Cannot load Manager UI HTTP ERROR 403

Hello,

Actually I have been trying to install the open Remote on the local machine and followed all the steps mentioned in the Github page, but unforetunately it hasn’t launched. I have tried typing (https://localhost) on four different browsers (Chrome, Edge, Opera, Firefox), but non of them would launch the OpenRemote app. I keep get the following message:

(Access to localhost was denied
You don’t have authorisation to view this page.
HTTP ERROR 403)

Also I have followed the suggestions mentioned in this link:

but the three alternative suggestions didn’t work.

I use:

  • OS: Windows 10
  • The version of Docker: Docker Desktop 3.3.3 (64133)

I wonder if anyone would recommend another solution please.

Thanks

Have you disabled the firewall or add a rule to allow 80/443 traffic? I’m not Windows user, so I’m just guessing.

Yes I have disabled the firewall, but I haven’t tried to add a rule to allow the 80/443 traffic. I think I should give it a try, and I will let you know about the result. Thanks for your suggestion

Hi michal, I have just already added a rule to allow 80/443 traffic, and also disabled the firewall of the third party antivirus, and restarted everything, but unforetunately the same message still appear that says:

(Access to localhost was denied
You don’t have authorisation to view this page.
HTTP ERROR 403)

can you run ‘docker ps -a’ and copy output here? Also an output of ‘curl localhost’.

Yes I have done both commands but couldn’t upload the screenshot, so I will paste it below:

C:\OpenRemote_Project>docker ps -a
CONTAINER ID   IMAGE                            COMMAND                  CREATED          STATUS                      PORTS                                                                                                                 NAMES
da5c5ce03c43   openremote/proxy:2.1.2.2         "/entrypoint.sh run"     19 minutes ago   Up 19 minutes (healthy)     0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8883->8883/tcp, :::8883->8883/tcp   openremote_proxy_1
ff061f294fc5   openremote/manager:latest        "/init /bin/sh -c 'j…"   19 minutes ago   Up 19 minutes (healthy)     8080/tcp                                                                                                              openremote_manager_1
a917436d0cc2   openremote/keycloak:12.0.1.1     "/opt/jboss/tools/do…"   20 minutes ago   Up 20 minutes (healthy)     8080/tcp                                                                                                              openremote_keycloak_1
bdfdb05b2ea0   openremote/postgresql:9.6.21.0   "docker-entrypoint.s…"   20 minutes ago   Up 20 minutes (healthy)     5432/tcp                                                                                                              openremote_postgresql_1
b94913aea91c   docker101tutorial                "/docker-entrypoint.…"   25 hours ago     Exited (255) 24 hours ago   0.0.0.0:80->80/tcp, :::80->80/tcp                                                                                     docker-tutorial
38d5e0d30b41   alpine/git                       "git clone https://g…"   25 hours ago     Exited (0) 25 hours ago                                                                                                                           repo
C:\OpenRemote_Project>curl localhost

C:\OpenRemote_Project>curl localhost:80

C:\OpenRemote_Project>curl localhost:443
curl: (52) Empty reply from server

C:\OpenRemote_Project>

Everything seems to be running OK, but I see that you are using dual stack, and this is in fact a grey area, especially on Windows, as I never tested it there. Can you run curl with forcing ipv4 stack? E.g.

curl --insecure -I -L -4 localhost

then you should see something like this:

HTTP/1.1 302 Found
content-length: 0
location: https://localhost/
cache-control: no-cache

HTTP/1.1 302 Found
location: http://localhost/manager
content-length: 0
date: Fri, 21 May 2021 14:22:42 GMT

HTTP/1.1 302 Found
content-length: 0
location: https://localhost/manager
cache-control: no-cache

HTTP/1.1 302 Found
location: /manager/
content-type: text/html;charset=UTF-8
content-length: 64
date: Fri, 21 May 2021 14:22:42 GMT

HTTP/1.1 200 OK
expires: Sat, 22 May 2021 02:22:42 GMT
cache-control: public,max-age=43200,must-revalidate
pragma: 
accept-ranges: bytes
date: Fri, 21 May 2021 14:22:42 GMT
etag: W/"index.html-1620632114000"
last-modified: Mon, 10 May 2021 07:35:14 GMT
content-type: text/html
content-length: 2639

Thank you Michal, I used the suggested command but still have the same the problem, and got the following:

C:\OpenRemote_Project>curl --insecure -I -L -4 localhost
HTTP/1.1 302 Found
content-length: 0
location: https://localhost/
cache-control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 22 May 2021 02:24:35 GMT
Connection: close
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain; charset=utf-8
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Content-Length: 0


