Cannot login anymore after switch to OIDC in latest update
-
@Jan-Macenka Cloudron uses a DNS server called unbound internally. See https://docs.cloudron.io/networking/#private-dns . All the DNS queries go via unbound, so you have to maybe fix up unbound based on your setup (instead of editing /etc/hosts which won't solve it for apps that use DNS).
@girish and @nebulon thanks a lot (as always, I really love the amount of support you provide!)
Effectively everything was already documented here, and I just had to connect the dots.
What worked for me:
- Login to the Cloudron-Server via SSH
- Create this file
sudo touch /etc/unbound/unbound.conf.d/cloudron-local.conf - Edit the file with this content
sudo nano /etc/unbound/unbound.conf.d/cloudron-local.conf:
server: # Local zone definitions local-zone: "<YOUR_DOMAIN_HERE>." typetransparent local-data: "<YOUR_SUB_DOMAIN_HERE>.<YOUR_DOMAIN_HERE>. IN A <YOUR_STATIC_IP_HERE>"so for example:
server: # Local zone definitions local-zone: "example.com." typetransparent local-data: "my.example.com. IN A 10.10.0.3"- Reboot the system
This should hopefully also fix this for other Apps that need to resolve this.
UPDATE: Damn... this fixed the immediate issue but after some more dabbling, I found that this had some side-effects where other Apps seem to have trouble connecting properly... Will work on this some more and update you if I find a workable solution.
-
@girish and @nebulon thanks a lot (as always, I really love the amount of support you provide!)
Effectively everything was already documented here, and I just had to connect the dots.
What worked for me:
- Login to the Cloudron-Server via SSH
- Create this file
sudo touch /etc/unbound/unbound.conf.d/cloudron-local.conf - Edit the file with this content
sudo nano /etc/unbound/unbound.conf.d/cloudron-local.conf:
server: # Local zone definitions local-zone: "<YOUR_DOMAIN_HERE>." typetransparent local-data: "<YOUR_SUB_DOMAIN_HERE>.<YOUR_DOMAIN_HERE>. IN A <YOUR_STATIC_IP_HERE>"so for example:
server: # Local zone definitions local-zone: "example.com." typetransparent local-data: "my.example.com. IN A 10.10.0.3"- Reboot the system
This should hopefully also fix this for other Apps that need to resolve this.
UPDATE: Damn... this fixed the immediate issue but after some more dabbling, I found that this had some side-effects where other Apps seem to have trouble connecting properly... Will work on this some more and update you if I find a workable solution.
@Jan-Macenka said in Cannot login anymore after switch to OIDC in latest update:
UPDATE: Damn... this fixed the immediate issue but after some more dabbling, I found that this had some side-effects where other Apps seem to have trouble connecting properly... Will work on this some more and update you if I find a workable solution.
Can you explain this a bit more? What other apps have problems? Maybe you just have them too to local-data ?
-
@Jan-Macenka said in Cannot login anymore after switch to OIDC in latest update:
UPDATE: Damn... this fixed the immediate issue but after some more dabbling, I found that this had some side-effects where other Apps seem to have trouble connecting properly... Will work on this some more and update you if I find a workable solution.
Can you explain this a bit more? What other apps have problems? Maybe you just have them too to local-data ?
@girish when trying to use Roundcube (Email), it states that "Verbindung zum Speicherserver fehlgeschlagen" (Connection to storage server failed). Also when I try to go to Cloudron-Web-UI > Settings > Email, I always get a re-direct to the
/#/appspath.
I disabled the
/etc/unbound/unbound.conf.d/cloudron-local.conffile but same result.Any advise where to debug this?
-
@girish when trying to use Roundcube (Email), it states that "Verbindung zum Speicherserver fehlgeschlagen" (Connection to storage server failed). Also when I try to go to Cloudron-Web-UI > Settings > Email, I always get a re-direct to the
/#/appspath.I disabled the
/etc/unbound/unbound.conf.d/cloudron-local.conffile but same result.Any advise where to debug this?
-
@Jan-Macenka OK, so this fails regardless of the unbound configuration . Have you enabled Cloudron email in the first place? On a side note, it's quite unlikely that running Email from an internal network (and no hairpinning) will work.
@girish answered you in direct chat. If we have results that are of public interest, we can publish it here afterwards
-
@girish and @nebulon thanks a lot (as always, I really love the amount of support you provide!)
Effectively everything was already documented here, and I just had to connect the dots.
What worked for me:
- Login to the Cloudron-Server via SSH
- Create this file
sudo touch /etc/unbound/unbound.conf.d/cloudron-local.conf - Edit the file with this content
sudo nano /etc/unbound/unbound.conf.d/cloudron-local.conf:
server: # Local zone definitions local-zone: "<YOUR_DOMAIN_HERE>." typetransparent local-data: "<YOUR_SUB_DOMAIN_HERE>.<YOUR_DOMAIN_HERE>. IN A <YOUR_STATIC_IP_HERE>"so for example:
server: # Local zone definitions local-zone: "example.com." typetransparent local-data: "my.example.com. IN A 10.10.0.3"- Reboot the system
This should hopefully also fix this for other Apps that need to resolve this.
UPDATE: Damn... this fixed the immediate issue but after some more dabbling, I found that this had some side-effects where other Apps seem to have trouble connecting properly... Will work on this some more and update you if I find a workable solution.
Ok, after same more debugging with @girish it turned out that this solution works as intended.
My Email-Services stopped working which was due to a change in local name resolution. Restarting the Email-Server and updating some configurations in my Firewall solved the issue.
-
J Jan Macenka referenced this topic on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login