403 error from Folding@Home Swag reverse proxy

trolley · 20 October 2021 00:21

I’ve set up Swag with subdomain reverse proxy configs for all my containers, and all but one are working fine. The one I’m having a problem with is the Folding@Home container. It runs a web UI on port 7396 which I can access fine by IP:PORT, but it fails with a 403 error when I try the reverse proxy config with Swag.

I create the Folding@Home container with:

  foldingathome:
    container_name: foldingathome
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ=${TZ}
      - NVIDIA_VISIBLE_DEVICES=all
    image: lscr.io/linuxserver/foldingathome
    ports:
      - 7396:7396
      - 36330:36330 #optional
    restart: unless-stopped
    runtime: nvidia
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKERCONFDIR}/foldingathome:/config

My reverse proxy config:

## Version 2021/05/18
# make sure that your dns has a cname set for foldingathome

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name foldingathome.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        proxy_buffering off;
        include /config/nginx/resolver.conf;
        set $upstream_app foldingathome;
        set $upstream_port 7396;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

When I try to visit https://foldingathome.domain.example I get a 403 error. When I visit by IP:PORT everything works fine.

I’m not sure where to start since it’s an anomaly compared to the others. The only thing that jumps out to me as different is that I’m using the Nvidia runtime so Folding@Home can use the GPU. Here’s the result of CURL from the Swag container:

root@swag:/# curl -v http://foldingathome:7396
*   Trying 172.18.0.18:7396...
* Connected to foldingathome (172.18.0.18) port 7396 (#0)
> GET / HTTP/1.1
> Host: foldingathome:7396
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 HTTP_FORBIDDEN
< Cache-Control: no-cache
< Connection: close
< Date: Wed, 20 Oct 2021 00:20:53
< 
* Closing connection 0

driz · 20 October 2021 00:56

Are they in the same docker network? you have no network statement in the compose snip for folding, so they would need to be in the same compose (generally), are they?

disregard, somehow i missed your curl example image at the bottom, i will assume they are as you can resolve it properly.

tail -f <path to swag>/log/nginx/access.log <path to swag>/log/nginx/error.log
then access the fqdn you use and share the logs with us (unless you notice the issue yourself and fix it)

trolley · 20 October 2021 01:29

I should have mentioned that. I get no errors in that log.

aptalca · 20 October 2021 01:41

Try in incognito. F@h’s gui is weird where it sometimes results in ERR_EMPTY_RESPONSE. Not sure if the 403 is related but worth a try. If that doesn’t work, do what driz told you and check the nginx logs

trolley · 20 October 2021 01:49

Thanks for the suggestion, but no difference. Still nothing in the nginx error log or access log that provide anything useful at all. The CURL log from my original post and a 403 error page in Chrome are the only hints I have. In Firefox and Safari I don’t even get that; just a white page. I have to use the Network web inspector tool in Firefox to see that 403 was returned.