Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't access dappnode via local proxy (403) #88

Open
ulope opened this issue Feb 26, 2024 · 1 comment
Open

Can't access dappnode via local proxy (403) #88

ulope opened this issue Feb 26, 2024 · 1 comment

Comments

@ulope
Copy link

ulope commented Feb 26, 2024

Describe the bug

Accessing the UI via the local proxy (i.e. dappnode.local) returns a 403 Forbidden error.

It appears that the hardcoded allowed IP ranges don't include the 172.33/16 network.
Possibly related issues: dappnode/DNP_DAPPMANAGER#951 and #61

To Reproduce

Unsure, after initial install local access worked but after about a week and a couple of reboots this behaviour started happening.

Expected behavior

Local access to work

DAppNode version:

Core DAppNode Packages versions
bind.dnp.dappnode.eth: 0.2.11
core.dnp.dappnode.eth: 0.2.90
dappmanager.dnp.dappnode.eth: 0.2.84, commit: 657ee5f4
https.dnp.dappnode.eth: 0.2.1
ipfs.dnp.dappnode.eth: 0.2.22
wifi.dnp.dappnode.eth: 0.2.9
wireguard.dnp.dappnode.eth: 0.1.3

System info
dockerComposeVersion: 2.21.0
dockerServerVersion: 20.10.24+dfsg1
dockerCliVersion: 20.10.24+dfsg1
os: debian
versionCodename: bookworm
architecture: amd64
kernel: 6.1.0-15-amd64

Additional context

Some probably relevant context:

  • docker exec DAppNodeCore-https.dnp.dappnode.eth ip addr:
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:21:00:0c brd ff:ff:ff:ff:ff:ff
    inet 172.33.0.12/16 brd 172.33.255.255 scope global eth0
    valid_lft forever preferred_lft forever

  • docker exec DAppNodeCore-https.dnp.dappnode.eth cat /var/log/nginx/error.log:

    2024/02/26 09:36:07 [error] 23#23: *10 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"

  • docker exec DAppNodeCore-https.dnp.dappnode.eth cat /etc/nginx/conf.d/localproxy.conf:

    server {
    server_name   dappnode.local;
    listen        80;
    listen [::]:80;
    resolver 172.33.1.2;

    allow 10.0.0.0/8;
    allow 172.16.0.0/12;
    allow 192.168.0.0/16;
    allow fc00::/7;
    allow fe80::/10;

    deny all;
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://my.dappnode;
    }
}

  • docker network inspect dncore_network:

