bunkerweb icon indicating copy to clipboard operation
bunkerweb copied to clipboard

Published 20 hours ago verified publisher icon bunkerity

[BUG] bunkerweb-all-in-one gives 'Your Client Forbidden'

Open ScorpionKing34 opened this issue 8 months ago • 3 comments

First I did on computer with internet docker pull docker pull docker pull bunkerity/bunkerweb-ui:latest docker save -o bunkerweb-all-in-one.tar docker pull bunkerity/bunkerweb-ui:latest

On Windows Server 2022 I loaded the offline bunkerweb-all-in-one.tar docker load -i bunkerweb-all-in-one.tar

After generating Bunkerweb Config on 'http://localhost/' with command below I got 'Your Client Forbidden':

PS C:\Users\Administrator\Documents> docker run -d -v bw-storage:/data -p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp bunkerity/bunkerweb-all-in-one 29b4d7d6634aa67454a23aed62c51d686c21738d0f2c8c4fc72fe81a064f2bc1

Image

PS C:\Users\Administrator\Documents> docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 29b4d7d6634a bunkerity/bunkerweb-all-in-one "/docker-entrypoint.…" 20 hours ago Up 20 hours (healthy) 80/tcp, 7000/tcp, 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp, 0.0.0.0:443->8443/udp jolly_hellman

When viewing the logs I see the following: PS C:\Users\Administrator\Documents> docker logs 29b4d7d6634a

2025-03-18 10:11:57,200 CRIT could not write pidfile /var/run/supervisord.pid 2025-03-18 10:11:57,200 CRIT could not write pidfile /var/run/supervisord.pid

Docker Desktop WSL is enabled and linked to Debian container:

Image

PS C:\Users\Administrator\Documents> wsl --list --verbose NAME STATE VERSION

Debian Running 2
docker-desktop Running 2

PS C:\Users\Administrator\Documents> docker --version Docker version 27.5.1, build 9f9e405

Still I got 'Your Client Forbidden' after generating Bunkerweb Config on http://localhost/ in MS Edge and Firefox:

Image

Also Tried with --privileged option no luck.

By default, the container exposes:

8080/tcp for HTTP 8443/tcp for HTTPS 8443/udp for QUIC 7000/tcp for the web UI access without BunkerWeb in front

How can I make bunkerweb work with IIS 10? Also there is no documentation for Windows servers with IIS

Do to a large output, see https://privatebin.net/?9d882af8d9c59238#EPeE9Zo8N6rSHjiMd8FRvo8pkcs9muPPododbwRswmjB for more information.

You said: Checking your logs I can tell you that this is the intended behavior. You service has to be accessed from the domain you configured.

But how do I do that because the config generator comes first when loading the localhost, also for now it is a standalone sever: PS C:\Users\Administrator\Documents> hostname DVWA02-IIS

ScorpionKing34 avatar Mar 19 '25 12:03 ScorpionKing34

Tried with 'VIRTUAL_HOST=bunkerweb.local', 'DISABLE_HOST_CHECK=1' and 'BUNKERWEB_ALLOW_ALL=true' still I got 'Your Client Forbidden'

docker run -d -e VIRTUAL_HOST=bunkerweb.local -v bw-storage:/data -p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp bunkerity/bunkerweb-all-in-one

docker run -d -e DISABLE_HOST_CHECK=1 -v bw-storage:/data -p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp bunkerity/bunkerweb-all-in-one

docker run -d -e DISABLE_HOST_CHECK=1 -e BUNKERWEB_ALLOW_ALL=true -v bw-storage:/data -p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp bunkerity/bunkerweb-all-in-one

Edit C:\Windows\System32\drivers\etc\hosts: 192.168.3.40 bunkerweb.local

Added by Docker Desktop 192.168.3.40 host.docker.internal 192.168.3.40 gateway.docker.internal

ScorpionKing34 avatar Mar 19 '25 13:03 ScorpionKing34

Turns out there may be an issue indeed, I'll have a look and let you know.

TheophileDiot avatar Mar 20 '25 09:03 TheophileDiot

It looks like port 7000/tcp is mapped to a port on the host, when I do 'docker run -d -v bw-storage:/data -p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp -p 70:7000/tcp bunkerity/bunkerweb-all-in-one' I can access the setup through port 70:

Image

But there are also two other issues: issues 2: IP address '172.17.0.1' blocks sometimes Image

issues 3: The following service 'www.example.com' is enabled by default, cannot remove it do to the scheduler settings: Image

Image

Can you remove www.example.com as standard services.

ScorpionKing34 avatar Mar 20 '25 12:03 ScorpionKing34

I'm still receiving this error on latest image bunkerity/bunkerweb-all-in-one:1.6.2, despite having the docker gateway/network in a whilelist

      API_WHITELIST_IP: 127.0.0.0/8 10.20.30.0/24
      WHITELIST_IP: 10.20.30.0/24
Image

spwoodcock avatar Jul 11 '25 13:07 spwoodcock

@spwoodcock exactly same issue when trying with "k8s.mariadb.ui.ym" and 1.6.2

andreimiclea99 avatar Jul 11 '25 13:07 andreimiclea99

@andreimiclea99 I may have spoken too soon - perhaps a false positive - I can actually access my service now 😅 The problem was that I was trying to access index.html, when it didn't actually exact (misconfiguration in Svelte).

I fixed it now & think this is working as intended 👍 @andreimiclea99 double check the file you are trying to access actually exists (likely index.html if you are viewing the root of the page)

spwoodcock avatar Jul 11 '25 16:07 spwoodcock