Google OAuth timeout + Invalid principal

chronograf

#1

1.3.8-0 Chronograf with Google Oauth + domain limitation. Configuration according manual.

Failure log:

Sep 13 13:24:53 x.x.eu chronograf[4289]: time="2017-09-13T13:24:53+03:00" level=info msg=Request component=server method=GET remote_addr="x.x.x.x:37580" url=/oauth/google/callback?state=x.x.x&code=4/x
Sep 13 13:24:57 x.x.eu chronograf[4289]: time="2017-09-13T13:24:57+03:00" level=error msg="Unable to exchange code for token Post https://accounts.google.com/o/oauth2/token: dial tcp: lookup accounts.google.com on x.x.x.x:53: read udp x.x.x.x:36611->x.x.x.x:53: i/o timeout" component=auth method=GET remote_addr="x.x.x.x:37580" url=/oauth/google/callback?state=x.x&code=4/x
Sep 13 13:24:57 x.x.eu chronograf[4289]: time="2017-09-13T13:24:57+03:00" level=info msg="Response: Temporary Redirect" code=307 component=server remote_addr="x.x.x.x:37580" response_time=4.001500378s
Sep 13 13:24:58 x.x.eu chronograf[4289]: time="2017-09-13T13:24:58+03:00" level=info msg=Request component=server method=GET remote_addr="x.x.x.x:37580" url=/chronograf/v1/
Sep 13 13:24:58 x.x.eu chronograf[4289]: time="2017-09-13T13:24:58+03:00" level=info msg="Response: OK" code=200 component=server remote_addr="x.x.x.x:37580" response_time="95.074µs"
Sep 13 13:24:58 x.x.eu chronograf[4289]: time="2017-09-13T13:24:58+03:00" level=info msg=Request component=server method=GET remote_addr="x.x.x.x:37580" url=/chronograf/v1/me
Sep 13 13:24:58 x.x.eu chronograf[4289]: time="2017-09-13T13:24:58+03:00" level=error msg="Invalid principal" component=auth method=GET remote_addr="x.x.x.x:37580" url=/chronograf/v1/me

As server is strict with opened ports, i’ve experimented on opening the ones in logs. Did not helped.

Any idea what’s wrong and how to fix it?


#2

Apparently, it is related with ports and firewall. When i’ve disabled ufw on server, everything works like a charm. I thought that oauth is just plain info exchange through POST and GET.

Can any one enlighten me what is happening behind scenes?