OAuth Connection With Nextcloud Not Working

Reply to OAuth Connection With Nextcloud Not Working on Tue, 14 Jun 2022 09:21:58 GMT

mabaker — Tue, 14 Jun 2022 09:21:58 GMT

Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf
Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

server:

  local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"

Restart Unbound DNS Server via "systemctl restart unbound"

Hopefully this helps someone who runs into the same problem.
@girish Thanks for your help!

Reply to OAuth Connection With Nextcloud Not Working on Tue, 14 Jun 2022 16:12:35 GMT

girish — Tue, 14 Jun 2022 16:12:35 GMT

@mabaker thanks! I have put your notes in our docs - https://docs.cloudron.io/troubleshooting/#hairpin-nat .

I have to clean up that troubleshooting section a bit, but that's a task for another day...

Reply to OAuth Connection With Nextcloud Not Working on Tue, 14 Jun 2022 09:21:58 GMT

mabaker — Tue, 14 Jun 2022 09:21:58 GMT

Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf
Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

server:

  local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"

Restart Unbound DNS Server via "systemctl restart unbound"

Hopefully this helps someone who runs into the same problem.
@girish Thanks for your help!

Reply to OAuth Connection With Nextcloud Not Working on Mon, 13 Jun 2022 18:13:10 GMT

mabaker — Mon, 13 Jun 2022 18:13:10 GMT

@girish Understood. Proxmox is acting as a router via internal IPTables.

I'm going to give this config a go and see if it works, before I try fiddling around with DNS settings

# Internet
 $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
# VMNET - specify dest otherwise all traffic is redirected to this VM which we don't want
 $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
# Host
 $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443

Reply to OAuth Connection With Nextcloud Not Working on Mon, 13 Jun 2022 17:43:58 GMT

girish — Mon, 13 Jun 2022 17:43:58 GMT

@mabaker With no hairpin routing, you have to set it up so that the DNS resolves to the local VM IP for all queries from inside your private network. i.e n8n.domain.com should resolve to the internal VM IP when queried from inside your LAN but should be your external IP when queried from outside.

Does your router allow adding DNS entries or do you use a custom DNS server internally? If so, the idea would be to configure unbound to forward all DNS to your router and the router simply responds with internal IP.

Reply to OAuth Connection With Nextcloud Not Working on Mon, 13 Jun 2022 17:04:18 GMT

mabaker — Mon, 13 Jun 2022 17:04:18 GMT

@girish That indeed seems to be the issue which I'm currently trying to solve somehow via IPTables. Unbound is running. I'm NATing the VMs on this machine.

I could find some resources on "Split-DNS" but I'm not sure if this is possible with the current unbound / nginx setup.

If you happen to have any other workarounds to solve this, please let me know.

Reply to OAuth Connection With Nextcloud Not Working on Mon, 13 Jun 2022 16:11:24 GMT

girish — Mon, 13 Jun 2022 16:11:24 GMT

The other could also be that unbound is not running. Can you please check Services -> unbound and that it is green?

Reply to OAuth Connection With Nextcloud Not Working on Mon, 13 Jun 2022 16:10:38 GMT

girish — Mon, 13 Jun 2022 16:10:38 GMT

@mabaker Are you hosting in an internal network / home? If so, this has to do with lack of hairpin routing most likely.

Reply to OAuth Connection With Nextcloud Not Working on Sun, 12 Jun 2022 18:30:02 GMT

mabaker — Sun, 12 Jun 2022 18:30:02 GMT

@girish

Thanks for the quick reply!

Result of curl: Connection refused. This happens with all apps and terminals.

No App and Terminal is able to connect via curl to another domain hosted on the same machine.

Reply to OAuth Connection With Nextcloud Not Working on Sun, 12 Jun 2022 17:28:43 GMT

girish — Sun, 12 Jun 2022 17:28:43 GMT

@mabaker try a curl https://xxxx from a Web terminal of n8n and see if that works.