ERR_CONNECTION_CLOSED after Cells installed with Docker and Caddy reversed proxy


#1

(new users can only put 2 links in a post, so I added some * in the links)

I’m using Docker to deploy Pydio Cells, and using Caddy as a reversed proxy.
According to the docs, I set environment variables CELLS_BIND=cells.example.*com:8080, CELLS_EXTERNAL=cells.example.*com and CELLS_NO_SSL=1
My Caddy config:

cells.example.*com {
  log stdout
  tls email@example.*com
  timeouts 0
  
  proxy / localhost:8080 {
    insecure_skip_verify
    transparent
    websocket
  }
}

The installation is completed via Caddy reversed proxy.

But after the installation, it becomes impossible to access Cells web frontend, including from local and public Internet.
Caddy keeps showing 502 Bad Gateway. If access cells.example.com:8080 directly, it shows ERR_CONNECTION_CLOSED (Chrome browser) or connection refused (Linux).
Here is logs about trying connect to Cells from server terminal.

catme0w@instance:~$ curl localhost:8080
curl: (7) Failed to connect to localhost port 8080: Connection refused
catme0w@instance:~$ curl cells.example.*com:8080
curl: (7) Failed to connect to cells.example.com port 8080: Connection refused
catme0w@instance:~$ curl https:/*/cells.example.*com
502 Bad Gateway

Cells logs: https:/*/pastebin.*com/qpNDiwe7


#2

Hi,
using caddy as a reverse proxy a bit tricky, i"m going to take a look at your configuration and see what can be done.

Could you also give me your pydio cells version


#3

Hi,
after a look at it, it seems to be a header issue on the browser(i also cannot access the front with my browser),

when i curl i see this

curl --insecure -I https://192.168.0.164
HTTP/2 302
content-type: text/html; charset=utf-8
date: Thu, 11 Oct 2018 08:59:48 GMT
location: /login
server: Caddy
server: Pydio Cells Home Edition

here’s my caddy file

:443 {
  log stdout

  tls self_signed

  timeouts 0

  # And the rest to pydio
  proxy / 192.168.0.164:8080 {
    insecure_skip_verify
    transparent
    websocket
  }
}

and there my docker config

        ports: ["8080:8080"]
        environment:
            - CELLS_BIND=192.168.0.164:8080
            - CELLS_EXTERNAL=192.168.0.164
            - CELLS_NO_SSL=1


#4

The env CELLS_VERSION is 1.2.0
Docker image ID is sha256:cb3a790a2a0c9704a2308baccc2c9518ed3d1f3a75fb841329ff54649997204f


#5

But I cannot access even from the local network.

...
catme0w@instance:~$ curl cells.example.com:8080
curl: (7) Failed to connect to cells.example.com port 8080: Connection refused
catme0w@instance:~$ curl https://cells.example.com
502 Bad Gateway

I have no idea about it.

Since I have multi subdomains, I cannot listen :443 directly.


#6

Hi,
you are testing a domain name i would assume?
If that’s the case i will take a look at the caddy configuration, otherwise if you try to access to your server directly without using the reverse proxy does it work ?


#7

I’m using a real domain name.
It also doesn’t work everywhere, includes access from localhost or without a reverse proxy.

I tried using Nginx instead of Caddy, the problem is the same. Here is my Nginx config.
The installation progress can be done but unable to access after installation.
The real domain name is replaced by cells.example.com

server {
    listen       80;
    listen       443 ssl;
    server_name  cells.example.com;
    ssl_certificate     /etc/nginx/ssl/cells.example.com/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/cells.example.com/cells.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    charset utf-8;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://localhost:8080;
        proxy_redirect off;
    }
}

#8

Hi,
your proxy should proxy to the external_host of your pydio install and not the internal,
try to change this

with proxy pass <your domain name>.