Error: server closed the stream without sending trailers

I currently have Cells running behind Nginx Proxy Manager(NPM). All with the web UI and mobile app work as expected.
However the CellsSync app give me the error message: server closed the stream without sending trailers.
image

In NPM I feel like I need to add something to the config just unsure about what that would be as NPM is outside my greater knowledge. The image shows the options and setup in NPM and finally the .cong file which it creates.

Output of config on NPM:

server {
set $forward_scheme https;
set $server “192.168.1.208”;
set $port 443;

listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443;

server_name pydio.example.com;

Let’s Encrypt SSL

include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

access_log /data/logs/proxy_host-2.log proxy;

location / {

proxy_set_header Upgrade $http_upgrade;                                               
proxy_set_header Connection $http_connection;                                         
proxy_http_version 1.1;                                                               
                                                                                      
# Proxy!                                                                              
include conf.d/include/proxy.conf;                                                    

}

Custom

include /data/nginx/custom/server_proxy[.]conf;
}

I believe that it is a grpc issue and NPM not passing data correctly.
Any guidance would be appreciated. Thanks;
Steven

Hello,
Indeed, gRPC requires http/2 support - can you enable that?
-c

I have attempted using the info I found here. which never seemed to work and actually killed my proxy host from running so I definitely did something wrong.

I have enabled http/2 support & added location for gPRC, now when attempting to make a connection I get " cannot connect (408 Timeout): the gRPC port may not be correctly opened in the server" as an error. So progress but still missing something.

Thanks again for any help.

Current .cong file:

server {
  set $forward_scheme https;
  set $server         "192.168.1.208";
  set $port           443;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443;


  server_name pydio.xxxx.com;


  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;


  access_log /data/logs/proxy_host-2.log proxy;

proxy_send_timeout   600;^M
proxy_read_timeout   600;^M
proxy_request_buffering off;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_pass       https://192.168.1.208:34639;
    grpc_pass grpcs://192.50.0.1:34639;
  }


  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

Just to make sure can you remind us how Cells Sites are configured? Can you print out the content of cells configure sites ?

Here is the config.

±–±-------------------------------±------------±---------------------------+
| # | BIND(S) | TLS | EXTERNAL URL |
±–±-------------------------------±------------±---------------------------+
| 0 | https://192.168.1.208:443, | Self-signed | https://pydio.xxx.com |
| | https://pydio.xxx.com:443 | | |
±–±-------------------------------±------------±---------------------------+

so why port 34639 in the proxy ? (just to understand)

I took the port info for gprc from the Pydio services page was that a mistake?

Hi @mudvane
Oh ! Yes it’s a mistake :slight_smile: The ports displayed here are internal ports. They are exposed to the outside world only via the main Gateway, which is basically an embedded proxy. As you are using TLS, GRPC is simply exposed on 443, so you do not have to specify this port.
Best
-c

@charles ,
So below is what I have as my conf file in Nginx Proxy Manager, with that I still receive the error:

cannot connect to discovery endpoint: Get https://pydio.domain.com/a/config/discovery: stopped after 10 redirects

Would you have a direction how do I over come this road block?

Current config of NPM:

# ------------------------------------------------------------                                                        
# pydio.domain.com                                                                                                  
# ------------------------------------------------------------                                                        
                                                                                                                      
server {                                                                                                              
  set $forward_scheme https;                                                                                          
  set $server         "192.168.1.208";                                                                                
  set $port           443;                                                                                            
                                                                                                                      
  listen 80;                                                                                                          
listen [::]:80;                                                                                                       
                                                                                                                      
listen 443 ssl http2;                                                                                                 
listen [::]:443;                                                                                                      
                                                                                                                      
  server_name pydio.domain.com;                                                                                     
                                                                                                                      
  # Let's Encrypt SSL                                                                                                 
  include conf.d/include/letsencrypt-acme-challenge.conf;                                                             
  include conf.d/include/ssl-ciphers.conf;                                                                            
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;                                                          
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;                                                        
                                                                                                                      
# Asset Caching                                                                                                       
  include conf.d/include/assets.conf;                                                                                 
                                                                                                                      
                                                                                                                      
  # Block Exploits                                                                                                    
  include conf.d/include/block-exploits.conf;                                                                         
                                                                                                                      
                                                                                                                      
                                                                                                                      
  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)                                            
  add_header Strict-Transport-Security "max-age=31536000;includeSubDomains; preload" always;                          
                                                                                                                      
  access_log /data/logs/proxy_host-2.log proxy;                                                                       
                                                                                                                      
  location / {                                                                                                        
                                                                                                                      
    # Force SSL                                                                                                       
    include conf.d/include/force-ssl.conf;                                                                            
                                                                                                                      
                                                                                                                      
  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)                                            
  add_header Strict-Transport-Security "max-age=31536000;includeSubDomains; preload" always;                          
                                                                                                                      
    proxy_set_header Upgrade $http_upgrade;                                                                           
    proxy_set_header Connection $http_connection;                                                                     
    proxy_http_version 1.1;                                                                                           
                                                                                                                      
    # Proxy!                                                                                                          
    include conf.d/include/proxy.conf;                                                                                
  }                                                                                                                   
                                                                                                                      
                                                                                                                      
  # Custom                                                                                                            
  include /data/nginx/custom/server_proxy[.]conf;                                                                     
}

Updating on this as I continue to try and get the sync client functioning but still fail to get the client to connect to the server. Currently when trying to connect to the Pydio Cells server I receive a message of “Forbidden” now. Is there a means to find out what is blocking the connection how?

I am also struggling with this! Can’t wrap my mind around it… Pydio-cells in docker - Nginx proxy manager - Cloudflare (not proxied at the moment). Works perfect with web but the sync client doesn’t work. I have Letsencrypt certs and HTSP/2 enabled and there’s https is between Nginx and Pydio-cells docker machine. Error message in cells-sync is “server closed the stream without sending trailers”.

Switched to Traefik instead of Nginx Proxy manager, now it works like a charm!