Open ulope opened 8 months ago
Describe the bug
Accessing the UI via the local proxy (i.e. dappnode.local) returns a 403 Forbidden error.
dappnode.local
403 Forbidden
It appears that the hardcoded allowed IP ranges don't include the 172.33/16 network. Possibly related issues: https://github.com/dappnode/DNP_DAPPMANAGER/issues/951 and https://github.com/dappnode/DNP_HTTPS/pull/61
172.33/16
To Reproduce
Unsure, after initial install local access worked but after about a week and a couple of reboots this behaviour started happening.
Expected behavior
Local access to work
DAppNode version:
Core DAppNode Packages versions bind.dnp.dappnode.eth: 0.2.11 core.dnp.dappnode.eth: 0.2.90 dappmanager.dnp.dappnode.eth: 0.2.84, commit: 657ee5f4 https.dnp.dappnode.eth: 0.2.1 ipfs.dnp.dappnode.eth: 0.2.22 wifi.dnp.dappnode.eth: 0.2.9 wireguard.dnp.dappnode.eth: 0.1.3
System info dockerComposeVersion: 2.21.0 dockerServerVersion: 20.10.24+dfsg1 dockerCliVersion: 20.10.24+dfsg1 os: debian versionCodename: bookworm architecture: amd64 kernel: 6.1.0-15-amd64
Additional context
Some probably relevant context:
docker exec DAppNodeCore-https.dnp.dappnode.eth ip addr: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:21:00:0c brd ff:ff:ff:ff:ff:ff inet 172.33.0.12/16 brd 172.33.255.255 scope global eth0 valid_lft forever preferred_lft forever
docker exec DAppNodeCore-https.dnp.dappnode.eth ip addr
docker exec DAppNodeCore-https.dnp.dappnode.eth cat /var/log/nginx/error.log:
docker exec DAppNodeCore-https.dnp.dappnode.eth cat /var/log/nginx/error.log
2024/02/26 09:36:07 [error] 23#23: *10 access forbidden by rule, client: 172.33.0.1, server: dappnode.local, request: "GET / HTTP/1.1", host: "dappnode.local", referrer: "http://dappnode.local/"
docker exec DAppNodeCore-https.dnp.dappnode.eth cat /etc/nginx/conf.d/localproxy.conf:
docker exec DAppNodeCore-https.dnp.dappnode.eth cat /etc/nginx/conf.d/localproxy.conf
server { server_name dappnode.local; listen 80; listen [::]:80; resolver 172.33.1.2; allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; allow fc00::/7; allow fe80::/10; deny all; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://my.dappnode; } }
docker network inspect dncore_network:
docker network inspect dncore_network
[ { "Name": "dncore_network", "Id": "1032651cfbe0383685a7c4eff4e0e0a0d9f3fac42596ad25c99613bc71fedf55", "Created": "2024-01-04T04:38:22.942785719+01:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.33.0.0/16", "Gateway": "172.33.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "1266f2981ddd954b9780c7037dfc863f20ef3487aabffb56a4f881fa2f7cf9ae": { "Name": "DAppNodePackage-prometheus.ethical-metrics.dnp.dappnode.eth", "EndpointID": "577a0ca6088e0bf0313787fa7c404b1d72fab7234fa0203c77dcd48f0763818a", "MacAddress": "02:42:ac:21:00:03", "IPv4Address": "172.33.0.3/16", "IPv6Address": "" }, "12b1d869f8b9f82d92f099f848a9748535edb586bd8d27fb998c745a7810de09": { "Name": "DAppNodePackage-node-exporter.dappnode-exporter.dnp.dappnode.