getting 403 error about bunkerweb HOT 11 CLOSED

@TheKangaroo : you can find a nextcloud example using the last 1.1.0 version here

from bunkerweb.

The upstream directive must be set at http context. You need to have two separate files.

http-config/upstream.conf :

upstream proxy {
    server blue:3000;
    server green:3000;
}

server-config/proxy.conf :

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location / {
    proxy_pass http://proxy;
}

Then you need to mount the http-config folder to /http-confs and server-config folder to /server-confs :

...
    volumes:
      - ./http-config:/http-confs
      - ./server-config:/server-confs
...

from bunkerweb.

Hello @TheKangaroo, it might be fail2ban and/or ModSecurity. You can check fail2ban.log and modsec_audit.log inside the /var/log folder of the container. We will add more logging in the next version, thanks for your feedback.

from bunkerweb.

Thank you @bunkerity for pointing this out. You just saved me some hours of configuring my server 😍

from bunkerweb.

@bunkerity Thank you! It works. :)

I found another issue.

HTTPS works and nginx runs well, 403 forbidden error occurs.
My project is cloned by the example template of examples/reverse_proxy.

So I cloned the project without code editing and ran it, also got same error.

from bunkerweb.

Can you attach the full logs given by docker-compose logs please ? Don't forget to remove your IP address.

from bunkerweb.

Here are my nginx logs.

nginx_1  | ==> /var/log/error.log <==
nginx_1  | 2020/10/24 03:40:30 [error] 991#0: *62 access forbidden by rule, client: 175.193.247.207, server: temp.billionrecipe.com, request: "GET / HTTP/2.0", host: "temp.billionrecipe.com"
nginx_1  | 
nginx_1  | ==> /var/log/access.log <==
nginx_1  | 175.193.247.207 - - [24/Oct/2020:03:40:32 +0000] "GET /favicon.ico HTTP/2.0" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36"
nginx_1  |
nginx_1  | ==> /var/log/error.log <==
nginx_1  | 2020/10/24 03:40:32 [error] 991#0: *62 access forbidden by rule, client: 175.193.247.207, server: temp.billionrecipe.com, request: "GET /favicon.ico HTTP/2.0", host: "temp.billionrecipe.com

And I try several times with http-confs, server-confs with upstream, nginx doesn't find the block.
Here is error below.

nginx: [emerg] host not found in upstream "proxy" in /server-confs/proxy.conf:5

from bunkerweb.

You can find a load balancer example here. Hope it will help you.

Regarding the 403 error, it looks like you are in a blacklist. You can try setting the following environment variables :

...
    environment:
      ...
      - BLOCK_USER_AGENT=no
      - BLOCK_TOR_EXIT_NODE=no
      - BLOCK_PROXIES=no
      - BLOCK_ABUSERS=no
      ...
...

from bunkerweb.

I try to configure nextcloud behind bunkerized-nginx. Great project btw 🎉 :)
After some klicks in the nextcloud GUI I get the same 403 forbidden. I'm pretty sure this is due to fail2ban.
I wonder, how i can crank up the log level from all components shipped in the container or how I can debug things inside the container.
I see barely other logs than nginx on stdout.

from bunkerweb.

I tried the load balancer example, and it seems to be working fine. (i didn't set the BLOCK_*** options)
But looks weird because I think there is no difference in the setup of the two projects..

Anyway, It works good. Thank you @bunkerity! I like this project. AWESOME :)

from bunkerweb.

Good news @peterkimzz ! There is still some logging issues with the current 1.0.0 version. I advise you to use the next version that will contain a fix (when it will be released). Do not hesitate to open a new issue if needed.

from bunkerweb.