CellsSync doesn't work behind NPM

Pydio Cells
1

Hello all !

I want a home could solution hosted on my server, I tried NextCloud but it is too wobbly for me that is trying to find some kind of “install and forget” solution.
Pydio check all the boxes but I have on issue that’s preventing me from really using it.

Describe your issue in detail

I’ve spent around 15 hours trying to make Pydio work on all my devices but there is still an issue that I cannot solve : the CellsSync app on my Windows would never connect using the FQDN to reach my Pydio instance. But it can work using specific configuration and only when reaching locally (192.168.0.xxx).
The web interface and Android app are accessible from internal and external network without any issue.

I have a Proxmox server with some VMs and LXC (containers) on it.
On of these LXC is Docker.
On Docker I have Nginx Proxy Manager (=Nginx but with a GUI) which manage all my SSL certificates.
I try to deploy Pydio from here also, here’s my stack at the time : (which is not working well, the stuff I’m trying are essentially adding/modifying variables in the “environment” section of Cells)

version: '3.3'
    
services:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports:
      - "8080:8080"
      - "33060:33060"
      - "36013:36013"
    volumes:
      - /home/docker/pydio/cellsdir:/var/cells
      - /home/docker/pydio/data:/var/cells/data
    environment:
      #- CELLS_BIND=0.0.0.0:8080
      #- CELLS_EXTERNAL=http://192.168.0.151:8080
      - CELLS_BIND_ADDRESS=0.0.0.0
      - CELLS_EXTERNAL=https://myaddress.com
      - CELLS_NO_TLS=1
    networks:
      - proxy
      - npm_net 
      
  mysql:
    image: mysql:8
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: P@ssw0rd
      MYSQL_DATABASE: cells
      MYSQL_USER: pydio
      MYSQL_PASSWORD: P@ssw0rd
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
    volumes:
      - /home/docker/pydio/mysqldir:/var/lib/mysql
    networks:
      - proxy

      
networks:
  proxy:
    driver: bridge
  npm_net:
    external: true
    name: nginx-proxy-manager_proxy

volumes:
    data: {}
    cellsdir: {}
    mysqldir: {}

With this config when trying to add a sync task in CellsSync I can have a various range of errors :

  • host computer refused the connection
  • impossible to connect to https:// something:https:// something
  • socket cannot be opened

    (I give this error messages from memory, and since my app is in french the translation is approximative)

In NPM I have of course enabled all options, including : websockets support, force SSL, HTTP/2 support, …

What version of Cells are you using?

Pydio Cells Home Edition 4.4.15

What is the server OS? Database name/version? Browser name or mobile device description (if issue appears client-side)?

Docker image : image: pydio/cells:latest
DB : MySQL 8 : image : mysql:8
CellsSync 0.9.4 for Windows 11

What steps have you taken to resolve this issue already?

I tried so many things it’s impossible to list exactly all of them, but globally I :

  • used Custom Locations in NPM to add /grpc redirections
  • used Advanced tab in NPM, to also try adding some customs rules for grpc flows
  • created a dedicated nginx instance in my Pydio stack

None of that worked

I searched a lot on the Internet and others have the same issue as me with NPM and their thread never ended with an answer.
I tried ChatGPT which gave some good indications but never a definitive answer.

The question

Does someone know how to parameters Nginx Proxy Manager so that the CellsSync app can connect to Pydio ?
Could this explanation become a part of the documentation like this ? Running Cells behind a Nginx reverse proxy - Pydio Documentation

2

Hi,

Web & Android app use API so they use normal http.
CellsSync require grpc protocol. Did you enable grpc reverse proxy? As it was commented in nginx config

        grpc_pass grpcs://cells:8080;
        #or
        grpc_pass grpc://cells:8080;
1 Like
3

Hello @c12simple , thanks for your help and sorry for the late reply, I had other stuff (non IT related) to handle…
But I’m back and ready to tackle this issue.

Amongst all the things I tried I already tried this one, like this for example :

image
image602×631 19.3 KB

the problem is that it breaks directly the proxy host in NPM by going offline.

4

Hi,

The location / looks like:

    location /  {
            proxy_buffering off;
            proxy_ssl_verify off;
            proxy_pass https://10.0.0.10:8080$request_uri;

	        grpc_pass grpcs://10.0.0.10:8080;}

            proxy_pass_request_headers on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass_header Date;
            proxy_pass_header Server;
    }

The backend (10.0.0.10) is using a self-signed certificate

5

@c12simple Still having the proxy host offline with the exact code you have.

I made changes since last time in my portainer stack, do you see any problem there ?

version: '3.3'
    
services:

  cells:
    image: pydio/cells:latest
    restart: unless-stopped
    ports:
      - 8080:8080
      - 33060:33060
      - 36013:36013
    volumes:
      - /home/docker/pydio/cellsdir:/var/cells
      - /home/docker/pydio/data:/var/cells/data
      - /mnt/share/yyy:/var/cells/shares/zzz:rw,bind-propagation=rshared
    environment:
      - CELLS_MINIO_ALLOW_CROSSMOUNT=true
      - CELLS_NO_TLS=1
      - CELLS_BIND=192.168.0.151:8080
      - CELLS_EXTERNAL_URL=https://my_domain
      - CELLS_GRPC_EXTERNAL=33060       # external gRPC port for sync apps
      - CELLS_GRPC_EXTERNAL_WS=33060    # external WebSocket port for sync apps

      - CELLS_GRPC_BIND=0.0.0.0:33060
      - CELLS_GRPC_ADVERTISE=my_domain:33060
      - CELLS_GRPC_HTTP_ONLY=true
    networks:
      - proxy
      - npm_net 
      
  mysql:
    image: mysql:8
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: pwd
      MYSQL_DATABASE: cells
      MYSQL_USER: pyd
      MYSQL_PASSWORD: pwd
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
    volumes:
      - /home/docker/pydio/mysqldir:/var/lib/mysql
    networks:
      - proxy

      
networks:
  proxy:
    driver: bridge
  npm_net:
    external: true
    name: nginx-proxy-manager_proxy

volumes:
    data: {}
    cellsdir: {}
    mysqldir: {}
6

Hi

  • Config your cells instance using tls with self-sign certificate.
  • Try to remove all CELLS_GRPC_* envs in docker-compose.yaml. GRPC stuff uses the same http port 8080
7

Hello,

I try to centralize everything using operational or security tools, I’d rather not let the application self handle its own certificate. Is there any other way around this or is it mandatory in order to run well ?

8

Hi,

I mean tls is required (in this case) at cells level.

9

There’s always Let’s Encrypt! :smile:

(that’s what I actually use)