403 forbidden when using seafile-cli

shorca · May 31, 2024, 10:54pm

Hi,

I’m trying to use seafile client on a headless linux server. So far I tried docker seafile client, and seaf-cli, but I get the same error traceback

Traceback (most recent call last):
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 1039, in <module>
    main()
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 1035, in main
    args.func(args)
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 551, in seaf_download
    token = get_token(url, username, password, tfa, conf_dir)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 313, in get_token
    token_json = urlopen("%s/api2/auth-token/" % url, data=data, headers=headers)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 246, in urlopen
    resp = urllib.request.urlopen(req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 525, in open
    response = meth(req, response)
               ^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 634, in http_response
    response = self.parent.error(
               ^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 563, in error
    return self._call_chain(*args)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 496, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 643, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: Forbidden

I think this error is quite the same as Seafile-cli on raspbian can't connect to server (HTTP error 403: Forbidden) , and Docker client to sync files with containers - #18 by wawefr
But nobody is even responding to these two posts.

I would appreciate any pointers as to how to get more specific error messages. Thanks!

PS I don’t think this is a CSRF issue since the web UI, macOS desktop client, mobile client all works fine.

BTW I’m using Seafile Pro v10

shorca · June 1, 2024, 7:06pm

I just found a work around, if the client machine and server are in one LAN, I can use http://lan-address:port and then it all works.

So this issue maybe related to reverse proxy. I’m using Traefik v3.

seafile624 · June 12, 2024, 10:56pm

Same for me. Except on macOS I get at “handshake failed” error when trying with my Domain (using local IP works). Also using Traefik.

seafile624 · June 13, 2024, 7:59am

My best guess is, that it has to do with TLS 1.3 not being supported (see the multitude of topics where this is being discussed), since that seems to be the explanation for my Mac issues. Just guessing, though. Would love to hear from the developers on how to debug this.

thmsdelange · August 5, 2024, 6:47pm

I experienced this same behavior for more than a year now and I keep trying to debug and solve the problem. However I always fail miserably while I really want to be able to use seafile-cli behind my reverse proxy (caddy v2).

Is there any update on this? Things we could try?

shorca · August 6, 2024, 8:16pm

Unfortunately, there is no updates. I don’t need to access it from remote, but if I do, I would use Tailscale. Maybe you can try it?

thmsdelange · August 11, 2024, 4:50pm

For several reasons I do not want to use tailscale in my home server setup. The seafile-cli functionality should not rely on other services, it should just work on its own.

22rw · March 13, 2026, 7:57pm

Kinda replying to a dead thread here, but I just wanted to quickly share my solution in case anyone else has a similar setup.
shorca’s reply pointed me in the right direction, the problem on my side was apparently the
cloudflare tunnel I use to reach my seafile instance from the internet. The solution:

I just added the domain with a reverse proxy entry directly to my caddy config on my homeserver, and then adjusted my /etc/hosts file to resolve my seafile domain to the ip of my homeserver in the lan.
So now from this specific device, the domain no longer resolves to cloudflare’s ip but to the lan ip of the homeserver, where caddy can just receive the request and proxy it to the same application that the cloudflare tunnel is also pointing to.

Downloading or syncing libraries with seaf-cli works flawlessly now! :‌D