feat: implement DNS-over-HTTPS fallback via custom preload script to resolve connectivity issues on HuggingFace Spaces

Dockerfile

@@ -28,6 +28,7 @@ RUN mkdir -p /home/node/app /home/node/.n8n && \
 WORKDIR /home/node/app
 
 COPY --chown=node:node health-server.js /home/node/app/health-server.js
+COPY --chown=node:node dns-fix.js /home/node/app/dns-fix.js
 COPY --chown=node:node n8n-sync.py /home/node/app/n8n-sync.py
 COPY --chown=node:node setup-uptimerobot.sh /home/node/app/setup-uptimerobot.sh
 COPY --chown=node:node start.sh /home/node/app/start.sh

README.md

@@ -14,7 +14,7 @@ secrets:
 
 # 🔗 Hugging8n
 
-**Self-hosted n8n workflow automation — free, no server needed.** Hugging8n runs [n8n](https://n8n.io) on HuggingFace Spaces Docker, serving a premium dashboard at `/` and the n8n editor at `/app/`.
+**Self-hosted n8n workflow automation — free, no server needed.** Hugging8n runs [n8n](https://n8n.io) on HuggingFace Spaces Docker, serving a premium dashboard at `/` and the n8n editor is accessible via the dashboard.
 
 ## ✨ Features
 
@@ -56,7 +56,7 @@ You can customize Hugging8n using Environment Variables (Settings > Variables):
 ## 🔐 Authentication & Security
 
 Hugging8n uses n8n's native user management.
-- The first person to visit `/app/` on a fresh install becomes the **Owner**.
+- The first person to access the n8n editor on a fresh install becomes the **Owner**.
 - **Important:** If you delete the Space and haven't set up `HF_TOKEN`, your users and workflows will be lost.
 - **Permissions:** The startup script uses `umask 0077` to ensure all sensitive data is restricted to the node user.
 
@@ -69,7 +69,7 @@ Hugging8n automatically creates and maintains a private dataset in your Hugging
 ## 🏗️ Architecture
 
 - `/` : **Premium Dashboard** (Management & Monitoring)
-- `/app/` : **n8n Workflow Editor**
+- All other paths (e.g., `/home/workflows`) : Proxied to **n8n Workflow Editor**
 - `/health` : **Health Check** (Used by the internal proxy and external monitors)
 
 ---

dns-fix.js

@@ -0,0 +1,108 @@
+/**
+ * DNS fix preload script for HF Spaces.
+ *
+ * Patches Node.js dns.lookup to:
+ * 1. Try system DNS first
+ * 2. Fall back to DNS-over-HTTPS (Cloudflare) if system DNS fails
+ *    (This is needed because HF Spaces intercepts/blocks some domains like
+ *    WhatsApp web or Telegram API via standard UDP DNS).
+ *
+ * Loaded via: NODE_OPTIONS="--require /opt/dns-fix.js"
+ */
+"use strict";
+
+const dns = require("dns");
+const https = require("https");
+
+// In-memory cache for runtime DoH resolutions
+const runtimeCache = new Map(); // hostname -> { ip, expiry }
+
+// DNS-over-HTTPS resolver
+function dohResolve(hostname, callback) {
+  // Check runtime cache
+  const cached = runtimeCache.get(hostname);
+  if (cached && cached.expiry > Date.now()) {
+    return callback(null, cached.ip);
+  }
+
+  const url = `https://1.1.1.1/dns-query?name=${encodeURIComponent(hostname)}&type=A`;
+  const req = https.get(
+    url,
+    { headers: { Accept: "application/dns-json" }, timeout: 15000 },
+    (res) => {
+      let body = "";
+      res.on("data", (c) => (body += c));
+      res.on("end", () => {
+        try {
+          const data = JSON.parse(body);
+          const aRecords = (data.Answer || []).filter((a) => a.type === 1);
+          if (aRecords.length === 0) {
+            return callback(new Error(`DoH: no A record for ${hostname}`));
+          }
+          const ip = aRecords[0].data;
+          const ttl = Math.max((aRecords[0].TTL || 300) * 1000, 60000);
+          runtimeCache.set(hostname, { ip, expiry: Date.now() + ttl });
+          callback(null, ip);
+        } catch (e) {
+          callback(new Error(`DoH parse error: ${e.message}`));
+        }
+      });
+    }
+  );
+  req.on("error", (e) => callback(new Error(`DoH request failed: ${e.message}`)));
+  req.on("timeout", () => {
+    req.destroy();
+    callback(new Error("DoH request timed out"));
+  });
+}
+
+// Monkey-patch dns.lookup
+const origLookup = dns.lookup;
+
+dns.lookup = function patchedLookup(hostname, options, callback) {
+  // Normalize arguments (options is optional, can be number or object)
+  if (typeof options === "function") {
+    callback = options;
+    options = {};
+  }
+  if (typeof options === "number") {
+    options = { family: options };
+  }
+  options = options || {};
+
+  // Skip patching for localhost, IPs, and internal domains
+  if (
+    !hostname ||
+    hostname === "localhost" ||
+    hostname === "0.0.0.0" ||
+    hostname === "127.0.0.1" ||
+    hostname === "::1" ||
+    /^\d+\.\d+\.\d+\.\d+$/.test(hostname) ||
+    /^::/.test(hostname)
+  ) {
+    return origLookup.call(dns, hostname, options, callback);
+  }
+
+  // 1) Try system DNS first
+  origLookup.call(dns, hostname, options, (err, address, family) => {
+    if (!err && address) {
+      return callback(null, address, family);
+    }
+
+    // 2) System DNS failed with ENOTFOUND or EAI_AGAIN — fall back to DoH
+    if (err && (err.code === "ENOTFOUND" || err.code === "EAI_AGAIN")) {
+      dohResolve(hostname, (dohErr, ip) => {
+        if (dohErr || !ip) {
+          return callback(err); // Return original error
+        }
+        if (options.all) {
+          return callback(null, [{ address: ip, family: 4 }]);
+        }
+        callback(null, ip, 4);
+      });
+    } else {
+      // Other DNS errors — pass through
+      callback(err, address, family);
+    }
+  });
+};

start.sh

@@ -35,8 +35,8 @@ export N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS="${N8N_ENFORCE_SETTINGS_FILE_PERMIS
 export GENERIC_TIMEZONE="${GENERIC_TIMEZONE:-${TZ:-UTC}}"
 export TZ="${TZ:-$GENERIC_TIMEZONE}"
 
-# Force IPv4 resolution to prevent Node.js IPv6 timeouts (Fixes "Client network socket disconnected" for Discord/outbound requests)
-export NODE_OPTIONS="--dns-result-order=ipv4first"
+# Force IPv4 resolution and apply custom DNS fallback for HF Spaces
+export NODE_OPTIONS="--dns-result-order=ipv4first --require /home/node/app/dns-fix.js"
 
 # Disable noisy or unnecessary services
 export N8N_PYTHON_NODES_ENABLED="${N8N_PYTHON_NODES_ENABLED:-false}"