRli7k0knmWqCECF3q_USMxJOGr16SlB3Q7yRCDKSNPSbG7wqevQ
    image: temporalio/admin-tools:${TEMPORAL_VERSION}
...

After running the compose file, the temporal container can’t start, and I see this error.

{"level":"fatal","ts":"2023-10-01T08:00:18.820Z","msg":"error starting scanner","service":"worker","error":"Request unauthorized.","logging-call-at":"service.go:501","stacktrace":"go.temporal.io/server/common/log.(*zapLogger).Fatal\n\t/home/builder/temporal/common/log/zap_logger.go:174\ngo.temporal.io/server/service/worker.(*Service).startScanner\n\t/home/builder/temporal/service/worker/service.go:501\ngo.temporal.io/server/service/worker.(*Service).Start\n\t/home/builder/temporal/service/worker/service.go:388\ngo.temporal.io/server/service/worker.ServiceLifetimeHooks.func1.1\n\t/home/builder/temporal/service/worker/fx.go:139"}

I tried to create the namespace with tctl, but since the temporal server start failed, I couldn’t create inside the temporal-admin-tools terminal, it said connection error.

Error: Register namespace operation failed.
Error Details: rpc error: code = Unavailable desc = connection error: desc = "error reading server preface: EOF"
('export TEMPORAL_CLI_SHOW_STACKS=1' to see stack traces)

the README.md said need to set cli auth for tctl and register a default namespace. Doesn’t tctl need to talk to a temporal server? But how to do that when the temporal server is not up successfully in the first place?

please check this PR if you have the same problem =)