SSL error on email but ubuntu breaks it completely

mindgonemad · August 24, 2020, 9:45pm

Hi,

I am trying to set up my first workflow and running into all sorts of issues. I’m trying to use a webhook to email form data and issues are:

I have the webhook accepting the data as long as I use a Response Header with ‘Name: access-control-allow-origin’ and ‘value: *’. If I tried to change the ‘vaule’ to my website URL or remove the Response Header all together I get a CORS error. I don’t want other sites to have access although that is better than not being able to send any data at all to n8n (for the moment).
I set up an email node straight after the webhook but am getting an SSL error (below). Unfortunately all of the answers I can find relating to SSL errors mention switching to Ubuntu version which makes things worse for me. I am using a Docker Stack (Swarm) and my website and 8n8 sub-domain are both in the same Stack file. When I switch to ‘n8nio/n8n:0.78.0-ubuntu’ or ‘n8nio/n8n:0.76.0-ubuntu’ and take the stack down and back up I end up with 404 errors on my site and on the 8n8 sub-domain so can’t access either. The stack launches without any errors so I have know idea what’s breaking it. The main website is using the alpine version of the ghost image … could the n8n-ubuntu service be interfering with the ghost-alpine one? Can’t see why as they are seperate containers.

Error: 139667430997320:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

Any ideas on why both sites break or has anyone got any way of getting around the SSL error without running ubuntu.

Thanks

Tephlon · August 24, 2020, 9:50pm

@mindgonemad,

A quick question…have you tried accessing your site using http rather than https? If you have a proxy set up, this could be the issue as the proxy is expecting http data (even though the service behind it has an SSL certificate).

mindgonemad · August 24, 2020, 10:05pm

I’ll be honest and say that I usually search and copy & paste code until I get something to work but not always understanding how. I am using Traefik as a reverse-proxy for all my sites running on a single node Swarm. Traefik is set-up to redirect everything to https://my_site.com.au (drops the www and switches to http); this is the bit that works but I don’t grasp how. I don’t see how running the ubuntu version of 8n8 would affect this but anything is possible.
Not sure if this answers your question but unfortunately I’m not fully grasping what you are saying. Feel free to rephrase if you have time.
Thanks

Tephlon · August 24, 2020, 10:12pm

Hey @mindgonemad,

Maybe a different approach. Would you be able to post a copy of your workflow? It may help us to see things a bit more clearly.

mindgonemad · August 25, 2020, 5:15am

I downloaded the workflow and copied the JSON (below), assuming that is what you are after.
The form I’m using is located at Contact Us just in case you want/need it.
Below the workflow is the Docker Stack code I’m running in case thats helpful… privacy aspects replaced with [PRIVATE]… shitty way of saying it but can’t think of the right words .

Error in the send email node (under execution):

Error: 139667430997320:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

docker-stack.yml (Traefik running in a different stack).

version: "3.7"

services:
  ghost:
    image: ghost:3.26-alpine
    volumes:
      - ghost-content:/var/lib/ghost/content
    networks:
      - traefik-public
    environment:
      - url=https://infinityabk.com.au
    deploy:
      placement:
              constraints:
                - node.role == manager
      labels:
        traefik.enable: "true"
        traefik.http.routers.abk.rule: "Host(`infinityabk.com.au`)"
        traefik.http.routers.abk.entrypoints: websecure
        # Let's Encrypt (TLS)
        traefik.http.routers.abk.tls: "true"
        traefik.http.routers.abk.tls.certresolver: leresolver
        traefik.http.routers.abk.tls.domains[0].main: infinityabk.com.au
        traefik.http.routers.abk.tls.domains[0].sans: www.infinityabk.com.au
        # Swarm Mode
        traefik.http.services.abk.loadbalancer.server.port: 2368
        # Network
        #traefik.docker.network: "traefik-public"
  
  n8n:
    image: n8nio/n8n:0.78.0
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - n8n:/root/.n8n
    networks:
      - traefik-public
    ports:
      - 5678:5678
    environment:
      N8N_BASIC_AUTH_ACTIVE: "true"
      N8N_BASIC_AUTH_USER: "[PRIVATE]"
      N8N_BASIC_AUTH_PASSWORD: "[PRIVATE]"
      N8N_HOST: "n8n.infinityabk.com.au"
      N8N_PORT: "5678"
      N8N_PROTOCOL: "https"
      NODE_ENV: "production"
      WEBHOOK_TUNNEL_URL: "https://n8n.infinityabk.com.au/"
      VUE_APP_URL_BASE_API: "https://n8n.infinityabk.com.au/"
      GENERIC_TIMEZONE: "Australia/Sydney"
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.routers.n8n.rule: "Host(`n8n.infinityabk.com.au`)"
        traefik.http.routers.n8n.entrypoints: websecure
        # Let's Encrypt (TLS)
        traefik.http.routers.n8n.tls: "true"
        traefik.http.routers.n8n.tls.certresolver: leresolver
        traefik.http.routers.n8n.tls.domains[0].main: n8n.infinityabk.com.au
        traefik.http.routers.n8n.tls.domains[0].sans: www.n8n.infinityabk.com.au
        # Swarm Mode
        traefik.http.services.n8n.loadbalancer.server.port: 5678
        # Network
        traefik.docker.network: "traefik-public"
        # Headers (n8n)
        traefik.http.middlewares.n8n.headers.SSLRedirect: "true"
        traefik.http.middlewares.n8n.headers.STSSeconds: "315360000"
        traefik.http.middlewares.n8n.headers.browserXSSFilter: "true"
        traefik.http.middlewares.n8n.headers.contentTypeNosniff: "true"
        traefik.http.middlewares.n8n.headers.forceSTSHeader: "true"
        traefik.http.middlewares.n8n.headers.SSLHost: "n8n.infinityabk.com.au"
        traefik.http.middlewares.n8n.headers.STSIncludeSubdomains: "true"
        traefik.http.middlewares.n8n.headers.STSPreload: "true"

volumes:
  ghost-content:
  n8n:

networks:
  traefik-public:
    external: true

Tephlon · August 25, 2020, 11:44am

This is exactly what I was looking for. Let me take a look at it today and see what I can find.

mindgonemad · August 25, 2020, 9:13pm

You probably already assume it, but thought I should clarify that I’m using a “XMLHttpRequest” in Javascript for sending the form data without leaving the page. That would be why I am getting a CORS issue. I did try sending the form using the standard way when I was playing with IFTTT (before finding n8n), but I would be redirected to an IFTTT page which wasn’t acceptable. I’m bringing it up in case a standard form submission is preferable, as long as a redirect back to a ‘form submitted’ page on our website is possible that alternative might work… doesn’t help with the email though .

Thanks for looking into it and hope you can figure something out.

mindgonemad · September 3, 2020, 5:32am

I kind of got it working. I was trying to use my own email account that required SSL and had zero luck as kept getting the same error.

If I turned off SSL I received an authentication error instead
if I switched to using the ubuntu image on an independent Docker it gave the same SSL error but if I incorporated it into the Docker Stack with the website then I would get 404 errors on both the site and the n8n sub domain.

The only way I could get it to work was by switch to using my wife’s Office 365 email which doesn’t require SSL and therefore works without error, though now I will have to deal with her getting annoyed with all the test emails while I continue to try and set up the workflow.