C:\OpenRemote_Project>

Actually I have letterally followed the steps mentioned in the this link, but I don’t know if there is any initial setup or pre-steps that should be considered before doing this as I’m new to those stuff:

https://github.com/openremote/openremote/blob/master/README.md

Appreciate any help that would help me to move to the next step please

This is quite interesting use case. You are getting 403 after first redirect on mixed-content response. This response is invalid as you can see from my example you should get another redirection to http://localhost/manager, but here I think is the problem. You see, the first redirection is HTTPS and the second is HTTP. Your forbidden response is probably caused by browser setting to not accept HTTP after seeing given URL to be HTTPS capable (many browsers do that). However, as you are using curl which is very strange as this is a stateless browser, perhaps this is Windows feature? Again, some Windows expert would be helpful here.

Anyway, you don’t really need all these redirections and you can call the final URL directly. This is https://localhost/manager/ therefore please try:

curl --insecure -I -L -4 https://localhost/manager/

And if it works you can try this URL in your browser.

Check you don’t have IIS running and not realising it.

Please don’t create multiple topics with the same issue, going to delete the other one.

ATB,

Rich

I put this command, and got the following:

C:\OpenRemote_Project>curl --insecure -I -L -4 https://localhost/manager/
HTTP/1.1 404 Not Found
Date: Sat, 22 May 2021 09:41:40 GMT
Connection: close
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain; charset=utf-8
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Content-Length: 0


C:\OpenRemote_Project>

And when trying to open the link (https://localhost/manager/), I got the following new message:

This localhost page can’t be found

No web page was found for the web address: https://localhost/manager

HTTP ERROR 404

This response is for sure not coming from our server as what you see there is an HSTS policy in the header which our server does not offer. Please check if you don’t have a different HTTP server running as Rich is suggesting. Also check if you get the same response on ipv6, i.e. run curl --insecure -I -L -6 https://localhost/manager/. To prove if you have another server you can bring the open remote stack down (docker-compose down) and repeat the curl calls.

netstat -ab find the binary that’s binding to 443 and 80…i would guess that it is IIS as I mentioned.

Hi Michal, I have brought the stack down and run the both commands, and got the following:

C:\OpenRemote_Project>docker-compose -p openremote down
Removing network openremote_default
WARNING: Network openremote_default not found.

C:\OpenRemote_Project>curl --insecure -I -L -4 https://localhost/manager/
HTTP/1.1 404 Not Found
Date: Sat, 22 May 2021 14:19:11 GMT
Connection: close
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain; charset=utf-8
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Content-Length: 0


C:\OpenRemote_Project>curl --insecure -I -L -6 https://localhost/manager/
HTTP/1.1 404 Not Found
Date: Sat, 22 May 2021 14:19:19 GMT
Connection: close
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain; charset=utf-8
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Content-Length: 0

Also, I have used (netstat - a) as @Rich suggested and got a long list but I think the first couple of rows will be the most relevant ones as I got the following:

C:\>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            ReaderTab:0            LISTENING
  TCP    0.0.0.0:443            ReaderTab:0            LISTENING
  TCP    0.0.0.0:445            ReaderTab:0            LISTENING
  TCP    0.0.0.0:903            ReaderTab:0            LISTENING
  TCP    0.0.0.0:913            ReaderTab:0            LISTENING
  TCP    0.0.0.0:5040           ReaderTab:0            LISTENING
  TCP    0.0.0.0:5357           ReaderTab:0            LISTENING
  TCP    0.0.0.0:6646           ReaderTab:0            LISTENING
  TCP    0.0.0.0:49664          ReaderTab:0            LISTENING
  TCP    0.0.0.0:49665          ReaderTab:0            LISTENING
  TCP    0.0.0.0:49666          ReaderTab:0            LISTENING
  TCP    0.0.0.0:49667          ReaderTab:0            LISTENING
  TCP    0.0.0.0:49668          ReaderTab:0            LISTENING
  TCP    0.0.0.0:49669          ReaderTab:0            LISTENING
  TCP    127.0.0.1:5939         ReaderTab:0            LISTENING
  TCP    127.0.0.1:8307         ReaderTab:0            LISTENING
  TCP    127.0.0.1:8888         ReaderTab:0            LISTENING
  TCP    127.0.0.1:8991         ReaderTab:0            LISTENING
  TCP    127.0.0.1:8992         ReaderTab:0            LISTENING
  TCP    127.0.0.1:56623        kubernetes:56624       ESTABLISHED
  TCP    127.0.0.1:56624        kubernetes:56623       ESTABLISHED
  TCP    127.0.0.1:56660        kubernetes:56661       ESTABLISHED
  TCP    127.0.0.1:56661        kubernetes:56660       ESTABLISHED

And I have tried the IP (0.0.0.0:443) in the broswer, and got the following error message:

This site can’t be reached

The web page at http://0.0.0.0:443/ might be temporarily down or it may have moved permanently to a new web address.

