Fix forward_ports service and return useful nginx errors

packages/nomad/proxies/session.conf

@@ -13,6 +13,11 @@ map $http_upgrade $conn_upgrade {
   "websocket" "Upgrade";
 }
 
+map $http_user_agent $is_browser {
+  default                                 0;
+  "~*mozilla|chrome|safari|opera|edge"    1;
+}
+
 log_format logger-json escape=json
 '{'
 '"source": "session-proxy",'
@@ -34,7 +39,7 @@ access_log /var/log/nginx/access.log logger-json;
 
 server {
   listen 3003;
-
+  
   # DNS server resolved addreses as to <sandbox-id> <ip-address>
   resolver 127.0.0.4 valid=0s;
   resolver_timeout 5s;
@@ -76,6 +81,24 @@ server {
   keepalive_timeout 630s;
   # gzip off;
 
+  error_page 502 = @upstream_error;
+
+  location @upstream_error {
+    default_type text/html;
+    absolute_redirect off;
+
+    if ($is_browser = 1) {
+      return 502 '<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Closed Port Error</title><style>:root{--brand:#ff8800;--error:#dc2626;--error-light:#fef2f2;--text:#1a1a1a;--background:#ffffff;--border:#e5e7eb;--details-bg:#f9fafb;--code-text:#374151;--muted-text:#6b7280}@media (prefers-color-scheme:dark){:root{--error:#ef4444;--error-light:#2a0f0f;--text:#e5e7eb;--background:#121212;--border:#2f2f2f;--details-bg:#1c1c1c;--code-text:#d1d5db;--muted-text:#9ca3af}}*{margin:0;padding:0;box-sizing:border-box}body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif;background:#f5f5f5;min-height:100vh;display:flex;align-items:center;justify-content:center;padding:1rem;color:var(--text)}@media (prefers-color-scheme:dark){body{background:#0a0a0a}}.error-card{background:var(--background);border-radius:12px;box-shadow:0 4px 6px -1px rgb(0 0 0 / .1),0 2px 4px -2px rgb(0 0 0 / .1);width:100%;max-width:600px;padding:1.5rem 2rem 2rem;position:relative}.logo{position:absolute;top:1rem;right:1.5rem;width:40px;height:40px;border-radius:50%;overflow:hidden}.error-header{margin-bottom:1.5rem;padding-right:3.5rem}.error-title{display:inline-block;color:var(--error);font-size:.9375rem;font-weight:500;margin-bottom:1rem;padding:.25rem .5rem;background:var(--error-light);border-radius:4px}.error-message{font-size:1.125rem;line-height:1.5;color:var(--error);font-weight:400;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif}.error-details{background:var(--details-bg);border:1px solid var(--border);border-radius:8px;padding:1rem;margin-top:1.5rem}.error-code{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;font-size:.875rem;color:var(--code-text)}.sandbox-url{color:var(--muted-text);font-size:.875rem;display:block;margin-bottom:.5rem}.highlight{font-weight:700}.help-text{margin-top:1.5rem;font-size:.875rem;color:var(--muted-text)}.debug-link{display:block;margin-top:2rem;color:var(--brand);text-decoration:none;font-size:.875rem}.debug-link:hover{text-decoration:underline}@media (max-width:640px){.error-card{margin:1rem;padding:1.25rem 1.5rem 1.5rem}.logo{top:.75rem;right:1rem;width:32px;height:32px}.error-header{padding-right:2.5rem}}</style></head><body><main class="error-card"><img src="https://hebbkx1anhila5yf.public.blob.vercel-storage.com/Symbol%20Gradient-Kr5pnWlK3ZhzBcRGf6Am4cNbJvY1Ge.svg" alt="Logo" class="logo"><div class="error-header"><h1 class="error-title">Closed Port Error</h1><p class="error-message">The sandbox <span class="highlight" id="sandbox-id">$dbk_session_id</span> is running but there&#39s no service running on port <span class="highlight" id="port-number">$dbk_port</span>.</p></div><div class="error-details"><span class="sandbox-url">$host</span><div class="error-code">Connection refused on port <span class="highlight" id="port-number-code">$dbk_port</span></div></div><p class="help-text">Please ensure that your service is properly configured and running on the specified port.</p><a class="debug-link" href="https://e2b.dev/docs/sdk-reference/cli/v1.0.9/sandbox#e2b-sandbox-logs">Check the sandbox logs for more information →</a></main></body></html>';
+    } 
+
+    rewrite ^ /error-json last;
+  }
+
+  location /error-json {
+    default_type application/json;
+    return 502 '{"error": "The sandbox is running but port is not open", "sandboxId": "$dbk_session_id", "port": "$dbk_port"}';
+  }
+
   location / {
     if ($dbk_session_id = "") {
       # If you set any text, the header will be set to `application/octet-stream` and then browser won't be able to render the content

packages/template-manager/internal/build/provision.sh

@@ -137,7 +137,7 @@ echo "nameserver 8.8.8.8" >/etc/resolv.conf
 
 # Start systemd services
 systemctl enable envd
-systemctl enable envd-v0.0.1
+# systemctl enable envd-v0.0.1
 systemctl enable chrony 2>&1
 
 cat <<EOF >/etc/systemd/system/forward_ports.service
@@ -149,12 +149,12 @@ Type=simple
 Restart=no
 User=root
 Group=root
-ExecStart=/bin/bash -l -c "(echo 1 | tee /proc/sys/net/ipv4/ip_forward) && iptables-legacy -t nat -A POSTROUTING -s 127.0.0.1 -j SNAT --to-source {{ .FcAddress }} && iptables-legacy -t nat -A PREROUTING -d {{ .FcAddress }} -j DNAT --to-destination 127.0.0.1"
+ExecStart=/bin/bash -l -c "(echo 1 | tee /proc/sys/net/ipv4/ip_forward) && (echo 1 | tee /proc/sys/net/ipv4/conf/eth0/route_localnet) && iptables-legacy -t nat -A POSTROUTING -s 127.0.0.1 -j SNAT --to-source {{ .FcAddress }} && iptables-legacy -t nat -A PREROUTING -d {{ .FcAddress }} -j DNAT --to-destination 127.0.0.1"
 
 [Install]
 WantedBy=multi-user.target
 EOF
 
-# systemctl enable forward_ports
+systemctl enable forward_ports
 
 echo "Finished provisioning script"