403 forbidden when using seafile-cli

Hi,

I’m trying to use seafile client on a headless linux server. So far I tried docker seafile client, and seaf-cli, but I get the same error traceback

Traceback (most recent call last):
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 1039, in <module>
    main()
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 1035, in main
    args.func(args)
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 551, in seaf_download
    token = get_token(url, username, password, tfa, conf_dir)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 313, in get_token
    token_json = urlopen("%s/api2/auth-token/" % url, data=data, headers=headers)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/2yxfmbpjjwn91j39g4vrc2viphbpbnnb-seafile-shared-9.0.6/bin/.seaf-cli-wrapped", line 246, in urlopen
    resp = urllib.request.urlopen(req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 525, in open
    response = meth(req, response)
               ^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 634, in http_response
    response = self.parent.error(
               ^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 563, in error
    return self._call_chain(*args)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 496, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "/nix/store/7hnr99nxrd2aw6lghybqdmkckq60j6l9-python3-3.11.9/lib/python3.11/urllib/request.py", line 643, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: Forbidden

I think this error is quite the same as Seafile-cli on raspbian can't connect to server (HTTP error 403: Forbidden) , and Docker client to sync files with containers - #18 by wawefr
But nobody is even responding to these two posts.

I would appreciate any pointers as to how to get more specific error messages. Thanks!

PS I don’t think this is a CSRF issue since the web UI, macOS desktop client, mobile client all works fine.

BTW I’m using Seafile Pro v10

I just found a work around, if the client machine and server are in one LAN, I can use http://lan-address:port and then it all works.

So this issue maybe related to reverse proxy. I’m using Traefik v3.

Same for me. Except on macOS I get at “handshake failed” error when trying with my Domain (using local IP works). Also using Traefik.

My best guess is, that it has to do with TLS 1.3 not being supported (see the multitude of topics where this is being discussed), since that seems to be the explanation for my Mac issues. Just guessing, though. Would love to hear from the developers on how to debug this.

I experienced this same behavior for more than a year now and I keep trying to debug and solve the problem. However I always fail miserably while I really want to be able to use seafile-cli behind my reverse proxy (caddy v2).

Is there any update on this? Things we could try?

Unfortunately, there is no updates. I don’t need to access it from remote, but if I do, I would use Tailscale. Maybe you can try it?

For several reasons I do not want to use tailscale in my home server setup. The seafile-cli functionality should not rely on other services, it should just work on its own.