Can't login using all OAuth services

[modos189]

(At least I tested google and github)

I started remark42 with docker, using my nginx as a proxy. API requests and web version are working.

But when after authorization in google or github the redirection to my site takes place (to __my_site__/auth/github/callback?code=***&state=***), I wait 30 seconds, after which the text {"error": "exchange failed"} is displayed in the browser.

Please tell me where I made the mistake.

docker logs after click "login with github"

``` remark42 | 2019/10/28 03:30:53.942 [DEBUG] {provider/oauth2.go:80 provider.Oauth2Handler.LoginHandler} login with github remark42 | 2019/10/28 03:30:53.946 [DEBUG] {provider/oauth2.go:115 provider.Oauth2Handler.LoginHandler} login url https://github.com/login/oauth/authorize?client_id=69c967ac2eaecefce58c&redirect_uri=https%3A%2F%2Fremark42.modos189.ru%2Fauth%2Fgithub%2Fcallback&response_type=code&state=00000000000000000000000000005b0dd106f34d, claims={"aud":"store-iitc-modos189-ru","exp":1572253253,"jti":"0000000000000000000000000000bf42acb09278","nbf":1572251393,"handshake":{"state":"00000000000000000000000000005b0dd106f34d","from":"https://remark42.modos189.ru/web/iframe.html?selfClose"}} remark42 | 2019/10/28 03:30:53.948 [INFO] {logger/logger.go:120 logger.(*Middleware).Handler.func1.1} GET - /auth/github/login?from=https://remark42.modos189.ru/web/iframe.html?selfClose&site=store-iitc-modos189-ru - dde7ba6b30f5 - 302 (247) - 4.785571ms remark42 | 2019/10/28 03:30:54.571 [DEBUG] {provider/oauth2.go:140 provider.Oauth2Handler.AuthHandler} token with state 00000000000000000000000000005b0dd106f34d ```

docker logs after 30 second timeout

``` remark42 | 2019/10/28 03:31:54.573 [INFO] {rest/httperrors.go:17 rest.SendErrorJSON} exchange failed - Post https://github.com/login/oauth/access_token: dial tcp 140.82.118.4:443: i/o timeout - 500 - 176.59.45.89 - /auth/github/callback?code=00000000000000421b52&state=00000000000000000000000000005b0dd106f34d [caused by auth/provider/oauth2.go:143 provider.Oauth2Handler.AuthHandler] remark42 | 2019/10/28 03:31:54.573 [INFO] {logger/logger.go:120 logger.(*Middleware).Handler.func1.1} GET - /auth/github/callback?code=00000000000000421b52&state=00000000000000000000000000005b0dd106f34d - dde7ba6b30f5 - 500 (28) - 1m0.003340052s remark42 | 2019/10/28 03:31:54.573 [WARN] {lgr/adaptor.go:16 lgr.(*Writer).Write} http: superfluous response.WriteHeader call from github.com/go-chi/chi/middleware.Timeout.func1.1.1 (timeout.go:40) ```

docker-compose.yml

``` version: '2' services: remark: build: . image: umputun/remark42:latest container_name: "remark42" hostname: "remark42.modos189.ru" restart: always logging: driver: json-file options: max-size: "10m" max-file: "5" ports: - "8042:8080" environment: - REMARK_URL=https://remark42.modos189.ru - SITE=store-iitc-modos189-ru - SECRET=*** - STORE_BOLT_PATH=/srv/var/db - BACKUP_PATH=/srv/var/backup - DEBUG=true - AUTH_GOOGLE_CID=*** - AUTH_GOOGLE_CSEC=*** - AUTH_GITHUB_CID=*** - AUTH_GITHUB_CSEC=*** volumes: - ./var:/srv/var ```

nginx config

``` server { listen 178.159.42.184:443 ssl http2; server_name remark42.modos189.ru ; ssl on; ssl_certificate __path__; ssl_certificate_key __path__; ssl_dhparam __path__; location / { proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://127.0.0.1:8042/; } } ```

curl -V https://www.google.com from docker image

``` sudo docker run -it --entrypoint /bin/sh umputun/remark42:latest /srv # curl -V https://www.google.com curl 7.64.0 (x86_64-alpine-linux-musl) libcurl/7.64.0 OpenSSL/1.1.1a zlib/1.2.11 libssh2/1.8.0 nghttp2/1.35.1 Release-Date: 2019-02-06 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy ```

iptables -L -t nat

``` Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.18.0.0/16 anywhere MASQUERADE all -- 172.17.0.0/16 anywhere MASQUERADE all -- 172.18.0.0/16 anywhere MASQUERADE all -- 172.18.0.0/16 anywhere MASQUERADE udp -- 172.17.0.2 172.17.0.2 udp dpt:openvpn MASQUERADE tcp -- 172.18.0.2 172.18.0.2 tcp dpt:http-alt Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain DOCKER (2 references) target prot opt source destination RETURN all -- anywhere anywhere RETURN all -- anywhere anywhere DNAT udp -- anywhere anywhere udp dpt:openvpn to:172.17.0.2:1194 DNAT tcp -- anywhere anywhere tcp dpt:8042 to:172.18.0.2:8080 # Warning: iptables-legacy tables present, use iptables-legacy to see them ```

[umputun]

to me, it looks like your container can't reach the internet. Can you try curl -v https://www.google.com or curl -v https://github.com (note - -v should be lower case)

[modos189]

With curl, the container has Internet access. But it turned out that there was some problem because of the server upgrade that was solved by the reboot. So the problem is solved. Thanks.