    [
    {
        "Name": "dncore_network",
        "Id": "1032651cfbe0383685a7c4eff4e0e0a0d9f3fac42596ad25c99613bc71fedf55",
        "Created": "2024-01-04T04:38:22.942785719+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.33.0.0/16",
                    "Gateway": "172.33.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "1266f2981ddd954b9780c7037dfc863f20ef3487aabffb56a4f881fa2f7cf9ae": {
                "Name": "DAppNodePackage-prometheus.ethical-metrics.dnp.dappnode.eth",
                "EndpointID": "577a0ca6088e0bf0313787fa7c404b1d72fab7234fa0203c77dcd48f0763818a",
                "MacAddress": "02:42:ac:21:00:03",
                "IPv4Address": "172.33.0.3/16",
                "IPv6Address": ""
            },
            "12b1d869f8b9f82d92f099f848a9748535edb586bd8d27fb998c745a7810de09": {
                "Name": "DAppNodePackage-node-exporter.dappnode-exporter.dnp.dappnode.eth",
                "EndpointID": "7b4de98f24d3826b778ae419fc6de046e60c256055a053d4720d6e60b0a6cd1c",
                "MacAddress": "02:42:ac:21:00:06",
                "IPv4Address": "172.33.0.6/16",
                "IPv6Address": ""
            },
            "37a24cf32a642f6dc598974ad377d8351b8b57beba0218c23b424fe5e44de813": {
                "Name": "DAppNodeCore-api.wireguard.dnp.dappnode.eth",
                "EndpointID": "09970fb363868d1e24ff01faea6c1f6573ca7795d2731b8fa49fcaec272dca93",
                "MacAddress": "02:42:ac:21:00:13",
                "IPv4Address": "172.33.0.19/16",
                "IPv6Address": ""
            },
            "41f17ef4f6757c85103e0a5fe6e6792d6f91ca4e3ab44950c585b7e853bba4e8": {
                "Name": "DAppNodePackage-stakers-metrics.dappnode-exporter.dnp.dappnode.eth",
                "EndpointID": "1ff4d512e2d45e94b83d960134937e1c68fb7080a6d43a14ca20b5d7d3e65c51",
                "MacAddress": "02:42:ac:21:00:07",
                "IPv4Address": "172.33.0.7/16",
                "IPv6Address": ""
            },
            "43ed2a77a1433d92d4b4a55cc72e2b93f674578317eac110e44792c811ccfd79": {
                "Name": "DAppNodePackage-validator.lighthouse.dnp.dappnode.eth",
                "EndpointID": "9c33976452de838f0a1ba6a9dac8b3335af00fa6cc2f78b989e22eb739f16c98",
                "MacAddress": "02:42:ac:21:00:04",
                "IPv4Address": "172.33.0.4/16",
                "IPv6Address": ""
            },
            "478f0bdf3a0d4e81724df142a72f4358b9b44bdacb2350212bbef09fa788a310": {
                "Name": "DAppNodePackage-brain.web3signer-holesky.dnp.dappnode.eth",
                "EndpointID": "2cd7199cc12f5e237f81d6062b6dc2234539262e174fdc2ca2592473b1214bdc",
                "MacAddress": "02:42:ac:21:00:10",
                "IPv4Address": "172.33.0.16/16",
                "IPv6Address": ""
            },
            "4d88771f0b47c88b7ff05bb2319da18d6a1b569067e2850d13dd1dce353f4fac": {
                "Name": "DAppNodeCore-ipfs.dnp.dappnode.eth",
                "EndpointID": "0467b9f56533bb1f5d8d026660354841d04b0d077e57c490a82b4c9fa1e16965",
                "MacAddress": "02:42:ac:21:00:0d",
                "IPv4Address": "172.33.0.13/16",
                "IPv6Address": ""
            },
            "5fca8041a951da857e090364d9f5e6c6f766c18a8289dd89f36b1d1e4738fbda": {
                "Name": "DAppNodePackage-nethermind.nethermind.public.dappnode.eth",
                "EndpointID": "2060e96910863a87a43f79925e99e2fe0911f815e1e5d5fb6e189d9759be99b4",
                "MacAddress": "02:42:ac:21:00:15",
                "IPv4Address": "172.33.0.21/16",
                "IPv6Address": ""
            },
            "6afd3deb6f965a4aa455dbe58a92f36f5fbaae481a68feeefbf6f9e3ae5d100c": {
