502 error with nginx proxy

Hello,
I tried to deploy Pydio Cells with docker behind my nginx reverse proxy but I don’t have access to web interface (error 502).

Here is my docker-compose.yml:

version: '3.7'

services:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports:
      - 127.0.0.1:8087:8080
    environment:
      # Internal Web Server Configuration
      - CELLS_BIND=${PUBLIC_FQDN}:8080
      - CELLS_EXTERNAL=https://${PUBLIC_FQDN}
      #- CELLS_LE_AGREE=1
      #- CELLS_LE_EMAIL=${ADMIN_EMAIL}
      # Directly pass server configuration as yaml file
      - CELLS_INSTALL_YAML=/pydio/config/install.yml
      # Pass env var to yaml install conf
      - CELLS_ADMIN_PWD=${CELLS_ADMIN_PWD}
      - MYSQL_PYDIO_PWD=${MYSQL_PYDIO_PWD}
      - CELLS_NO_TLS=1
    volumes:
      - /opt/gnservices/pydio/cells:/var/cells
      - ./install-conf.yml:/pydio/config/install.yml:ro

  mysql:
    image: mysql:5.7
    ports:
      - 3366:3306
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PWD}
      MYSQL_DATABASE: cells
      MYSQL_USER: pydio
      MYSQL_PASSWORD: ${MYSQL_PYDIO_PWD}
    volumes:
      - /opt/gnservices/pydio/mysql:/var/lib/mysql
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]

Variables are created in .env file.

I created certs using certbot lets encrypt.

Here is my nginx config file:

server {
    client_max_body_size 200M;
    server_name pydio.mydomain.org;

    location / {
            proxy_buffering off;
            proxy_pass https://127.0.0.1:8087$request_uri;
            #proxy_pass_request_headers on;
            #proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
    }

    location /ws {
            proxy_buffering off;
            proxy_pass https://127.0.0.1:8087;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 86400;
    }

    error_log /var/log/nginx/cells-proxy-error.log;
    access_log /var/log/nginx/cells-proxy-access.log;
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/pydio.mydomain.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pydio.mydomain.org/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
}

server {
    if ($host = pydio.mydomain.org) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;
    server_name pydio.mydomain.org;
    return 404;
}

Could someone please help me understand what I’ve done wrong?

Thanks

If you
curl localhost:8087
to bypass nginx, do you get a 302 redirect to /login? Do your nginx error logs provide any hints?

If I’m understanding the docker environment variable CELLS_NO_TLS correctly, you’ve turned off TLS in cells? But you’re trying to proxy to https in nginx. If you proxy_pass http://127.0.0.1:8087 does that work?

Indeed, it works using CELLS_NO_TLS=0, and also CELLS_BIND=127.0.0.1:443

Thanks for helping me find this out

This topic was automatically closed 11 days after the last reply. New replies are no longer allowed.