github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #418] Unable to download plugin github.com/fosrl/badger: error: 403 #6235

New Issue
Closed
opened 2026-04-25 15:04:58 -05:00 by GiteaMirror · 4 comments
GiteaMirror commented 2026-04-25 15:04:58 -05:00
Owner
Copy Link

Originally created by @emmdel on GitHub (Mar 28, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/418

Hi !

I installed Pangolin 1.1.0 on a brand new Debian 12 VPS as a docker compose stack, without Crowdsec.

The UI is working well, but I have a 404 when trying to access any created resources.

The Traefik log show this :

traefik   | 2025-03-28T10:12:30Z INF Loading plugins... plugins=["badger"]
traefik   | 2025-03-28T10:12:30Z ERR Plugins are disabled because an error has occurred. error="unable to set up plugins environment: unable to download plugin github.com/fosrl/badger: error: 403: <!DOCTYPE html><html lang=\"en-US\"><head><title>Just a moment...</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"><meta name=\"robots\" content=\"noindex,nofollow\"><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\">
[...]
IIYkZA6bwI-1743156750-1.0.1.1-kvzmEjckT4wWeKnE241i74c4xU2pdYpnprTq.R3APX8\" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>" plugins=["badger"]
traefik   | 2025-03-28T10:12:30Z INF Starting provider aggregator *aggregator.ProviderAggregator
traefik   | 2025-03-28T10:12:30Z INF Starting provider *file.Provider
traefik   | 2025-03-28T10:12:30Z INF Starting provider *traefik.Provider
traefik   | 2025-03-28T10:12:30Z INF Starting provider *http.Provider
traefik   | 2025-03-28T10:12:30Z INF Starting provider *acme.ChallengeTLSALPN
traefik   | 2025-03-28T10:12:30Z INF Starting provider *acme.Provider
traefik   | 2025-03-28T10:12:30Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
traefik   | 2025-03-28T10:12:30Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=1-router@http

Looks like I hit a remote WAF or something similar ? There is no firewall enabled.

I can curl github.com/fosrl/badger from the same machine.

Did anyone experienced this ?

Originally created by @emmdel on GitHub (Mar 28, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/418 Hi ! I installed Pangolin 1.1.0 on a brand new Debian 12 VPS as a docker compose stack, without Crowdsec. The UI is working well, but I have a 404 when trying to access any created resources. The Traefik log show this : ``` traefik | 2025-03-28T10:12:30Z INF Loading plugins... plugins=["badger"] traefik | 2025-03-28T10:12:30Z ERR Plugins are disabled because an error has occurred. error="unable to set up plugins environment: unable to download plugin github.com/fosrl/badger: error: 403: <!DOCTYPE html><html lang=\"en-US\"><head><title>Just a moment...</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"><meta name=\"robots\" content=\"noindex,nofollow\"><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"> [...] IIYkZA6bwI-1743156750-1.0.1.1-kvzmEjckT4wWeKnE241i74c4xU2pdYpnprTq.R3APX8\" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>" plugins=["badger"] traefik | 2025-03-28T10:12:30Z INF Starting provider aggregator *aggregator.ProviderAggregator traefik | 2025-03-28T10:12:30Z INF Starting provider *file.Provider traefik | 2025-03-28T10:12:30Z INF Starting provider *traefik.Provider traefik | 2025-03-28T10:12:30Z INF Starting provider *http.Provider traefik | 2025-03-28T10:12:30Z INF Starting provider *acme.ChallengeTLSALPN traefik | 2025-03-28T10:12:30Z INF Starting provider *acme.Provider traefik | 2025-03-28T10:12:30Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme traefik | 2025-03-28T10:12:30Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=1-router@http ``` Looks like I hit a remote WAF or something similar ? There is no firewall enabled. I can curl `github.com/fosrl/badger` from the same machine. Did anyone experienced this ?
GiteaMirror commented 2026-04-25 15:04:59 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Mar 28, 2025):

Does this happen consistently?

Are you able to curl from within the Traefik container itself? docker exec -it traefik sh will open a shell for you to try to curl.

<!-- gh-comment-id:2762232518 --> @miloschwartz commented on GitHub (Mar 28, 2025): Does this happen consistently? Are you able to curl from within the Traefik container itself? `docker exec -it traefik sh` will open a shell for you to try to curl.
GiteaMirror commented 2026-04-25 15:04:59 -05:00
Author
Owner
Copy Link

@emmdel commented on GitHub (Mar 29, 2025):

It happens consistently yes, thanks for your help.

Running curl from the traefik container works well :

# docker compose exec -it traefik sh -c "apk add curl && curl -i https://github.com/fosrl/badger"
OK: 12 MiB in 26 packages
HTTP/2 200 
date: Sat, 29 Mar 2025 19:29:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
etag: W/"4a903aedc5267c179ceb17738ba9f601"
[...]

When formatting the HTML returned in the error, got this string :

<span id=\"challenge-error-text\">Enable JavaScript and cookies to continue</span>

So a captcha challenge is returned to Traefik instead of the plugin.

Can't understand if the IP of my brand new VPS is dirty, or if it's something else.

<!-- gh-comment-id:2764217794 --> @emmdel commented on GitHub (Mar 29, 2025): It happens consistently yes, thanks for your help. Running curl from the traefik container works well : ``` # docker compose exec -it traefik sh -c "apk add curl && curl -i https://github.com/fosrl/badger" OK: 12 MiB in 26 packages HTTP/2 200 date: Sat, 29 Mar 2025 19:29:32 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With etag: W/"4a903aedc5267c179ceb17738ba9f601" [...] ``` When formatting the HTML returned in the error, got this string : ``` <span id=\"challenge-error-text\">Enable JavaScript and cookies to continue</span> ``` So a captcha challenge is returned to Traefik instead of the plugin. Can't understand if the IP of my brand new VPS is _dirty_, or if it's something else.
GiteaMirror commented 2026-04-25 15:04:59 -05:00
Author
Owner
Copy Link

@aszurnasirpal commented on GitHub (Mar 29, 2025):

I can report the same issue

Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/

2025-03-29T12:47:04Z INF Loading plugins... plugins=["badger"]
2025-03-29T12:47:14Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0
2025-03-29T12:47:25Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0
2025-03-29T12:47:37Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0
2025-03-29T12:47:51Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0
2025-03-29T12:47:51Z ERR Plugins are disabled because an error has occurred. error="unable to set up plugins environment: unable to download plugin github.com/fosrl/badger: failed to call service: Get \"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0\": GET https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 giving up after 4 attempt(s): Get \"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" plugins=["badger"]
2025-03-29T12:47:51Z INF Starting provider aggregator *aggregator.ProviderAggregator
2025-03-29T12:47:51Z INF Starting provider *file.Provider
2025-03-29T12:47:51Z INF Starting provider *traefik.Provider
2025-03-29T12:47:51Z INF Starting provider *http.Provider
2025-03-29T12:47:51Z INF Starting provider *acme.ChallengeTLSALPN
2025-03-29T12:47:51Z INF Starting provider *acme.Provider
2025-03-29T12:47:51Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=7-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=5-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=3-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=1-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=9-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=2-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=6-router@http
2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=4-router@http
2025-03-29T12:48:32Z ERR Provider error, retrying in 338.470508ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http
2025-03-29T12:48:32Z ERR Provider error, retrying in 560.606557ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http
2025-03-29T12:48:33Z ERR Provider error, retrying in 1.402771679s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http
2025-03-29T12:48:34Z ERR Provider error, retrying in 1.873519093s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: read udp 127.0.0.1:41671->127.0.0.11:53: read: connection refused" providerName=http
2025-03-29T12:48:36Z INF I have to go...
2025-03-29T12:48:36Z INF Stopping server gracefully

However, after restarting docker a couple of times, my 404 error disappeared, and everything returned to normal.

