Umbrel Linux NUC install as second node creates a "Not allowed by CORS" error

Here I am, jotting down notes to get my 3rd node up and running for testing, and can’t get it to work.


  • First node is up and running on raspi, on fixed IP by DHCP, at umbrel.local
  • second node is a raspiblitz and blitzing away
  • third node is an Umbrel install on Debian 11, with fixed IP by DHCP, hostname debian-nuc.local

Details for 3rd Node

  • started via sudo NGINX_PORT=12345 ./umbrel/scripts/start since standard port already occupied by Node 1
  • hostname -I provides and 2 IPv6 Adresses
  • smelled like an avahi issue again, so deactivated IPv6 in the daemon.conf


Not allowed by CORS

Bitcoin is syncing away. LND is obviously waiting for a wallet to be created.
I’d be either fine to finally figure out where to look for getting the CORS error reason, the logfiles where to look further. Or some hints whether I can just create the wallet via lncli and forget about the UI altogether. But of course, would feel much more comfortable to figure out

  1. Why is that CORS error happening, really?
  2. Is there anything missing what I haven’t tried yet?

Thanks so much anyone for looking into this with me.

  • all nodes should have static IP set
  • each node, set name in lnd.conf
  • you can sync new node by setting the existing node IP in the LAN, already synced.
    bitcoin-cli addnode "" "onetry"

It will get the blocks faster and directly from your LAN node.

1 Like

I don´t know anything about these things, but would sugest you try a different browser to reach the servers.
Found some explication about Cors here

1 Like

Thanks all!

I’m going to continue with bare-metal now, allows for more flexibility and customization, and doesn’t bother me with challenges I don’t know how to overcome. So, compiling bitcoin, /rust/electrs and all by myself is my current approach. Stuck with rona isolation anyway :partying_face: :mask:

My assumption is that it’s still the avahi daemon, giving the docker instances, eth and IPv6 all the same host-name, which causing the Umbrel / Browser to think I’m accessing a cross-site-scripting attack site. Avahi is driving me crazy, cause due to it’s bug, it’s not recognizing that it should only assign ETH and ignore IPv6. So in case anyone runs into a similar issue, feel free to let me know here and I may share some further insights.

@DarthCoin as always appreciate your insights. Didn’t know about this internal way. But I had the joy of letting the nuc plow through the blockchain download in roundabout 24hours. This beast has power!

Also use the local hosts file.
Edit it with a line for each IP / machine name then all your browsers will read that info first.

I tryed to open the site and always get a error “not allowed by cors”, no matter what password. Get me curious about it…