ERR_ADDRESS_INVALID

Sorry guys but I have a basic question, am I supposed to work on a server Windows, because I’m currently working on my simple PC (Surface Pro Labtop), and also am I required to do a full server installation or setup, or installing a server software on top of the steps mentioned in your get-started page?

Thank you for your cooperation and trying to solve this issue

I don’t see that the stack is indeed removed after docker-compose down. Only network is trying to be removed but not found. Is your docker installation healthy? Again what do you see when you run docker ps -a? There should be no containers running after docker-compose down.

netstat output shows that you are many open listening ports. Too many IMHO, one of them is 443 (HTTPS), end there are no 80 (HTTP) nor 8883 (MQTT). Therefore probably the OpenRemote stack wasn’t running anymore but some proces is still binding with 443 port. I’m afraid that this problem is beyond openremote, och wait — you have kubernetes running? Perhaps this guy is corrupting our stack? Can you shout it down? It is more that probable that it is hijacking the port. Note that kubernetes is declaration running system, so if you started it some time ago and haven’t sopped it properly it will recreate itself as a phoenix. It is very resilient, therefore find a way to shut down your local kubernetes cluster. Is it minikube or kind, or something similar?

netstat -ab is what I suggested…the b being important for returning the binary that holds the binding

Hi rich, I have tried what you suggested and I got the following:

C:\>netstat - ab

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-x] [-y] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -f            Displays Fully Qualified Domain Names (FQDN) for foreign
                addresses.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -q            Displays all connections, listening ports, and bound
                nonlistening TCP ports. Bound nonlistening ports may or may not
                be associated with an active connection.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -t            Displays the current connection offload state.
  -x            Displays NetworkDirect connections, listeners, and shared
                endpoints.
  -y            Displays the TCP connection template for all connections.
                Cannot be combined with the other options.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.


C:\>

Shouldn’t be a space just netstat -ab

Hi michal, I have used docker ps -a and I got the following:

C:\>docker ps -a
CONTAINER ID   IMAGE                            COMMAND                  CREATED          STATUS                    PORTS                                                                                                                 NAMES
abffa947748b   openremote/proxy:2.1.2.2         "/entrypoint.sh run"     7 minutes ago    Up 7 minutes (healthy)    0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8883->8883/tcp, :::8883->8883/tcp   openremote_proxy_1
102808c969d9   openremote/manager:latest        "/init /bin/sh -c 'j…"   8 minutes ago    Up 8 minutes (healthy)    8080/tcp                                                                                                              openremote_manager_1
c61eb4cf8461   openremote/keycloak:12.0.1.1     "/opt/jboss/tools/do…"   9 minutes ago    Up 9 minutes (healthy)    8080/tcp                                                                                                              openremote_keycloak_1
8da49c338248   openremote/postgresql:9.6.21.0   "docker-entrypoint.s…"   10 minutes ago   Up 10 minutes (healthy)   5432/tcp                                                                                                              openremote_postgresql_1
b94913aea91c   docker101tutorial                "/docker-entrypoint.…"   3 days ago       Exited (0) 2 days ago                                                                                                                           docker-tutorial
38d5e0d30b41   alpine/git                       "git clone https://g…"   3 days ago       Exited (128) 2 days ago                                                                                                                         repo

C:\>

Also I have done it again after brough down OpenRemote, and got the following:

C:\OpenRemote_Project>docker ps -a
CONTAINER ID   IMAGE               COMMAND                  CREATED      STATUS                    PORTS     NAMES
b94913aea91c   docker101tutorial   "/docker-entrypoint.…"   3 days ago   Exited (0) 2 days ago               docker-tutorial
38d5e0d30b41   alpine/git          "git clone https://g…"   3 days ago   Exited (128) 2 days ago             repo

C:\OpenRemote_Project>

What’smore, I have entered the command sfc /scannow command, and reset the network settings and ‘kubernetes’ hasn’t appeared anymore.

Actually the problem still not resolved.