Error: nginx - 403 Forbidden #368
Description
@ssteiger commented on Mon Aug 02 2021
Hey,
I'm trying to run the installer script on ubuntu and I'm having some issues with nginx.
After I run sudo wget -O - https://installer.dappnode.io | sudo bash and then go to http://dappnode.local
I get the error
403 Forbidden nginx
Any ideas? Where can I look at or update the nginx settings?
@pablomendezroyo commented on Mon Aug 02 2021
hey! installing dappnode through script does not ensure that you will be able to access dappnode UI through the Local Proxy dappnode.local
This is because the port 80 may be in use by any other process in your host and this port is needed to install the DNP_HTTPS necessary to use this feature.
Access to the dappnode UI by connecting to DAppNodeWifi, and going then to http://my.dappnode, then you could configure the Local proxy feature
@ssteiger commented on Mon Aug 02 2021
hey @pablomendezroyo thanks for the help!
Just re-installed everything.
I'm pretty sure port 80 isn't used by any other process. Also there is no 403 Forbidden nginx message before I run the dappnode install script (but after running it, it appears)
@ssteiger commented on Wed Aug 04 2021
I'm seeing the following error on the dappmanager.dnp.dappnode.eth:0.2.42 image:
INFO [modules/dyndns/updateIp:68] dyndns: Updated IP successfully: Your dynamic domain d30ea32c6d93b594.dyndns.dappnode.io has been updated to 91.54.183.62
ERROR [daemons/natRenewal:83] Error openning port 4001 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 4001 4001 TCP 7200
ERROR [daemons/vpnBridge:22] Error fetching VPN data
ERROR [daemons/natRenewal:83] Error openning port 443 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 443 443 TCP 7200
ERROR [daemons/natRenewal:83] Error openning port 80 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 80 80 TCP 7200
ERROR [daemons/natRenewal:104] Port 4002 UDP is not open
ERROR [daemons/natRenewal:104] Port 4001 TCP is not open
ERROR [daemons/natRenewal:104] Port 443 TCP is not open
ERROR [daemons/natRenewal:104] Port 80 TCP is not open
$ netstat -ntlp | grep LISTEN
gives:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 34618/docker-proxy
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 505/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 724/sshd: /usr/sbin
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 739/cupsd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 34597/docker-proxy
tcp 0 0 0.0.0.0:4001 0.0.0.0:* LISTEN 35204/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 34626/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 724/sshd: /usr/sbin
tcp6 0 0 ::1:631 :::* LISTEN 739/cupsd
tcp6 0 0 :::443 :::* LISTEN 34604/docker-proxy
tcp6 0 0 :::4001 :::* LISTEN 35211/docker-proxy
Any ideas on how to further debug this?
@pablomendezroyo commented on Wed Aug 04 2021
I'm seeing the following error on the
dappmanager.dnp.dappnode.eth:0.2.42image:INFO [modules/dyndns/updateIp:68] dyndns: Updated IP successfully: Your dynamic domain d30ea32c6d93b594.dyndns.dappnode.io has been updated to 91.54.183.62 ERROR [daemons/natRenewal:83] Error openning port 4001 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 4001 4001 TCP 7200 ERROR [daemons/vpnBridge:22] Error fetching VPN data ERROR [daemons/natRenewal:83] Error openning port 443 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 443 443 TCP 7200 ERROR [daemons/natRenewal:83] Error openning port 80 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 80 80 TCP 7200 ERROR [daemons/natRenewal:104] Port 4002 UDP is not open ERROR [daemons/natRenewal:104] Port 4001 TCP is not open ERROR [daemons/natRenewal:104] Port 443 TCP is not open ERROR [daemons/natRenewal:104] Port 80 TCP is not open
$ netstat -ntlp | grep LISTENgives:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 34618/docker-proxy tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 505/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 724/sshd: /usr/sbin tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 739/cupsd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 34597/docker-proxy tcp 0 0 0.0.0.0:4001 0.0.0.0:* LISTEN 35204/docker-proxy tcp6 0 0 :::80 :::* LISTEN 34626/docker-proxy tcp6 0 0 :::22 :::* LISTEN 724/sshd: /usr/sbin tcp6 0 0 ::1:631 :::* LISTEN 739/cupsd tcp6 0 0 :::443 :::* LISTEN 34604/docker-proxy tcp6 0 0 :::4001 :::* LISTEN 35211/docker-proxyAny ideas on how to further debug this?
these are not errors at all. Seems like the dappnode is not able to open ports on the router using UPnP, thats all. The error from: no vpn data, is not an error but change in the vpn client we did so we will ahve to modify that warning.