eth", "EndpointID": "7b4de98f24d3826b778ae419fc6de046e60c256055a053d4720d6e60b0a6cd1c", "MacAddress": "02:42:ac:21:00:06", "IPv4Address": "172.33.0.6/16", "IPv6Address": "" }, "37a24cf32a642f6dc598974ad377d8351b8b57beba0218c23b424fe5e44de813": { "Name": "DAppNodeCore-api.wireguard.dnp.dappnode.eth", "EndpointID": "09970fb363868d1e24ff01faea6c1f6573ca7795d2731b8fa49fcaec272dca93", "MacAddress": "02:42:ac:21:00:13", "IPv4Address": "172.33.0.19/16", "IPv6Address": "" }, "41f17ef4f6757c85103e0a5fe6e6792d6f91ca4e3ab44950c585b7e853bba4e8": { "Name": "DAppNodePackage-stakers-metrics.dappnode-exporter.dnp.dappnode.eth", "EndpointID": "1ff4d512e2d45e94b83d960134937e1c68fb7080a6d43a14ca20b5d7d3e65c51", "MacAddress": "02:42:ac:21:00:07", "IPv4Address": "172.33.0.7/16", "IPv6Address": "" }, "43ed2a77a1433d92d4b4a55cc72e2b93f674578317eac110e44792c811ccfd79": { "Name": "DAppNodePackage-validator.lighthouse.dnp.dappnode.eth", "EndpointID": "9c33976452de838f0a1ba6a9dac8b3335af00fa6cc2f78b989e22eb739f16c98", "MacAddress": "02:42:ac:21:00:04", "IPv4Address": "172.33.0.4/16", "IPv6Address": "" }, "478f0bdf3a0d4e81724df142a72f4358b9b44bdacb2350212bbef09fa788a310": { "Name": "DAppNodePackage-brain.web3signer-holesky.dnp.dappnode.eth", "EndpointID": "2cd7199cc12f5e237f81d6062b6dc2234539262e174fdc2ca2592473b1214bdc", "MacAddress": "02:42:ac:21:00:10", "IPv4Address": "172.33.0.16/16", "IPv6Address": "" }, "4d88771f0b47c88b7ff05bb2319da18d6a1b569067e2850d13dd1dce353f4fac": { "Name": "DAppNodeCore-ipfs.dnp.dappnode.eth", "EndpointID": "0467b9f56533bb1f5d8d026660354841d04b0d077e57c490a82b4c9fa1e16965", "MacAddress": "02:42:ac:21:00:0d", "IPv4Address": "172.33.0.13/16", "IPv6Address": "" }, "5fca8041a951da857e090364d9f5e6c6f766c18a8289dd89f36b1d1e4738fbda": { "Name": "DAppNodePackage-nethermind.nethermind.public.dappnode.eth", "EndpointID": "2060e96910863a87a43f79925e99e2fe0911f815e1e5d5fb6e189d9759be99b4", "MacAddress": "02:42:ac:21:00:15", "IPv4Address": "172.33.0.21/16", "IPv6Address": "" }, "6afd3deb6f965a4aa455dbe58a92f36f5fbaae481a68feeefbf6f9e3ae5d100c": { "Name": "DAppNodePackage-cadvisor.dappnode-exporter.dnp.dappnode.eth", "EndpointID": "62fad4a53b98a8efe761cb63076e190aa189158f3f1a52b1fa01e24c77d33fae", "MacAddress": "02:42:ac:21:00:05", "IPv4Address": "172.33.0.5/16", "IPv6Address": "" }, "88a9d7c8a3c9b50fcb65c30ba7a3f02765284dc7b13b59f8299ef5ea0af05048": { "Name": "DAppNodePackage-erigon.holesky-erigon.dnp.dappnode.eth", "EndpointID": "c6a87ed0b22ee142e7698b91b5d2308f96e6b6b548c291ed627f392e4735f950", "MacAddress": "02:42:ac:21:00:18", "IPv4Address": "172.33.0.24/16", "IPv6Address": "" }, "8c6590fbc8e0a84b154bdbe08c6863a7f7b70de34ab794cdb71d3dbc83775d92": { "Name": "DAppNodePackage-charon-validator-1.holesky-obol.dnp.dappnode.eth", "EndpointID": "4b6a6176e01507fb3adf5fc744887203f0aff0f39f74c20650e3aff8aad14712", "MacAddress": "02:42:ac:21:00:11", "IPv4Address": "172.33.0.17/16", "IPv6Address": "" }, "8ddc9a66756443c4baa1332e9843d2cf28b171d0bdae5aeb1716c745