Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. N8N
  3. OAuth Connection With Nextcloud Not Working

OAuth Connection With Nextcloud Not Working

Scheduled Pinned Locked Moved Solved N8N
10 Posts 2 Posters 1.4k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      M Offline
      mabaker
      wrote on last edited by
      #1

      Hi everyone,

      I was trying to connect n8n with nextcloud , hosted on the same VM as n8n itself.
      I'm forwarding both port 443 & 80 to this VM.

      When trying to fulfill the last step of the OAuth Verification there is an error on the last step, probably coming from a forwarding issue.

      {"code":0,"message":"Unable to connect to xx.xx.xx:443","hint":"","stack":"ConnectionError: Unable to connect to xx.xx.xx:443\n    at TLSSocket.onError
      

      There were no issues connecting the Nextcloud Cloudron Instance with the n8n Desktop App, so I assume this issue is soley based on some forwarding problem within cloudron/nginx.

      If anyone has an idea how solve this, please let me know 🙂

      girishG 1 Reply Last reply
      0
      • M Offline
        M Offline
        mabaker
        wrote on last edited by mabaker
        #9

        Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
        The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

        • Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf

        • Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

        server:
        
          local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
          local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
          local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
        
        • Restart Unbound DNS Server via "systemctl restart unbound"

        Hopefully this helps someone who runs into the same problem.
        @girish Thanks for your help!

        girishG 1 Reply Last reply
        3
        • M mabaker

          Hi everyone,

          I was trying to connect n8n with nextcloud , hosted on the same VM as n8n itself.
          I'm forwarding both port 443 & 80 to this VM.

          When trying to fulfill the last step of the OAuth Verification there is an error on the last step, probably coming from a forwarding issue.

          {"code":0,"message":"Unable to connect to xx.xx.xx:443","hint":"","stack":"ConnectionError: Unable to connect to xx.xx.xx:443\n    at TLSSocket.onError
          

          There were no issues connecting the Nextcloud Cloudron Instance with the n8n Desktop App, so I assume this issue is soley based on some forwarding problem within cloudron/nginx.

          If anyone has an idea how solve this, please let me know 🙂

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by girish
          #2

          @mabaker try a curl https://xxxx from a Web terminal of n8n and see if that works.

          M 1 Reply Last reply
          0
          • girishG girish

            @mabaker try a curl https://xxxx from a Web terminal of n8n and see if that works.

            M Offline
            M Offline
            mabaker
            wrote on last edited by
            #3

            @girish

            Thanks for the quick reply!

            Result of curl: Connection refused. This happens with all apps and terminals.

            No App and Terminal is able to connect via curl to another domain hosted on the same machine.

            girishG 1 Reply Last reply
            0
            • M mabaker

              @girish

              Thanks for the quick reply!

              Result of curl: Connection refused. This happens with all apps and terminals.

              No App and Terminal is able to connect via curl to another domain hosted on the same machine.

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #4

              @mabaker Are you hosting in an internal network / home? If so, this has to do with lack of hairpin routing most likely.

              M 1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #5

                The other could also be that unbound is not running. Can you please check Services -> unbound and that it is green?

                1 Reply Last reply
                0
                • girishG girish

                  @mabaker Are you hosting in an internal network / home? If so, this has to do with lack of hairpin routing most likely.

                  M Offline
                  M Offline
                  mabaker
                  wrote on last edited by mabaker
                  #6

                  @girish That indeed seems to be the issue which I'm currently trying to solve somehow via IPTables. Unbound is running. I'm NATing the VMs on this machine.

                  I could find some resources on "Split-DNS" but I'm not sure if this is possible with the current unbound / nginx setup.

                  If you happen to have any other workarounds to solve this, please let me know.

                  girishG 1 Reply Last reply
                  0
                  • M mabaker

                    @girish That indeed seems to be the issue which I'm currently trying to solve somehow via IPTables. Unbound is running. I'm NATing the VMs on this machine.