Can you connect to your dappnode using any other method (vpn, wireguard, dappnodewifi) and check from the UI the status of the Local Proxy thing?
@ssteiger commented on Wed Aug 04 2021
I installed the ubuntu desktop ui and I'm now working directly on the server.
Opening dappnode.local on the server gives
403 Forbidden - nginx
https.dnp.dappnode.eth:0.1.1 logs give:
Server listening on: http://0.0.0.0:5000
server: dappnode.local,
request: "GET / HTTP/1.1", host: "dappnode.local"
error: access forbidden by rule
Logs:
wireguard.wireguard.dnp.dappnode.eth:0.1.0 logs:
**** Server mode is selected ****
**** Fetching DAppNode domain...
**** Fetching DAppNode domain...
**** Fetching DAppNode domain...
**** Fetching DAppNode domain...
**** SERVERURL var is either not set or is set to "auto", setting external IP to auto detected value of 649c3daa1dd2902d.dyndns.dappnode.io ****
**** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****
**** Internal subnet is set to 10.24.0.0 ****
**** AllowedIPs for peers 172.33.0.0/16,10.20.0.0/24 ****
**** Peer DNS servers will be set to 172.33.1.2,10.20.0.2 ****
**** No wg0.conf found (maybe an initial install), generating 1 server and dappnode_admin peer/client confs ****
grep: /config/peer*/*.conf: No such file or directory
PEER dappnode_admin QR code:
[cont-init.d] 30-config: exited 0.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
.:53
CoreDNS-1.8.4
linux/amd64, go1.16.4, 053c4d5
[#] ip -4 address add 10.24.0.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.24.0.2/32 dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
api.wireguard.dnp.dappnode.eth:0.1.0 logs:
Listening on port 80
wifi.dnp.dappnode.eth:0.2.7 logs:
/bin/wlanstart.sh: line 69: [: too many arguments
to containererface ls: /sys/class/ieee80211/*/device/net: No such file or directory
/bin/wlanstart.sh: line 83: [: too many arguments
already connected. WIFI hotspot cannot be initialized since the host machine is using it
api.wireguard.dnp.dappnode.eth:0.1.0 logs:
Listening on port 80
ipfs.dnp.dappnode.eth:0.2.14 logs:
Initializing daemon...
go-ipfs version: 0.7.0
Repo version: 10
System version: amd64/linux
Golang version: go1.14.4
Swarm listening on /ip4/127.0.0.1/tcp/4001
Swarm listening on /ip4/127.0.0.1/udp/4001/quic
Swarm listening on /ip4/172.33.1.5/tcp/4001
Swarm listening on /ip4/172.33.1.5/udp/4001/quic
Swarm listening on /p2p-circuit
Swarm announcing /ip4/127.0.0.1/tcp/4001
Swarm announcing /ip4/127.0.0.1/udp/4001/quic
Swarm announcing /ip4/172.33.1.5/tcp/4001
Swarm announcing /ip4/172.33.1.5/udp/4001/quic
Swarm announcing /ip4/91.54.183.62/udp/4001/quic
API server listening on /ip4/0.0.0.0/tcp/5001
WebUI: http://0.0.0.0:5001/webui
Gateway (readonly) server listening on /ip4/0.0.0.0/tcp/8080
Daemon is ready
https.dnp.dappnode.eth:0.1.1 logs:
Server listening on: http://0.0.0.0:5000
2021/08/04 15:43:12 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local"
2021/08/04 15:43:12 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET /favicon.ico HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"
2021/08/04 15:43:13 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local"
2021/08/04 15:43:13 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET /favicon.ico HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"
2021/08/04 15:43:14 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local"
2021/08/04 15:43:15 [error] 270#270: *1 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET /favicon.ico HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"
2021/08/04 15:50:13 [error] 270#270: *2 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local"
2021/08/04 15:50:14 [error] 270#270: *2 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET /favicon.ico HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"
dappmanager.dnp.dappnode.eth:0.2.42 logs:
INFO [modules/dyndns/updateIp:68] dyndns: Updated IP successfully: Your dynamic domain 649c3daa1dd2902d.dyndns.dappnode.io has been updated to 91.54.183.62