d82dccd7": { "Name": "DAppNodePackage-manager.dms.dnp.dappnode.eth", "EndpointID": "b3200f1e3977465f50c5a39a27ad3a8b56079f299c57a2df31b5ad359dfdbc73", "MacAddress": "02:42:ac:21:00:0b", "IPv4Address": "172.33.0.11/16", "IPv6Address": "" }, "9bd88f59c485f75c77b5a43ff4a65e1e77d17ca743c7aec06b572620d6681d19": { "Name": "DAppNodePackage-grafana.dms.dnp.dappnode.eth", "EndpointID": "38b694f57d7df077079d142716eade1de4b4564f653008e58c8cc4ab2ff7c9a9", "MacAddress": "02:42:ac:21:00:0f", "IPv4Address": "172.33.0.15/16", "IPv6Address": "" }, "a08ea7afa8096a5f345d4e7d657eb7fe79173ad0ad856f0e75c03a53f02c4066": { "Name": "DAppNodePackage-prometheus.dms.dnp.dappnode.eth", "EndpointID": "da9f7a6145f868d21119b3056a9451a5c4ddc52eeb0d55b74e9b52dc726679fa", "MacAddress": "02:42:ac:21:00:16", "IPv4Address": "172.33.0.22/16", "IPv6Address": "" }, "a155c8ad0bdd75aa37be5a10d127c9c5da083c7f5542e5adaa69fccb0838fc55": { "Name": "DAppNodePackage-api-ui.ethical-metrics.dnp.dappnode.eth", "EndpointID": "cdaee4efe16aef4757f111b23f93485f5bcbfea059838f7629a0e50440c7015f", "MacAddress": "02:42:ac:21:00:12", "IPv4Address": "172.33.0.18/16", "IPv6Address": "" }, "a3b88189ac07cb64955a8ecc3a73f683f869a354dfcf0fd729e4844acdbbfcd2": { "Name": "DAppNodeCore-dappmanager.dnp.dappnode.eth", "EndpointID": "a45a8104dab8a6874d2d5539a036512dc2e9379d5410461f35b7d2f85238bec3", "MacAddress": "02:42:ac:21:01:07", "IPv4Address": "172.33.1.7/16", "IPv6Address": "" }, "a7887f8464e5164f21b5778d14dc2889f9e587bf497a1bfd7d096b3a82d3b54e": { "Name": "DAppNodePackage-beacon-chain.lighthouse.dnp.dappnode.eth", "EndpointID": "f597cc8fcb1031e00c0199790a55d4812c6d76d509bcf66a5a06a5c65f5f1fc8", "MacAddress": "02:42:ac:21:00:02", "IPv4Address": "172.33.0.2/16", "IPv6Address": "" }, "a99aa3786ca88bccf6a0596350e533667f90b0c136d76b5d9bb9fd2ef9caa5d1": { "Name": "DAppNodePackage-beacon-chain.lighthouse-holesky.dnp.dappnode.eth", "EndpointID": "b14aee3d9547439d731cbfa25066f739fa8259dcda42355c515d77f309b3c78b", "MacAddress": "02:42:ac:21:00:0a", "IPv4Address": "172.33.0.10/16", "IPv6Address": "" }, "db6b63667224b3813cdf1574d48c5c63c2cb842c8f70486932b297f19a5b962d": { "Name": "DAppNodePackage-validator.lighthouse-holesky.dnp.dappnode.eth", "EndpointID": "3fa7efd86ff90e0013d85dc0fd1b9522a5a5ecb83fd7e254749317c28e3cbfaa", "MacAddress": "02:42:ac:21:00:14", "IPv4Address": "172.33.0.20/16", "IPv6Address": "" }, "dfb91f9351dedc23e7611c05c0b6f22ae8b3796dc0a6ad570b33d2f695bd56d3": { "Name": "DAppNodePackage-postgres.web3signer-holesky.dnp.dappnode.eth", "EndpointID": "0a9e2e2aea8026c5387a2902f6790fd48003b987a5ff8a1fe0118ec6c0feecd6", "MacAddress": "02:42:ac:21:00:09", "IPv4Address": "172.33.0.9/16", "IPv6Address": "" }, "eedf3b44a495cdb472cc5037f04dda4407b17c4c81fb5086f2d18947ff6eba1e": { "Name": "DAppNodePackage-loki.dms.dnp.dappnode.eth", "EndpointID": "084f6a7da75b23b3b93572174b6689b36db9b00125f76060a59d93bf9c440933", "MacAddress": "02:42:ac:21:00:08", "IPv4Address": "172.33.0.8/16", "IPv6Address": "" }, "f167e8258818