Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved OAuth Connection With Nextcloud Not Working

    N8N
    2
    10
    328
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mabaker last edited by

      Hi everyone,

      I was trying to connect n8n with nextcloud , hosted on the same VM as n8n itself.
      I'm forwarding both port 443 & 80 to this VM.

      When trying to fulfill the last step of the OAuth Verification there is an error on the last step, probably coming from a forwarding issue.

      {"code":0,"message":"Unable to connect to xx.xx.xx:443","hint":"","stack":"ConnectionError: Unable to connect to xx.xx.xx:443\n    at TLSSocket.onError

      There were no issues connecting the Nextcloud Cloudron Instance with the n8n Desktop App, so I assume this issue is soley based on some forwarding problem within cloudron/nginx.

      If anyone has an idea how solve this, please let me know 🙂

      girish 1 Reply Last reply Reply Quote 0
      • M
        mabaker last edited by mabaker

        Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
        The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

        • Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf

        • Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

        server:

  local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
        • Restart Unbound DNS Server via "systemctl restart unbound"

        Hopefully this helps someone who runs into the same problem.
        @girish Thanks for your help!

        girish 1 Reply Last reply Reply Quote 3
        • girish
          girish Staff @mabaker last edited by girish

          @mabaker try a curl https://xxxx from a Web terminal of n8n and see if that works.

          M 1 Reply Last reply Reply Quote 0
          • M
            mabaker @girish last edited by

            @girish

            Thanks for the quick reply!

            Result of curl: Connection refused. This happens with all apps and terminals.

            No App and Terminal is able to connect via curl to another domain hosted on the same machine.

            girish 1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @mabaker last edited by

              @mabaker Are you hosting in an internal network / home? If so, this has to do with lack of hairpin routing most likely.

              M 1 Reply Last reply Reply Quote 0
              • girish
                girish Staff last edited by

                The other could also be that unbound is not running. Can you please check Services -> unbound and that it is green?

                1 Reply Last reply Reply Quote 0
                • M
                  mabaker @girish last edited by mabaker

                  @girish That indeed seems to be the issue which I'm currently trying to solve somehow via IPTables. Unbound is running. I'm NATing the VMs on this machine.

                  I could find some resources on "Split-DNS" but I'm not sure if this is possible with the current unbound / nginx setup.

                  If you happen to have any other workarounds to solve this, please let me know.

                  girish 1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @mabaker last edited by

                    @mabaker With no hairpin routing, you have to set it up so that the DNS resolves to the local VM IP for all queries from inside your private network. i.e n8n.domain.com should resolve to the internal VM IP when queried from inside your LAN but should be your external IP when queried from outside.

                    Does your router allow adding DNS entries or do you use a custom DNS server internally? If so, the idea would be to configure unbound to forward all DNS to your router and the router simply responds with internal IP.

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      mabaker @girish last edited by

                      @girish Understood. Proxmox is acting as a router via internal IPTables.

                      I'm going to give this config a go and see if it works, before I try fiddling around with DNS settings

                      # Internet
 $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
# VMNET - specify dest otherwise all traffic is redirected to this VM which we don't want
 $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
# Host
 $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
 $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
                      1 Reply Last reply Reply Quote 0
                      • M
                        mabaker last edited by mabaker

                        Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
                        The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

                        • Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf

                        • Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

                        server:

  local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
  local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
                        • Restart Unbound DNS Server via "systemctl restart unbound"

                        Hopefully this helps someone who runs into the same problem.
                        @girish Thanks for your help!

                        girish 1 Reply Last reply Reply Quote 3
                        • girish
                          girish Staff @mabaker last edited by

                          @mabaker thanks! I have put your notes in our docs - https://docs.cloudron.io/troubleshooting/#hairpin-nat .

                          I have to clean up that troubleshooting section a bit, but that's a task for another day...

                          1 Reply Last reply Reply Quote 3
                          • Topic has been marked as a question  girish girish 
                          • Topic has been marked as solved  girish girish 
                          • First post
                            Last post
                          Powered by NodeBB