                "Name": "DAppNodePackage-cadvisor.dappnode-exporter.dnp.dappnode.eth",
                "EndpointID": "62fad4a53b98a8efe761cb63076e190aa189158f3f1a52b1fa01e24c77d33fae",
                "MacAddress": "02:42:ac:21:00:05",
                "IPv4Address": "172.33.0.5/16",
                "IPv6Address": ""
            },
            "88a9d7c8a3c9b50fcb65c30ba7a3f02765284dc7b13b59f8299ef5ea0af05048": {
                "Name": "DAppNodePackage-erigon.holesky-erigon.dnp.dappnode.eth",
                "EndpointID": "c6a87ed0b22ee142e7698b91b5d2308f96e6b6b548c291ed627f392e4735f950",
                "MacAddress": "02:42:ac:21:00:18",
                "IPv4Address": "172.33.0.24/16",
                "IPv6Address": ""
            },
            "8c6590fbc8e0a84b154bdbe08c6863a7f7b70de34ab794cdb71d3dbc83775d92": {
                "Name": "DAppNodePackage-charon-validator-1.holesky-obol.dnp.dappnode.eth",
                "EndpointID": "4b6a6176e01507fb3adf5fc744887203f0aff0f39f74c20650e3aff8aad14712",
                "MacAddress": "02:42:ac:21:00:11",
                "IPv4Address": "172.33.0.17/16",
                "IPv6Address": ""
            },
            "8ddc9a66756443c4baa1332e9843d2cf28b171d0bdae5aeb1716c745d82dccd7": {
                "Name": "DAppNodePackage-manager.dms.dnp.dappnode.eth",
                "EndpointID": "b3200f1e3977465f50c5a39a27ad3a8b56079f299c57a2df31b5ad359dfdbc73",
                "MacAddress": "02:42:ac:21:00:0b",
                "IPv4Address": "172.33.0.11/16",
                "IPv6Address": ""
            },
            "9bd88f59c485f75c77b5a43ff4a65e1e77d17ca743c7aec06b572620d6681d19": {
                "Name": "DAppNodePackage-grafana.dms.dnp.dappnode.eth",
                "EndpointID": "38b694f57d7df077079d142716eade1de4b4564f653008e58c8cc4ab2ff7c9a9",
                "MacAddress": "02:42:ac:21:00:0f",
                "IPv4Address": "172.33.0.15/16",
                "IPv6Address": ""
            },
            "a08ea7afa8096a5f345d4e7d657eb7fe79173ad0ad856f0e75c03a53f02c4066": {
                "Name": "DAppNodePackage-prometheus.dms.dnp.dappnode.eth",
                "EndpointID": "da9f7a6145f868d21119b3056a9451a5c4ddc52eeb0d55b74e9b52dc726679fa",
                "MacAddress": "02:42:ac:21:00:16",
                "IPv4Address": "172.33.0.22/16",
                "IPv6Address": ""
            },
            "a155c8ad0bdd75aa37be5a10d127c9c5da083c7f5542e5adaa69fccb0838fc55": {
                "Name": "DAppNodePackage-api-ui.ethical-metrics.dnp.dappnode.eth",
                "EndpointID": "cdaee4efe16aef4757f111b23f93485f5bcbfea059838f7629a0e50440c7015f",
                "MacAddress": "02:42:ac:21:00:12",
                "IPv4Address": "172.33.0.18/16",
                "IPv6Address": ""
            },
            "a3b88189ac07cb64955a8ecc3a73f683f869a354dfcf0fd729e4844acdbbfcd2": {
                "Name": "DAppNodeCore-dappmanager.dnp.dappnode.eth",
                "EndpointID": "a45a8104dab8a6874d2d5539a036512dc2e9379d5410461f35b7d2f85238bec3",
                "MacAddress": "02:42:ac:21:01:07",
                "IPv4Address": "172.33.1.7/16",
                "IPv6Address": ""
            },
            "a7887f8464e5164f21b5778d14dc2889f9e587bf497a1bfd7d096b3a82d3b54e": {
                "Name": "DAppNodePackage-beacon-chain.lighthouse.dnp.dappnode.eth",
                "EndpointID": "f597cc8fcb1031e00c0199790a55d4812c6d76d509bcf66a5a06a5c65f5f1fc8",
                "MacAddress": "02:42:ac:21:00:02",
                "IPv4Address": "172.33.0.2/16",
                "IPv6Address": ""
            },
            "a99aa3786ca88bccf6a0596350e533667f90b0c136d76b5d9bb9fd2ef9caa5d1": {
                "Name": "DAppNodePackage-beacon-chain.lighthouse-holesky.dnp.dappnode.eth",
