502 Bad gateway error after installation

Pydio Cells
1

Hello,

I’ve been trying and failing to get a Docker instance of Pydio/Cells to run. After I manage to get to the installation page, every single time it freezes and thereafter all I get is a 502 Bad Gateway. Details below.

  • Docker 18.06.1-ce on Ubuntu 18.04 running the default install

  • MySQL 5.7 on the host

  • Nginx 1.14 on the host for the reverse proxy (already serving several sites)

  • Nginx configuration:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name cells.example.ht;
    ssl_certificate /etc/ssl/cells.example.ht/cert.pem;
    ssl_certificate_key /etc/ssl/cells.example.ht/privkey.pem;

    access_log /var/log/nginx/cells.access.log;
    error_log /var/log/nginx/cells.error.log;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Nginx-Proxy true;
        proxy_pass "http://<host ip address>:2080$request_uri";
        proxy_redirect off;
    }
}
  • Docker command line:
docker run --detach --name cells 
                    --publish 2080:2080 
                    --volume "config:/root/.config" 
                    --env "CELLS_NO_SSL=1" 
                    --env "CELLS_BIND=cells.example.ht:2080" 
                    --env "CELLS_EXTERNAL=cells.example.ht:2080" 
                    --add-host "localhost:<host ip address>"
                    pydio/cells

I seem to have needed the --add-host to allow the container to have access MySQL on the host.

With this command line, I was able to start the install. But the page never reloaded, even by clicking on the manual link. Note that there was quite a bit of trial and error to get to that point. Eventually, I restart the container to no avail.

Nginx reports the following:

connect() failed (111: Connection refused) while connecting to upstream, client: <host ipv6 address>, server: cells.example.ht, request: "GET /favicon.ico HTTP/1.1", upstream: "http://<host ip address>:2080/favicon.ico", host: "cells.example.ht", referrer: "https://cells.example.ht/"

docker logs cells has not even a suggestion that a connection has been attempted. I expected something like the access logs from an HTTP server. On the other hand it does have this line:

Error found: pydio.gateway.proxy        Could not run   {"error": "cannot create storage without CA URL"}

Inside the container, netstart -lnt | grep 2080 returns nothing. So the container does not seem to have anything listening on that port.

That’s basically where I am right now and I don’t think I can move forward without some help. So, thanks in advance for any and all suggestions.

Sorry for the long post.

Best
Philippe

2

I should have mentioned that I am running on both IPv4 and IPv6. That might be an issue.

The HTTP requests coming from the outside are mostly (90%) in IPv6.

3

Hi,
just to be sure and locate what configuration should we focus on,
can you access your cells locally with this address?

then we will take a look at how it works with the reverse proxy,
but basically cells has a webserver that proxies all of cells services,
you need the cells_bind which is the usually the host of the machine running the cells instance and cells_external which give you access to cells (usually it’s the same host as the bind without a port) then when you proxy with another reverse proxy all you want to do is proxy to the cells_external you should enabled SSL on cells (CELLS_NO_SSL=0) if you are proxying on ssl too.

you could try with CELLS_NO_SSL=0.

Regards

4

Thanks for the reply. In the meantime, after much frustrations, I did manage to get a standard installation to work. I’m currently in the process of evaluating the software.

In summary:

  • CELLS_EXTERNAL should not have the port number as you correctly point out.

  • The standard install also does not work with CELLS_NO_SSL, actually, pydio.json attribute ssl. Set it to false and we get the same pydio.gateway.proxy error noted in my original post.

  • My third mistake was in my Nginx configuration. Using the $request_uri parameter in the proxy_pass statement created a resolver issue and is not even necessary. (Also the proxy_redirect off does not seem to do anything so I removed that too.)

  • The next time I try the container, my command line will be:

docker run --detach --name cells 
                    --publish 2080:2080 
                    --volume "config:/root/.config" 
                    --env "CELLS_NO_SSL=0" 
                    --env "CELLS_BIND=cells.example.ht:2080" 
                    --env "CELLS_EXTERNAL=cells.example.ht" 
                    --add-host "localhost:<host ip address>"
                    pydio/cells

One issue I have now, and it’s probably a minor one, is that I would prefer to restrict to localhost all the ports that need not be accessible from the outside, i.e. have CELLS_BIND=localhost:2080. I’ve read somewhere that it won’t work and that internal and external domains must be the same. I haven’t tried it yet so we’ll see.

Thanks again.
Philippe

5

the other ports are not exposed to the outside,
here’s a what the proxying looks like inside cells,

global-architecture.png3236×3486 548 KB

it is because of nats (https://nats.io/) which requires a private address.

6

Thanks. That diagram could be very useful if I ever dive into the code. :smile:

7

The 502 Bad Gateway error usually happens when there are some network errors between computer and internet severs . This means that a server (not necessarily a web server) acting as a gateway or proxy and received an invalid response from an upstream (or origin) server. In most cases the problem is not with you computer or your internet connection , it’s far more likely that it’s the website’s server instead. Fortunately, there are some common and effective solutions for analyzing and fixing most of the causes of 502 Bad Gateway Errors.

  • Perform a hard-refresh in your browser. On Macs, this is done by pressing Cmd + Shift + R.

  • This problem is due to poor IP communication between back-end computers, possibly including the Web server at the site you are trying to visit. Before analysing this problem, you should clear your browser cache completely.

  • If you get this problem for only some of the Web sites you try to visit then it is likely to be a problem at those sites i.e. one of their pieces of equipment is failing/overloaded. Contact the people at those sites.

  • If you are surfing the Web and see this problem for all Web sites you try to visit, then either 1) your ISP has a major equipment failure/overload or 2) there is something wrong with your internal Internet connection e.g. your firewall is not functioning correctly. In the first case, only your ISP can help you. In the second case, you need to fix whatever it is that is preventing you reaching the Internet.

  • In some cases, this error caused by low computer hard disk space, you can go check the free space of your computer hard disk. If there is really not enough free space left, clean your computer hard disk well.

  • Start your browser in Safe Mode. Running a browser in Safe Mode means to run it with default settings and without add-ons or extensions, including toolbars.

  • If your web application is configured to listen on a socket, ensure that the socket exists in the correct location and that it has the proper permissions

  • Finally, restart your computer/networking equipment. Some temporary issues with your computer and how it’s connecting to your network could be causing 502 errors, especially if you’re seeing the error on more than one website. In these cases, a restart would help.