403 Forbidden Nginx error when generating backup

When I click Get backup and wait a few minutes, the web page redirects to a 403 Forbidden page:

Interestingly, here’s the URL it went to:

http://[screenly IP address]/static_with_mime/Lobby%20Display-2023-01-05T13-21-04.tar.gz?mime=application/x-tgz)

Happening to both of my Pi 3’s, incase anybody else is experiencing this.

I just reinstalled anthias and clicked get backup and worked fine for me, downloads the file within 1 second.
Did you change anything in the server.py file? or any of the lib/utils files?
are all containers running? sudo docker ps

I haven’t changed anything, though is this my first time generating a backup after restoring Screenly from the old native instance to the a new docker install.

All containers are running:

This might have something to do with it, if nothing else has changed, and it works for everyone else who has recently installed anthias/ose, then it must be a problem only on your install/config/container.

I remember you were the one needing to edit the sqlite3 db and so this tells me that something in one of your config files is not right thus when the python code tries to execute and generate the backup file, it is not doing it properly.

This is the correct link that should properly export the backup, I just did this now after a recent install of anthias/ose so I know it works:

Also, make sure the NGINX container config was not edited improperly, because part of that code at the end needs to have these lines to allow export of backup:

Gotcha gotcha, I’m going to check NGINX first cause 403 seems like I’m trying to access an unauthorized resource and maybe something there with the location is messed up.

nginx config looks fine, it matches yours:

Server.py has a lot of stuff, not sure what I’m looking at in there

Not sure then… if you dont want to reinstall with fresh copy of anthias by removing the screenly directory that gets downloaded during installation and which is then used on the containers, which doesnt affect your assets, then you’re going to have to check you server container lib/backup_helper.py file and if you dont remember changing anything in any other container, then it’s too broad to pinpoint where the issue lies.

remember you can download a json copy of your assets at least via the API so you can get an idea of everything you have added, in case you have to start completely fresh without restoring an old version of the database which we’ve determined does not work with new version.

it is easier to reinstall fresh rather than digging through containers and python files and config files to find the culprit.

Alright, I’ll tinker with this a bit more. I think it’s worth mentioning I have 2 Screenly instances on Pi 3’s and both are having this backup issue, so I’m suspecting something little is maybe causing this by chance unless editing my backup config files before restoring could’ve caused it, other than that I didn’t change anything.


So I reinstalled on one of the Pi’s for the heck of it and manually re-imported my assets, but when I go to back up I get the same “403 Forbidden” error.

Fresh install with the bash script, Raspberry Pi 3 Model B Rev 1.2.


Ok I will replicate your steps and see if I experience the same on my Pi3B rev 1.2.

Just to confirm, you downloaded Raspbian Lite OS 64-bit and ran the bash install script, etc, and then simply went into the Assets Overview and added/uploaded images etc?

So I just did a fresh install from scratch, added a few URL assets, and added a few images, tested all, and then went to Get backup, worked perfectly fine within seconds.

Can you explain what you are doing when you “manually re-import” your assets? what does this step entail exactly?

Yes, I downloaded the Lite 64-bit Raspbian, installed it with the bash script, and then uploaded around 9 images (Add Asset, drag and dropped all of them).

This is beyond me, I swear I did a fresh install of Raspbian and then Anthias.

Can you ssh into the Pi’s console and run
sudo docker logs screenly-srly-ose-nginx-1 -f
and then go and try to download the backup…
Actually, you should have multiple ssh connections better, I would open up two connections and also see the logs for server as you click get backup so we can see what the container is running into when you click that… so to see the logs for the server container i am sure you know it is
sudo docker logs screenly-srly-ose-server-1 -f
The -f just means follow so that you can see the live logs as you click around on the Web GUI.

Also, can you post the screenshot showing the actual full URL your browser is trying to access when you get forbidden? there is no need to block the IP address since this is local and not a public IP, unless it is a public one in which case then you are dealing with your firewall as a potential culprit and nothing to do with Anthias.

Running that command for nginx doesn’t spit anything out, before & during the Get backup process.

Running that command for server does give some logs, but nothing new happens when I click get backup, all I get is this:

And here’s the full URL for the get backup:

Oh… see, that is your issue, your IP address…
subnet does not cover 10.30.x.x

I have made a change in the nginx configuration that will be updated by tomorrow in the master branch to fix this since technically your IP address is still part of the RFC 1918.

If you want to fix it manually, change your nginx config file on the container where you have these lines:

Change the to →
Save the file, restart the container, should fix the issue.

1 Like

Ahah, that fixed it! Thank you my good sir, you’re smart, here’s a cookie: :cookie: :slight_smile:

1 Like