f3b1f528f623d5abae7483b448139a9bf27c04213d434fc15daf": { "Name": "DAppNodePackage-web3signer.web3signer-holesky.dnp.dappnode.eth", "EndpointID": "1fbbcd99459132399a52d1e05ba14cbb5c411d3d5a77cc813bff5739e3e9e607", "MacAddress": "02:42:ac:21:00:19", "IPv4Address": "172.33.0.25/16", "IPv6Address": "" }, "f3340a2589e636964e55a17546e70b3fca34df5591a8d64478aeacc26ff5700f": { "Name": "DAppNodeCore-bind.dnp.dappnode.eth", "EndpointID": "94f1f8301aafd6f3ad8f398fa048ec73160ea710414e69e62bf72e27c69a681b", "MacAddress": "02:42:ac:21:01:02", "IPv4Address": "172.33.1.2/16", "IPv6Address": "" }, "f555422dd4e22f53e41971f6fb799ceeb40587e2608ffde1f4a03aa4b162291a": { "Name": "DAppNodePackage-tor-hidden-service.ethical-metrics.dnp.dappnode.eth", "EndpointID": "fabcf1029ac9a6728758a2ff309eea1af67e04c02c32ce6dc9cfb1ff810403dd", "MacAddress": "02:42:ac:21:00:17", "IPv4Address": "172.33.0.23/16", "IPv6Address": "" }, "fa0c53b48144c58afe51528bca358a6af39df89b4464c2b616cf73050dfce7cb": { "Name": "DAppNodeCore-https.dnp.dappnode.eth", "EndpointID": "0772f36dd2f2c890e38449cb0752e1d8a107b6fcb5fac2c7b4b969488382408d", "MacAddress": "02:42:ac:21:00:0c", "IPv4Address": "172.33.0.12/16", "IPv6Address": "" }, "fade0b509bdadf010915aea58d3b90deb8474c2de5838ed638d81071496f49e1": { "Name": "DAppNodeCore-wireguard.wireguard.dnp.dappnode.eth", "EndpointID": "33e8f0e7ee4ac82050795e55e6dae3434c2367e493976188f245c2d6d28cb197", "MacAddress": "02:42:ac:21:00:0e", "IPv4Address": "172.33.0.14/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]
Describe the bug
Accessing the UI via the local proxy (i.e.
dappnode.local) returns a403 Forbiddenerror.It appears that the hardcoded allowed IP ranges don't include the
172.33/16network. Possibly related issues: https://github.com/dappnode/DNP_DAPPMANAGER/issues/951 and https://github.com/dappnode/DNP_HTTPS/pull/61To Reproduce
Unsure, after initial install local access worked but after about a week and a couple of reboots this behaviour started happening.
Expected behavior
Local access to work
DAppNode version:
Core DAppNode Packages versions bind.dnp.dappnode.eth: 0.2.11 core.dnp.dappnode.eth: 0.2.90 dappmanager.dnp.dappnode.eth: 0.2.84, commit: 657ee5f4 https.dnp.dappnode.eth: 0.2.1 ipfs.dnp.dappnode.eth: 0.2.22 wifi.dnp.dappnode.eth: 0.2.9 wireguard.dnp.dappnode.eth: 0.1.3
System info dockerComposeVersion: 2.21.0 dockerServerVersion: 20.10.24+dfsg1 dockerCliVersion: 20.10.24+dfsg1 os: debian versionCodename: bookworm architecture: amd64 kernel: 6.1.0-15-amd64
Additional context
Some probably relevant context:
docker exec DAppNodeCore-https.dnp.dappnode.eth ip addr: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:21:00:0c brd ff:ff:ff:ff:ff:ff inet 172.33.0.12/16 brd 172.33.255.255 scope global eth0 valid_lft forever preferred_lft foreverdocker exec DAppNodeCore-https.dnp.dappnode.eth cat /var/log/nginx/error.log:docker exec DAppNodeCore-https.dnp.dappnode.eth cat /etc/nginx/conf.d/localproxy.conf:docker network inspect dncore_network: