n8n cors config blocking session cookies

The current reverse proxy setup blocks us from passing session cookies for authentication.

The issue is also discussed here: https://community.n8n.io/t/cors-error-in-scenario-where-reverse-proxy-manipulation-is-not-available/25054

Love it! Solved for me

Crosspost: https://forum.cloudron.io/topic/14055/oidc-enabled-reset-after-restart

Sorry for crosspost. I am afraid else the thread would not be seen. Feel free to close one if needed.

I would like to use vikunja with our cloudflare access openid. I installed the app with "leave user management to app" setting. Config works as it i supposed to, but the auth.openid.enabled is reset to false with every restart.

I assume this is a bug isn´t it?

I appreciate the hetzner Object Storage already being implemented. Is it possible to also integrate the helsinki location?

@dsp76 Sadly not yet. Did not have the time to do so.

I am trying to use my brevo account to send transactional mails. The dmarc cloudron automatically added fails because brevos dkim does not allow the sender.

I have a sender configured for my-domain.com, while the server has cloudron01.my-domain.com . How can i solve this? I think the easiest would be to allow changing the "From" domain in case a relay is used, since the sending domain will most likely be handled by the relay provider.

It is mostly used as such yes. However there are usecases where you most likely want to process mails via API. I really like mailpit for this scenario

@necrevistonnezr i also experienced not the very best results for existing web pages. However, passing your own HTML with fonts and styling as well as JS works quite flawless.

Also playing with the available settings might improve the settings.

https://gotenberg.dev/ should be self explanatory i hope I think it would integrate nicely with the auth proxy to protect from unauthorized access.

No addons required. Not even anything to backup

Mailpit is easy to set up and allows using it as smtp server while accessing the mails via rest api. This allows further processing.
https://github.com/axllent/mailpit

Perfect, thank you very much

I can confirm. Heavily related to the more general update policy: https://forum.cloudron.io/topic/10088/change-update-stream-to-stable.

It seems to me the cloudron updates currently follow the github releases without any further filtering. On all of my servers the pre-release version was automatically installed.

I would be very happy if the update stream could be changed to stable releases only.

One example: Current released version is 1.8.1 which contains a bug in the mysql node. It is already fixed in 1.8.2 and was not existing in 1.7.1. This issue could have been easily avoided by just installing the "latest" release.

@robi Hi, i validated. The ips shown in the wordpress app log are indeed my private ones, despite being connected to the vpn. I also validated my private ips are not leaked and validated only my vpn ips are visible outside the cloudron context.

For me this seems to be something cloudron specific. I have read this thread: https://forum.cloudron.io/topic/1541/wordpress-restrict-access-by-ip-wp-admin-and-wp-login-php/3 This seems to tackle the same problem. However i am not able to configure my htaccess to use X-Forwarded-For if thats even what i need.

@robi Feeling stupid right now, but i dont see a a list with interfaces when opening a terminal to the OpenVPN app.

In the logs of the WordPress App i saw an ipv6 ip which represented by local internet connections ipv6. This seems to be caused due to a misconfiguration in OpenVPN after activating ipv6 for cloudron. However now a can see my private ipv4 address in the logs. Not the internal one of the VPN or the external one of the server.

I assumed i can see the external ip of the server in the logs and simply whitelist that. To achieve this do i have to work with the Forwarded header? Is there an example somewhere? I am a bit lost to be honest.

@p44 Thanks a lot. I already have set up access rules like the one you posted. It works with one static ip. What i need is to whitelist one static ip and the OpenVPN which runs on the same cloudron install as the wordpress installation.

Since i do not know where to find the OpenVPN IP with which clients connected to the vpn connect to the wordpress install i have no clue which ip to add to the htaccess.

@girish Exactly. Only one other static ip needs to be whitelisted additionally

@fbartels Thanks for your feedback. Actually i dont actually know how to find the openvpn ip/range . I assumed it is always the same but allowing the one visible in the wordpress app log does not work

Is there a way to use the htaccess to add an ip whitelist to wordpress which includes the local vpn/openvpn?

I got the htaccess working with one static ip, but including a rule to allow openvpn connections seems impossible to me. Is there a way?