                    I could find some resources on "Split-DNS" but I'm not sure if this is possible with the current unbound / nginx setup.

                    If you happen to have any other workarounds to solve this, please let me know.

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #7

                    @mabaker With no hairpin routing, you have to set it up so that the DNS resolves to the local VM IP for all queries from inside your private network. i.e n8n.domain.com should resolve to the internal VM IP when queried from inside your LAN but should be your external IP when queried from outside.

                    Does your router allow adding DNS entries or do you use a custom DNS server internally? If so, the idea would be to configure unbound to forward all DNS to your router and the router simply responds with internal IP.

                    M 1 Reply Last reply
                    0
                    • girishG girish

                      @mabaker With no hairpin routing, you have to set it up so that the DNS resolves to the local VM IP for all queries from inside your private network. i.e n8n.domain.com should resolve to the internal VM IP when queried from inside your LAN but should be your external IP when queried from outside.

                      Does your router allow adding DNS entries or do you use a custom DNS server internally? If so, the idea would be to configure unbound to forward all DNS to your router and the router simply responds with internal IP.

                      M Offline
                      M Offline
                      mabaker
                      wrote on last edited by
                      #8

                      @girish Understood. Proxmox is acting as a router via internal IPTables.

                      I'm going to give this config a go and see if it works, before I try fiddling around with DNS settings

                      # Internet
                       $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
                       $IPTABLES -t nat -A PREROUTING -i $INTERNET_IF -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
                      # VMNET - specify dest otherwise all traffic is redirected to this VM which we don't want
                       $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
                       $IPTABLES -t nat -A PREROUTING -i $INTRANET_IF -d $PUBLIC_IP  -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
                      # Host
                       $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $WEB_SERVER1:80
                       $IPTABLES -t nat -A OUTPUT -d $PUBLIC_IP -p tcp -m tcp --dport 443 -j DNAT --to-destination $WEB_SERVER1:443
                      
                      1 Reply Last reply
                      0
                      • M Offline
                        M Offline
                        mabaker
                        wrote on last edited by mabaker
                        #9

                        Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
                        The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

                        • Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf

                        • Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

                        server:
                        
                          local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
                          local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
                          local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
                        
                        • Restart Unbound DNS Server via "systemctl restart unbound"

                        Hopefully this helps someone who runs into the same problem.
                        @girish Thanks for your help!

                        girishG 1 Reply Last reply
                        3
                        • M mabaker

                          Since Hairpin NAT was kind of a pain in the a** to set up, I decided to go for DNS route in the end.
                          The following solution made it possible to connect to the domains/containers that are hosted on the same machine.

                          • Create a file in the /etc/unbound/unbound.conf.d/ directory e.g. randomfilename.conf

                          • Add a line for every domain that you want to resolve internally with the internal VM IP (e.g. 192.168.1.1)

                          server:
                          
                            local-data: "domain1.xx.com. IN A INTERNAL_VM_IP"
                            local-data: "domain2.xx.com. IN A INTERNAL_VM_IP"
                            local-data: "domain3.xx.com. IN A INTERNAL_VM_IP"
                          
                          • Restart Unbound DNS Server via "systemctl restart unbound"

                          Hopefully this helps someone who runs into the same problem.
                          @girish Thanks for your help!

                          girishG Offline
                          girishG Offline
                          girish
                          Staff
                          wrote on last edited by
                          #10

                          @mabaker thanks! I have put your notes in our docs - https://docs.cloudron.io/troubleshooting/#hairpin-nat .

                          I have to clean up that troubleshooting section a bit, but that's a task for another day...

                          1 Reply Last reply
                          3
                          • girishG girish marked this topic as a question on
                          • girishG girish has marked this topic as solved on
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                            • Login

                            • Don't have an account? Register

                            • Login or register to search.
                            • First post
                              Last post
                            0
                            • Categories
                            • Recent
                            • Tags
                            • Popular
                            • Bookmarks
                            • Search