ERROR [daemons/vpnBridge:22] Error fetching VPN data
ERROR [daemons/natRenewal:83] Error openning port 4002 UDP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 4002 4002 UDP 7200
ERROR [daemons/natRenewal:83] Error openning port 443 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 443 443 TCP 7200
ERROR [daemons/natRenewal:83] Error openning port 80 TCP: Command failed: docker run --rm --net=host --entrypoint=/usr/bin/upnpc dappmanager.dnp.dappnode.eth:0.2.42 -e DAppNode -a 192.168.178.29 80 80 TCP 7200
ERROR [daemons/natRenewal:104] Port 4001 TCP is not open
ERROR [daemons/natRenewal:104] Port 4002 UDP is not open
ERROR [daemons/natRenewal:104] Port 443 TCP is not open
ERROR [daemons/natRenewal:104] Port 80 TCP is not open
bind.dnp.dappnode.eth:0.2.6 logs:
2021-08-04 15:40:51,727 INFO Set uid to user 0 succeeded
2021-08-04 15:40:51,729 INFO supervisord started with pid 1
2021-08-04 15:40:52,731 INFO spawned: 'BIND_dnscrypt-proxy' with pid 8
2021-08-04 15:40:52,733 INFO spawned: 'BIND_named' with pid 9
[2021-08-04 15:40:52] [NOTICE] dnscrypt-proxy 2.0.42
[2021-08-04 15:40:52] [NOTICE] Network connectivity detected
[2021-08-04 15:40:52] [NOTICE] Source [public-resolvers] loaded
[2021-08-04 15:40:52] [NOTICE] Firefox workaround initialized
[2021-08-04 15:40:52] [NOTICE] Now listening to 127.0.0.1:5353 [UDP]
[2021-08-04 15:40:52] [NOTICE] Now listening to 127.0.0.1:5353 [TCP]
[2021-08-04 15:40:52] [NOTICE] [cloudflare] OK (DoH) - rtt: 20ms
[2021-08-04 15:40:53] [NOTICE] [scaleway-fr] OK (DNSCrypt) - rtt: 45ms
[2021-08-04 15:40:53] [NOTICE] Sorted latencies:
[2021-08-04 15:40:53] [NOTICE] - 20ms cloudflare
[2021-08-04 15:40:53] [NOTICE] - 45ms scaleway-fr
[2021-08-04 15:40:53] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 20ms)
[2021-08-04 15:40:53] [NOTICE] dnscrypt-proxy is ready - live servers: 2
04-Aug-2021 15:40:53.121 all zones loaded
04-Aug-2021 15:40:53.121 running
2021-08-04 15:40:54,126 INFO success: BIND_dnscrypt-proxy entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2021-08-04 15:40:54,126 INFO success: BIND_named entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
04-Aug-2021 15:41:01.001 received control channel command 'showzone 649c3daa1dd2902d.dyndns.dappnode.io in dappmanager'
04-Aug-2021 15:41:01.005 received control channel command 'showzone 649c3daa1dd2902d.dyndns.dappnode.io in internal_domain'
04-Aug-2021 15:41:01.013 received control channel command 'addzone 649c3daa1dd2902d.dyndns.dappnode.io in dappmanager {type master; file "/etc/bind/dappnode.io.hosts"; allow-update{ 172.33.1.7;}; };'
04-Aug-2021 15:41:01.013 added zone 649c3daa1dd2902d.dyndns.dappnode.io in view dappmanager via addzone
04-Aug-2021 15:41:01.025 received control channel command 'delzone 649c3daa1dd2902d.dyndns.dappnode.io in dappmanager'
04-Aug-2021 15:41:01.025 zone 649c3daa1dd2902d.dyndns.dappnode.io scheduled for removal via delzone
04-Aug-2021 15:41:01.025 deleting zone 649c3daa1dd2902d.dyndns.dappnode.io in view dappmanager via delzone
04-Aug-2021 15:41:01.033 received control channel command 'addzone 649c3daa1dd2902d.dyndns.dappnode.io in internal_domain {type master; file "/etc/bind/dappnode.io.hosts"; };'
04-Aug-2021 15:41:01.057 added zone 649c3daa1dd2902d.dyndns.dappnode.io in view internal_domain via addzone
@seibelj commented on Mon Sep 06 2021
I have the exact same problem
@3alpha commented on Thu Sep 09 2021
HI!
Could you open logs of the package (http://my.dappnode/#/packages/https.dnp.dappnode.eth/logs) and find whether message Trying to determine subnet your DAppNode is in.. repeats itself?
If it does, there is an issue which probably can be solved by reinstalling package. Delete everything (package and data) and then you can reinstall it using DAppStore by pasting /ipfs/QmVsEiY9wn1HESFSuYwUowwX6U7E2wgCArCqzs2LNBUJyo in the search bar and toggling "Bypass core restriction" switch.
I am still figuring out underlying issue so this doesn't happens any more.