I followed the documentation to get Cells working. I can get access to webpages, WS, perfect. However, from the client, I always switch between an 408 GRPC error or a context deadline error.
The /a/config/discovery returns the correct GPRC port.
My reverse proxy configuration is as follow :
# Global SSL configuration is already set
server {
listen 443 ssl http2;
server_name pydio;
location / {
proxy_pass http://pydio:8080;
#grpc_pass grpcs://pydio:8080;
}
location /ws/ {
proxy_pass http://pydio:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 33060 http2; # I tried with and without ssl
location / {
grpc_pass grpcs://pydio:33060;
}
}
From my understanding of your configuration, you do not have TLS enabled on Cells,
on Cells grpc requires TLS to be enabled, you can either set the value to 0 or remove it (by default TLS is enabled).
If you already have installed and configured Cells, you might have to run cells configure sites command and put enable the setting, mind that you are inside a container so you will have to expose ports and such.
For more details, I went to check TLS configuration again and the documentation states :
You can finally fully disable TLS and let Cells serve connections over HTTP. This is not recommended but is good enough for testing or development. In that case, just beware that the gRPC gateway (required for CellsSync) will be exposed on a separate port that must be opened in the firewall, if any.
In this case, it should still be working with my current configuration.
Today, I tried with generated self-signed certificates and with custom certificates managed by me to no avail.
With these configuration, it seems that I do not need the GRPC_EXTERNAL and it chooses a random port automatically. Still, I now get a “Forbidden” error and nothing else, whatever the log I’m searching for.
When you have TLS on cells, you can omit the GRPC_EXTERNAL env and just proxy the grpc traffic to location / with grpcs://yourcells;,.
It could be confusing I would have to admit, but to try to describe it simply
if you have TLS on cells, you just need to proxy the grpc with the grpcs directive, without using GRPC_EXTERNAL and such.
But in the case that you want to have your cells running with no TLS then you have to use the GRPC_EXTERNAL to set a fixed port for grpc and then proxy the grpc traffic to that port.
If your setup does not require you to have http, then I would advise you to have tls with (self-signed) it will make it easier otherwise we can look together on how to configure it.
However, I’m still stuck with the error “Forbidden”.
I use custom self signed certificates, I have access to the web interface, I see Pydio preparing its full chain :
{“level”:“info”,“ts”:“2021-08-31T04:16:08Z”,“logger”:“pydio.gateway.grpc”,“msg”:“Activating self-signed configuration for gRPC gateway to allow full TLS chain.”}
I apologize for the delay, i’m setting up a docker install that looks like your to try to reproduce and understand what is happening, I will keep you updated (in an hour or two).
For information, same error with Docker without reverse proxy using -my- LetsEncrypt certs (not using Pydio ones).
I install the MSI from the website. However, the installer ends without any message and I need to go to %appdata%…\Local\CellsSync to find an .exe and try to use it. Maybe it is the root of all our problems ?