Cells running behind an HTTP proxy

Hello,

I am trying to run Pydio Cells behind an HTTP proxy (not a reverse proxy: an HTTP proxy for requests going out to S3). I did not find documentation about how to achieve this. I try a naive approach based on environment variables HTTP_PROXY and HTTPS_PROXY but this broke other requests.

On the first screen of the installation some requests are sent to the server for exemple to https://localhost:8080/install but the response payload is a rejection page of the proxy for a request to http://172.22.0.3:36283/install. I am using Docker and the IP is the Cells container’s one. There I would be tempted to use a NO_PROXY environment variable, except that since the IP is not the loopback one so it is not know before the container starts. I tried to add a NO_PROXY set to localhost and 127.0.0.1 without success. I am out of ideas! Hopefully someone will have a solution for this :wink:

Here is a quick reproduction path:

  1. Start an HTTP proxy that will reject everything: docker run -p 3128:3128 sameersbn/squid:3.5.27-2
  2. Start Cells with env variables: docker run -p 8080:8080 -e CELLS_BIND=localhost:8080 -e CELLS_EXTERNAL=localhost:8080 -e CELLS_NO_SSL=1 -e HTTP_PROXY=host.docker.internal:3128 -e HTTPS_PROXY=host.docker.internal:3128 -e NO_PROXY=localhost,127.0.0.1 pydio/cells:latest
  3. Open https://localhost:8080 in a web browser. On the install page the terms of use will be blank and requests will be sent in the background that will fail as 403 from the HTTP proxy.

Hello and welcome, @fhx,

Indeed the env variables HTTP_PROXY and HTTPS_PROXY are the way to go,
when running a container on Cells, you should always use the bind address of the host running the Cells container, if you use localhost it will actually as you said try to use the loopback address.

Could you try with CELLS_BIND=192.168.0.5(replace this value with your own interface), for the external, you could put the same address but localhost, should also do the trick as long as you are communicating on the same port.

This documentation about the reverse proxy could provide you with some more hints about your setup and values.

Thank you for your quick answer. I tried to apply it but I could not make it work. I replaced the CELLS_BIND to the value of my host IP but not I have this error when I try to access Pydio : 421 Site localhost:8080 is not served on this interface.

I also tried with an actual domain like xxx[dot]mydomain[dot]com with a reverse proxy to Pydio (and also with CELLS_BIND to the host IP) but got a similar error: 404 Site xxx[dot]mydomain[dot]com is not served on this interface (xxx[dot]mydomain[dot]com is an exemple I used a real domain of course).

I am puzzled about how this is supposed to work. I understand the role of CELLS_EXTERNAL since the container is not aware of its external address. The fact that CELLS_BIND should be set to the host IP this I do not understand as the container is completely unaware of the host network interfaces.

Just to clarify, I tried a CELLS_BIND to 0.0.0.0:8080 and a CELLS_EXTERNAL to localhost:8080. This is a fairly common setup for containerized applications behind a reverse proxy. I did not have the error above with this config but when I added HTTP_PROXY and HTTPS_PROXY the installation wizard failed because it sent requests to http://172.17.0.3:40131/install and this went though the HTTP proxy. This IP is the container’s internal one. My intuition is that it would work is Pydio used “localhost” instead of the container’s internal IP address because localhost can be whitelisted in NO_PROXY. Does it make sense and is there a way to force Pydio to do that?