                "EndpointID": "b14aee3d9547439d731cbfa25066f739fa8259dcda42355c515d77f309b3c78b",
                "MacAddress": "02:42:ac:21:00:0a",
                "IPv4Address": "172.33.0.10/16",
                "IPv6Address": ""
            },
            "db6b63667224b3813cdf1574d48c5c63c2cb842c8f70486932b297f19a5b962d": {
                "Name": "DAppNodePackage-validator.lighthouse-holesky.dnp.dappnode.eth",
                "EndpointID": "3fa7efd86ff90e0013d85dc0fd1b9522a5a5ecb83fd7e254749317c28e3cbfaa",
                "MacAddress": "02:42:ac:21:00:14",
                "IPv4Address": "172.33.0.20/16",
                "IPv6Address": ""
            },
            "dfb91f9351dedc23e7611c05c0b6f22ae8b3796dc0a6ad570b33d2f695bd56d3": {
                "Name": "DAppNodePackage-postgres.web3signer-holesky.dnp.dappnode.eth",
                "EndpointID": "0a9e2e2aea8026c5387a2902f6790fd48003b987a5ff8a1fe0118ec6c0feecd6",
                "MacAddress": "02:42:ac:21:00:09",
                "IPv4Address": "172.33.0.9/16",
                "IPv6Address": ""
            },
            "eedf3b44a495cdb472cc5037f04dda4407b17c4c81fb5086f2d18947ff6eba1e": {
                "Name": "DAppNodePackage-loki.dms.dnp.dappnode.eth",
                "EndpointID": "084f6a7da75b23b3b93572174b6689b36db9b00125f76060a59d93bf9c440933",
                "MacAddress": "02:42:ac:21:00:08",
                "IPv4Address": "172.33.0.8/16",
                "IPv6Address": ""
            },
            "f167e8258818f3b1f528f623d5abae7483b448139a9bf27c04213d434fc15daf": {
                "Name": "DAppNodePackage-web3signer.web3signer-holesky.dnp.dappnode.eth",
                "EndpointID": "1fbbcd99459132399a52d1e05ba14cbb5c411d3d5a77cc813bff5739e3e9e607",
                "MacAddress": "02:42:ac:21:00:19",
                "IPv4Address": "172.33.0.25/16",
                "IPv6Address": ""
            },
            "f3340a2589e636964e55a17546e70b3fca34df5591a8d64478aeacc26ff5700f": {
                "Name": "DAppNodeCore-bind.dnp.dappnode.eth",
                "EndpointID": "94f1f8301aafd6f3ad8f398fa048ec73160ea710414e69e62bf72e27c69a681b",
                "MacAddress": "02:42:ac:21:01:02",
                "IPv4Address": "172.33.1.2/16",
                "IPv6Address": ""
            },
            "f555422dd4e22f53e41971f6fb799ceeb40587e2608ffde1f4a03aa4b162291a": {
                "Name": "DAppNodePackage-tor-hidden-service.ethical-metrics.dnp.dappnode.eth",
                "EndpointID": "fabcf1029ac9a6728758a2ff309eea1af67e04c02c32ce6dc9cfb1ff810403dd",
                "MacAddress": "02:42:ac:21:00:17",
                "IPv4Address": "172.33.0.23/16",
                "IPv6Address": ""
            },
            "fa0c53b48144c58afe51528bca358a6af39df89b4464c2b616cf73050dfce7cb": {
                "Name": "DAppNodeCore-https.dnp.dappnode.eth",
                "EndpointID": "0772f36dd2f2c890e38449cb0752e1d8a107b6fcb5fac2c7b4b969488382408d",
                "MacAddress": "02:42:ac:21:00:0c",
                "IPv4Address": "172.33.0.12/16",
                "IPv6Address": ""
            },
            "fade0b509bdadf010915aea58d3b90deb8474c2de5838ed638d81071496f49e1": {
                "Name": "DAppNodeCore-wireguard.wireguard.dnp.dappnode.eth",
                "EndpointID": "33e8f0e7ee4ac82050795e55e6dae3434c2367e493976188f245c2d6d28cb197",
                "MacAddress": "02:42:ac:21:00:0e",
                "IPv4Address": "172.33.0.14/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
@yoshietao0216
Copy link

you can update the template in the docker and then restart the https node

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ulope @yoshietao0216