Logging into Cloudron with OpenID Fails After Update to 7.7.0

pathab

@nebulon Correct!

nebulon

And if you install a new surfer instance for example, that also works fine? I am asking since we had often router hairpin issues in the past, where apps were not able to reach the OpenID provider by its public origin. So fresh surfer instance would test this. If that works, then this is really local to those apps.

pathab

The installation actually fails

nebulon

Seems like the server has some issue with ipv6 connectivity then. Try to disable it on the server side and (if setup) remove the AAAA DNS records. Just to rule out that potential issue angle for now.

Depending on your server provider you may or may not able to disable it there, otherwise sysctl -w net.ipv6.conf.all.disable_ipv6=1 might work.

pathab

Ok, I have now deleted the DNS setting, deactivated the IPv6 setting and restarted the server. Now OpenID no longer works for all apps and https://my.domain.com/.well-known/openid-configuration is no longer accessible.
But now I was able to perform a completely fresh installation of Surfer. However, the login via OpenID does not work there either.

nebulon

If you open a webterminal into any app, can you curl -v https://my.yourdomain.com/.well-known/openid-configuration if not, does the DNS resolve correctly? If yes, I guess it is also a hairpinning issue then.

pathab

Yes, the IP is resolved correctly. But without response. Could it be that this nginx route is no longer working properly?

girish

@pathab does curl -4 -v https://my.yourdomain.com/.well-known/openid-configuration work? This forces IPv4. Maybe some caching issue somewhere is causing a IPv6 query.

pathab

Unfortunately, it's the same story.

girish

@pathab what is the output? also, does the curl not work only on the server or from anywhere?

pathab

the output is the same everywhere

*   Trying xxx.xxx.xxx.xxx:443...
* connect to xxx.xxx.xxx.xxx port 443 failed: Connection timed out
* Failed to connect to my.domain.com port 443 after 131026 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to my.domain.com port 443 after 131026 ms: Connection timed out

girish

@pathab are you hosting at home? If so, https://docs.cloudron.io/troubleshooting/#hairpin-nat is the most likely issue. Your network has no mechanism to reach itself via public IP.

But, before we go into this, another test. Can you try to curl that URL from another network altogether ? Say via your mobile phone network or equivalent? Does that work ?

pathab

It seems like you're right and the new modem is the problem, sorry I forgot to mention that - didn't expect that to be the cause. (Because cloudron has been running very smoothly for over a year now).
Well, I have now moved the server to a VPS. Everything seems to be working there now. I will try to get my cloudron home server up and running again at a later date. Thank you very much for your time and support!

pathab

btw. I just love how easy it is to transfer cloudron to a new server!

girish

@pathab ah nice, great you found the root cause!