Details
-
Bug
-
Status: Needs Feedback (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
11.8.2
-
None
-
Debian 12 Arm64 VPS hosted on Hetzner Cloud
Description
I have a few virtual private servers (VPS) hosted at Hetzner Cloud. They are all running Debian 12 on Arm64-based processors. I'm in the middle of installing MariaDB Server (11.8.2) on them but they all fail to add the neccessary repositories.
I'm receiving a HTTP 403 Forbidden error from the MariaDB repository download link.
It appears it is blocking Hetzner IP ranges/ASN and this needs to be addressed immediately. Allowing repository access is business critical for us when installing or upgrading MariaDB Server, MariadDB Client, MariaDB Backup and MariaDB MaxScale.
On a brand new Debian 12 server hosted at Hetzner, I'm trying the following to install MariaDB Server 11.8.2:
$ sudo apt update |
$ sudo apt install curl apt-transport-https |
$ curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash |
$ sudo apt update |
$ sudo apt install mariadb-server mariadb-client mariadb-backup |
$ sudo apt list --installed | grep "^mariadb" | grep -v automatic |
The commands above will:
- Refresh package repositories
- Install the prerequisite packages
- Download the "mariadb_repo_setup" script from MariaDB and install it
- Refresh package repositories
- Install MariaDB Server, MariaDB Client and MariaDB Backup
- Verify that the installed versions are 11.8.2 (latest stable as of 2025-07-06)
It fails directly on the cURL command as it returns a 403 Forbidden.
If I send a HEAD request to that URL it points to:
$ curl -I https://r.mariadb.com/downloads/mariadb_repo_setup |
HTTP/2 302 |
date: Sat, 05 Jul 2025 22:57:28 GMT |
content-type: text/html |
content-length: 154
|
location: https://dlm.mariadb.com/3/MariaDB/mariadb_repo_setup |
via: 1.1 google
|
cf-cache-status: DYNAMIC
|
server: cloudflare
|
cf-ray: 95aa762a183bdbb9-FRA
|
And if I send a HEAD request to that location:
$ curl -I https://dlm.mariadb.com/3/MariaDB/mariadb_repo_setup |
HTTP/2 302 |
date: Sat, 05 Jul 2025 22:59:18 GMT |
content-type: text/html; charset=utf-8 |
content-length: 0
|
location: https://storage.googleapis.com/downloads-cdn.mariadb.com/aptyum/1.0/1.0.0/MariaDB/mariadb_repo_setup?GoogleAccessId=downloads-sync%40downloads-234321.iam.gserviceaccount.com&Expires=1751757258&Signature=LJgBm5WrH9gOpp7JdpTm0u%2BfPT2gSF15pBGa1chzhtAOrxYO4bBoLB%2BCSFIma4b4sDaC4IQCdF8gYcSPe1Yps9j4XtQnSqGvLHaRpIRUw9eLLJOxBV1%2B6yV0Z%2FteP%2FVbTORHYwnJCC5BfqsNjmebHJxWBw%2FzeplTcHiOw8aXwZnqdUTP3SGPWSnO1%2Fhm%2BSVj6zXUqEnGovqo%2BZetynM5NW4WkmF11G712oGwQvgTSUh6KbIFJX%2Bsd0a%2FK8gfbztnVIEOLJc1Ra25OJuM%2FOP9FI7%2FFun6P%2FCg3Q1rh8wakCkSOE0k4bV3uPSHrgrP1drEmsd7lc5PASCiHZ4iNsJ%2B%2Fg%3D%3D |
x-frame-options: SAMEORIGIN
|
vary: Cookie, Origin
|
via: 1.1 google
|
cf-cache-status: DYNAMIC
|
server: cloudflare
|
cf-ray: 95aa78d79b301808-FRA
|
And if I then send a HEAD request to that location:
curl -I https://storage.googleapis.com/downloads-cdn.mariadb.com/aptyum/1.0/1.0.0/MariaDB/mariadb_repo_setup?GoogleAccessId=downloads-sync%40downloads-234321.iam.gserviceaccount.com&Expires=1751757258&Signature=LJgBm5WrH9gOpp7JdpTm0u%2BfPT2gSF15pBGa1chzhtAOrxYO4bBoLB%2BCSFIma4b4sDaC4IQCdF8gYcSPe1Yps9j4XtQnSqGvLHaRpIRUw9eLLJOxBV1%2B6yV0Z%2FteP%2FVbTORHYwnJCC5BfqsNjmebHJxWBw%2FzeplTcHiOw8aXwZnqdUTP3SGPWSnO1%2Fhm%2BSVj6zXUqEnGovqo%2BZetynM5NW4WkmF11G712oGwQvgTSUh6KbIFJX%2Bsd0a%2FK8gfbztnVIEOLJc1Ra25OJuM%2FOP9FI7%2FFun6P%2FCg3Q1rh8wakCkSOE0k4bV3uPSHrgrP1drEmsd7lc5PASCiHZ4iNsJ%2B%2Fg%3D%3D |
HTTP/2 403 |
content-type: application/xml; charset=UTF-8 |
x-guploader-uploadid: ABgVH8_UXskTfsOb0dH5gSOOBerMKAzGSmhSiQw7UFF040LmRwjOtXQ1P6AzqrcCP1n5eUNs62aOTWk
|
content-length: 298
|
date: Sat, 05 Jul 2025 23:00:00 GMT |
expires: Sat, 05 Jul 2025 23:00:00 GMT
|
cache-control: private, max-age=0
|
server: UploadServer
|
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 |
In other words, it appears that MariaDB's repository script is hosted at some Google service, which blocks Hetzner's IP addresses. You either need to adjust your WAF/firewall rules or use a different mirror because that Google service seems too strict.
I managed to download the "mariadb_repo_setup" script on my home network and then SCP copied it to my server and attempted to run it, but it would also get 403 Forbidden errors that way while running "sudo apt update && sudo apt install mariadb-server mariadb-client mariadb-backup".
Hetzner is one of the largest European cloud providers and having them IP blocked is a major, business critical issue - that needs to be addressed. I have read similar issues about this:
But we need a long-term fix! We are currently unable to move forward with the setup of our new MariaDB server.