<!-- gh-comment-id:2764246353 --> @aszurnasirpal commented on GitHub (Mar 29, 2025): I can report the same issue ```shell Stats collection is disabled. Help us improve Traefik by turning this feature on :) More details on: https://doc.traefik.io/traefik/contributing/data-collection/ 2025-03-29T12:47:04Z INF Loading plugins... plugins=["badger"] 2025-03-29T12:47:14Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 2025-03-29T12:47:25Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 2025-03-29T12:47:37Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 2025-03-29T12:47:51Z ERR Request failed error={"Err":{},"Op":"Get","URL":"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0"} method=GET url=https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 2025-03-29T12:47:51Z ERR Plugins are disabled because an error has occurred. error="unable to set up plugins environment: unable to download plugin github.com/fosrl/badger: failed to call service: Get \"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0\": GET https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0 giving up after 4 attempt(s): Get \"https://plugins.traefik.io/public/download/github.com/fosrl/badger/v1.0.0\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" plugins=["badger"] 2025-03-29T12:47:51Z INF Starting provider aggregator *aggregator.ProviderAggregator 2025-03-29T12:47:51Z INF Starting provider *file.Provider 2025-03-29T12:47:51Z INF Starting provider *traefik.Provider 2025-03-29T12:47:51Z INF Starting provider *http.Provider 2025-03-29T12:47:51Z INF Starting provider *acme.ChallengeTLSALPN 2025-03-29T12:47:51Z INF Starting provider *acme.Provider 2025-03-29T12:47:51Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=7-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=5-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=3-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=1-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=9-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=2-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=6-router@http 2025-03-29T12:47:53Z ERR error="invalid middleware \"badger@http\" configuration: invalid middleware type or middleware does not exist" entryPointName=websecure routerName=4-router@http 2025-03-29T12:48:32Z ERR Provider error, retrying in 338.470508ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http 2025-03-29T12:48:32Z ERR Provider error, retrying in 560.606557ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http 2025-03-29T12:48:33Z ERR Provider error, retrying in 1.402771679s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: server misbehaving" providerName=http 2025-03-29T12:48:34Z ERR Provider error, retrying in 1.873519093s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp: lookup pangolin on 127.0.0.11:53: read udp 127.0.0.1:41671->127.0.0.11:53: read: connection refused" providerName=http 2025-03-29T12:48:36Z INF I have to go... 2025-03-29T12:48:36Z INF Stopping server gracefully ``` However, after restarting docker a couple of times, my 404 error disappeared, and everything returned to normal.
GiteaMirror commented 2026-04-25 15:05:00 -05:00
Author
Owner
Copy Link

@emmdel commented on GitHub (Mar 31, 2025):

So I deleted the VPS and recreated another one (with another public IP), this time with no problems.

traefik  | 2025-03-31T19:57:19Z INF Loading plugins... plugins=["badger"]
traefik  | 2025-03-31T19:57:19Z INF Plugins loaded. plugins=["badger"]

When searching references about this kind of problems, I learned that entire IP blocks are blacklisted by Cloudflare and similar, and by sysops tired of crappy trafic from cheap VPS providers.

<!-- gh-comment-id:2767302881 --> @emmdel commented on GitHub (Mar 31, 2025): So I deleted the VPS and recreated another one (with another public IP), this time with no problems. ``` traefik | 2025-03-31T19:57:19Z INF Loading plugins... plugins=["badger"] traefik | 2025-03-31T19:57:19Z INF Plugins loaded. plugins=["badger"] ``` When searching references about this kind of problems, I learned that entire IP blocks are blacklisted by Cloudflare and similar, and by sysops tired of crappy trafic from cheap VPS providers.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#6235
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?