Cells Sync: connection closed before server preface received

Sync Client
1

Hello,

I’m currently testing Pydio product in place of ownCloud.
I’m using Docker to deploy the application in my server (Windows 11).
The application works fine, I’m able to access it from the web and also from android.
Problem is with Cells Sync, the windows application.

I’m able to connect to my account, but I can’t sync my files, I get connection closed before server preface received when I open the tree to select the directory:

Untitled
Untitled2449×1336 133 KB

These are the environement variables:

CELLS_SITE_NO_TLS=0
CELLS_SITE_BIND="0.0.0.0:443"
CELLS_SITE_EXTERNAL="https://drive.<my-domain>"
CELLS_LOG="info"

I’m using this caddy configuration:

:80 {
	reverse_proxy server:443 {
		transport http {
			tls
			tls_insecure_skip_verify
		}
	}
}

Thanks in advance for any help.

Best regards,
Taki

2

It’s possible that cells-sync can’t connect to the server via grpc protocol. There are several situations to consider that may help you start the troubleshooting process:

  • self-sign certificate: If you using self-sign certificate (generated by cells), you should install the CA cert (generated by cells) to the system trust root.

  • http/2: If you have “https://drive.”, your reverse proxy must support http/2 to be able to handle grpc requests

3
  1. I don’t understand the need for the certification, from this graph, there’s no direct access to the grpc server, since NO_TLS is deactivated, the Main Gateway will communicate with GRPC Gateway

** img1 **

  1. I changed the configurations, I removed caddy,
    From: drive.mydomain (tunnel, subdomain) → caddy (reverse proxy) → pydio
    To: drive.mydomain (tunnel, subdomain) → pydio
CELLS_SITE_NO_TLS=0
CELLS_SITE_BIND="drive.mydomain:443"
CELLS_SITE_EXTERNAL="https://drive.mydomain"
CELLS_LOG="info"

** img2 **

I converted the rootCA.pem and rootCA-key.pem to cells.p12, I installed the certificat on my machine and firefox, but now I’m getting a problem in web and cells-sync:

** img3 **

** img4 **

** img5 **

I’m not used to work with certifications, I tried my best here.

Is there any way to bypass GRPC, like I said before, Web and Android are working fine, I don’t understand the need for it for cells-sync :sweat_smile:

Otherwise since Main Gateway and GRPC are inter-communicate in the docker container, is there a flag that I can use to disable any TLS checking.

  1. I enabled CELLS_SITE_NO_TLS, I used this configuration:
CELLS_SITE_NO_TLS=1
CELLS_SITE_BIND="0.0.0.0:80"
CELLS_SITE_EXTERNAL="https://drive.mydomain"
CELLS_GRPC_EXTERNAL=8080
CELLS_LOG="info"

I expiremented with this caddy configuration:

:80 {
	@grpc header Content-Type application/grpc
	handle @grpc {
		reverse_proxy h2c://server:8080
	}

	reverse_proxy server
}

The problem is I can create a tunnel to the server https://drive.mydomain (no certification problem since I’m using a subdomain [ngrok, zrok, localtonet…]).

I can create another tunnel to GRPC https://grpc.mydomain

Problem cells-sync will request https://drive.mydomain:8080.

Is there a way to specify a whole URL for the CELLS_GRPC_EXTERNAL like this CELLS_GRPC_EXTERNAL="https://grpc.mydomain" ?
Or a flag I can set to force cells-sync to use a specific URL.

I think this is the best solution if applicable, no TLS no certifications to manage.
All certifications are managed by the tunnel provider.

Best regards,
Taki

4

image
image756×733 50.4 KB

5

image
image2232×412 52.5 KB

6

image
image1097×917 53.5 KB

7

image
image1028×1291 51.2 KB

8

image
image906×710 17.5 KB

9

Web & Android are base on restAPI, no local store

Cells-sync do the synchronization between cells & local store so grpc is used for synchronization.

Cells-sync has no interface to bypass the certificate (like you have in browser). You need to install the self-sign cert rootCA.pem to system trust root. Once the rootCA.pem is added to the system trust, your cells-sync can ‘trust’ this self-signed cert

1 Like
10

Thank you so much, it’s working :smiley:

image
image898×695 13 KB