502 Bad gateway error after installation


#1

Hello,

I’ve been trying and failing to get a Docker instance of Pydio/Cells to run. After I manage to get to the installation page, every single time it freezes and thereafter all I get is a 502 Bad Gateway. Details below.

  • Docker 18.06.1-ce on Ubuntu 18.04 running the default install

  • MySQL 5.7 on the host

  • Nginx 1.14 on the host for the reverse proxy (already serving several sites)

  • Nginx configuration:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name cells.example.ht;
    ssl_certificate /etc/ssl/cells.example.ht/cert.pem;
    ssl_certificate_key /etc/ssl/cells.example.ht/privkey.pem;

    access_log /var/log/nginx/cells.access.log;
    error_log /var/log/nginx/cells.error.log;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Nginx-Proxy true;
        proxy_pass "http://<host ip address>:2080$request_uri";
        proxy_redirect off;
    }
}
  • Docker command line:
docker run --detach --name cells 
                    --publish 2080:2080 
                    --volume "config:/root/.config" 
                    --env "CELLS_NO_SSL=1" 
                    --env "CELLS_BIND=cells.example.ht:2080" 
                    --env "CELLS_EXTERNAL=cells.example.ht:2080" 
                    --add-host "localhost:<host ip address>"
                    pydio/cells

I seem to have needed the --add-host to allow the container to have access MySQL on the host.

With this command line, I was able to start the install. But the page never reloaded, even by clicking on the manual link. Note that there was quite a bit of trial and error to get to that point. Eventually, I restart the container to no avail.

Nginx reports the following:

connect() failed (111: Connection refused) while connecting to upstream, client: <host ipv6 address>, server: cells.example.ht, request: "GET /favicon.ico HTTP/1.1", upstream: "http://<host ip address>:2080/favicon.ico", host: "cells.example.ht", referrer: "https://cells.example.ht/"

docker logs cells has not even a suggestion that a connection has been attempted. I expected something like the access logs from an HTTP server. On the other hand it does have this line:

Error found: pydio.gateway.proxy        Could not run   {"error": "cannot create storage without CA URL"}

Inside the container, netstart -lnt | grep 2080 returns nothing. So the container does not seem to have anything listening on that port.

That’s basically where I am right now and I don’t think I can move forward without some help. So, thanks in advance for any and all suggestions.

Sorry for the long post.

Best
Philippe


#2

I should have mentioned that I am running on both IPv4 and IPv6. That might be an issue.

The HTTP requests coming from the outside are mostly (90%) in IPv6.


#3

Hi,
just to be sure and locate what configuration should we focus on,
can you access your cells locally with this address?

then we will take a look at how it works with the reverse proxy,
but basically cells has a webserver that proxies all of cells services,
you need the cells_bind which is the usually the host of the machine running the cells instance and cells_external which give you access to cells (usually it’s the same host as the bind without a port) then when you proxy with another reverse proxy all you want to do is proxy to the cells_external you should enabled SSL on cells (CELLS_NO_SSL=0) if you are proxying on ssl too.

you could try with CELLS_NO_SSL=0.

Regards


#4

Thanks for the reply. In the meantime, after much frustrations, I did manage to get a standard installation to work. I’m currently in the process of evaluating the software.

In summary:

  • CELLS_EXTERNAL should not have the port number as you correctly point out.

  • The standard install also does not work with CELLS_NO_SSL, actually, pydio.json attribute ssl. Set it to false and we get the same pydio.gateway.proxy error noted in my original post.

  • My third mistake was in my Nginx configuration. Using the $request_uri parameter in the proxy_pass statement created a resolver issue and is not even necessary. (Also the proxy_redirect off does not seem to do anything so I removed that too.)

  • The next time I try the container, my command line will be:

docker run --detach --name cells 
                    --publish 2080:2080 
                    --volume "config:/root/.config" 
                    --env "CELLS_NO_SSL=0" 
                    --env "CELLS_BIND=cells.example.ht:2080" 
                    --env "CELLS_EXTERNAL=cells.example.ht" 
                    --add-host "localhost:<host ip address>"
                    pydio/cells

One issue I have now, and it’s probably a minor one, is that I would prefer to restrict to localhost all the ports that need not be accessible from the outside, i.e. have CELLS_BIND=localhost:2080. I’ve read somewhere that it won’t work and that internal and external domains must be the same. I haven’t tried it yet so we’ll see.

Thanks again.
Philippe


#5

the other ports are not exposed to the outside,
here’s a what the proxying looks like inside cells,

it is because of nats (https://nats.io/) which requires a private address.


#6

Thanks. That diagram could be very useful if I ever dive into the code. :smile: