OpenID is not timing out and cannot signin

skeats

Hello,

I just installed 2FAuth and I tried signing in with OpenID so I can sign in with my Cloudron login, but it is not working at all. How do I go about fixing this since I am checking and resources are not even being pegged. It is showing a 110: Connection timed out error. The only thing I changed in the App Data was changing the Site_Owner to my e-mail.

Thanks,

skeats

ug 27 10:52:02 172.18.0.1 - - [27/Aug/2024:14:52:02 +0000] "GET / HTTP/1.1" 200 1302 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
Aug 27 10:52:02 172.18.0.1 - - [27/Aug/2024:14:52:02 +0000] "GET /api/v1/user HTTP/1.1" 401 41 "https://2fauth.experiencedmg.net/ " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
Aug 27 10:52:04 172.18.0.1 - - [27/Aug/2024:14:52:04 +0000] "GET /socialite/redirect/openid HTTP/1.1" 302 1378 "https://2fauth.experiencedmg.net/login " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
Aug 27 10:52:10 172.18.0.1 - - [27/Aug/2024:14:52:10 +0000] "GET / HTTP/1.1" 200 1298 "-" "Mozilla (CloudronHealth)"
Aug 27 10:52:20 172.18.0.1 - - [27/Aug/2024:14:52:20 +0000] "GET / HTTP/1.1" 200 1300 "-" "Mozilla (CloudronHealth)"
Aug 27 10:52:30 172.18.0.1 - - [27/Aug/2024:14:52:30 +0000] "GET / HTTP/1.1" 200 1297 "-" "Mozilla (CloudronHealth)"
Aug 27 10:52:40 172.18.0.1 - - [27/Aug/2024:14:52:40 +0000] "GET / HTTP/1.1" 200 1300 "-" "Mozilla (CloudronHealth)"
Aug 27 10:52:50 172.18.0.1 - - [27/Aug/2024:14:52:50 +0000] "GET / HTTP/1.1" 200 1302 "-" "Mozilla (CloudronHealth)"
Aug 27 10:53:00 172.18.0.1 - - [27/Aug/2024:14:53:00 +0000] "GET / HTTP/1.1" 200 1301 "-" "Mozilla (CloudronHealth)"
Aug 27 10:53:05 172.18.0.1 - - [27/Aug/2024:14:53:05 +0000] "GET /socialite/callback/openid?code===https%3A%2F%2Fmy.experiencedmg.net %2Fopenid HTTP/1.1" 504 578 "https://my.experiencedmg.net/ " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
Aug 27 10:53:05 2024/08/27 14:53:05 [error] 69#69: 245 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 172.18.0.1, server: _, request: "GET /socialite/callback/openid?code=**&state==https%3A%2F%2Fmy.experiencedmg.net %2Fopenid HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.3-fpm.sock", ho

nebulon

Are other apps with OpenID working? If my.experiencedmg.net is your actual dashboard and thus OpenID provider domain, than at least it also times out for me here.

skeats

@nebulon yes it is my dashboard and other apps that use OpenID are working just fine. It is just 2fAuth app that is causing me issues

nebulon

Can you curl your OpenID provider domain ( http://my.experiencedmg.net/ ) from within the webterminal into the 2FAauth app instance?

curl -v http://my.experiencedmg.net/.well-known/openid-configuration

This should return a JSON file.

joseph

FWIW, I cannot access https://my.experiencedmg.net from here. Is there some firewall?

skeats

Yes since I am self hosting it in my office on my own equipment I have an enterprise grade firewall that the server sits behind.

skeats

I did the curl command it timed out on port 80. This is weird since I have port 80 and 443 open. Unless you are outside of Canada and the US, as those the only 2 countries I allow because we operate in both countries. The rest of the world is blocked

nebulon

This is especially strange since you mentioned that other apps do work, so if you run that curl command from within a webterminal into that other app, it succeeds?

Just in case if this is a hairpin issue maybe, checkout https://docs.cloudron.io/troubleshooting/#hairpin-nat