OAuth Connection With Nextcloud Not Working
-
Hi everyone,
I was trying to connect n8n with nextcloud , hosted on the same VM as n8n itself.
I'm forwarding both port 443 & 80 to this VM.When trying to fulfill the last step of the OAuth Verification there is an error on the last step, probably coming from a forwarding issue.
{"code":0,"message":"Unable to connect to xx.xx.xx:443","hint":"","stack":"ConnectionError: Unable to connect to xx.xx.xx:443\n at TLSSocket.onError
There were no issues connecting the Nextcloud Cloudron Instance with the n8n Desktop App, so I assume this issue is soley based on some forwarding problem within cloudron/nginx.
If anyone has an idea how solve this, please let me know
-
Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
The following solution made it possible to connect to the domains/containers that are hosted on the same machine.-
Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf
-
Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)
server: local-data: "domain1.xx.com. IN A INTERNAL_VM_IP" local-data: "domain2.xx.com. IN A INTERNAL_VM_IP" local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
- Restart Unbound DNS Server via "systemctl restart unbound"
Hopefully this helps someone who runs into the same problem.
@girish Thanks for your help! -
-
@mabaker try a
curl https://xxxx
from a Web terminal of n8n and see if that works. -
@mabaker Are you hosting in an internal network / home? If so, this has to do with lack of hairpin routing most likely.
-
The other could also be that unbound is not running. Can you please check Services -> unbound and that it is green?
-
@girish That indeed seems to be the issue which I'm currently trying to solve somehow via IPTables. Unbound is running. I'm NATing the VMs on this machine.
I could find some resources on "Split-DNS" but I'm not sure if this is possible with the current unbound / nginx setup.
If you happen to have any other workarounds to solve this, please let me know.
-
@mabaker With no hairpin routing, you have to set it up so that the DNS resolves to the local VM IP for all queries from inside your private network. i.e
n8n.domain.com
should resolve to the internal VM IP when queried from inside your LAN but should be your external IP when queried from outside.Does your router allow adding DNS entries or do you use a custom DNS server internally? If so, the idea would be to configure unbound to forward all DNS to your router and the router simply responds with internal IP.
-
@girish Understood. Proxmox is acting as a router via internal IPTables.
I'm going to give this config a go and see if it works, before I try fiddling around with DNS settings
# Internet $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80 $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443 # VMNET - specify dest otherwise all traffic is redirected to this VM which we don't want $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80 $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443 # Host $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80 $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
-
Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
The following solution made it possible to connect to the domains/containers that are hosted on the same machine.-
Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf
-
Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)
server: local-data: "domain1.xx.com. IN A INTERNAL_VM_IP" local-data: "domain2.xx.com. IN A INTERNAL_VM_IP" local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
- Restart Unbound DNS Server via "systemctl restart unbound"
Hopefully this helps someone who runs into the same problem.
@girish Thanks for your help! -
-
@mabaker thanks! I have put your notes in our docs - https://docs.cloudron.io/troubleshooting/#hairpin-nat .
I have to clean up that troubleshooting section a bit, but that's a task for another day...
-
-