General Reverse Proxy Issues

Pydio Cells
5

Hi Zayn,

Thanks for offering to take a look. My config is summarised below, but also in this thread: Issues Running Behind Traefik

When trying to connect from outside the network, I get the login screen, enter credentials, then get a blank screen. In the docker container log, I get:

2019-02-20T02:25:16.269Z	INFO	pydio.web.auth	Login	{"identity": {"UserID":"b1cde705-c271-4da4-9bc0-dca04f360682","Username":"geoff","Email":"","EmailVerified":true,"Groups":[],"AuthSource":"pydioapi","DisplayName":"","Profile":"admin","Roles":["ROOT_GROUP","ADMINS","ADMINS","b1cde705-c271-4da4-9bc0-dca04f360682"],"GroupPath":"/","ConnectorData":null}}
2019-02-20T02:25:24.758Z	ERROR	pydio.rest.frontend	cannot init oidc provider	{"error": "Get https://files.wanderingcarbon.com/auth/dex/.well-known/openid-configuration: dial tcp 71.136.153.141:443: connect: connection timed out"}
2019-02-20T02:26:56.918Z	ERROR	pydio.rest.frontend	Rest Error 401	{"error": "Post https://files.wanderingcarbon.com/auth/dex/token: dial tcp 71.136.153.141:443: connect: connection timed out"}

Summarising, Traefik itself is set up in Docker as so:

version: "3.7"
services:
  traefik:
    image: traefik:latest
    command:
      - "--logLevel=INFO"
      - "--accessLog"
      - "--api"
      - "--api.entryPoint=api"
      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
      - "--entrypoints=Name:https Address::443 TLS"
      - "--entrypoints=Name:api Address::8686"
      - "--defaultentrypoints=http,https"
      - "--acme"
      - "--acme.storage=/certificates/acme.json"
      - "--acme.entryPoint=https"
      - "--acme.tlsChallenge"
      - "--acme.onHostRule=true"
      - "--acme.onDemand=false"
      - "--acme.email=myemail@gmail.com"
      - "--docker"
      - "--docker.endpoint=tcp://docker-proxy:2375"
      - "--docker.swarmMode"
      - "--docker.domain=wanderingcarbon.com"
      - "--docker.watch"
      - "--docker.exposedbydefault=false"
    volumes:
      - /opt/traefik/acme.json:/etc/traefik/acme/acme.json
      - traefik-public-certificates:/certificates
    networks:
      - webgateway
    ports:
      - mode: ingress
        target: 80
        published: 80
      - mode: ingress
        target: 443
        published: 443
      - "8686:8686"
    secrets:
      - web_htpasswd
    deploy:
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure

And Cells:

version: '3.7'
services:
  cells:
    image: pydio/cells:latest
    command: [ '/bin/sh', '-c', 'echo `tail -1 /etc/hosts | cut -f 1` > /home/ip.txt; sed -i "/PeerAddress/ s/: .*/: \"`cat /home/ip.txt`\",/g" /root/.config/pydio/cells/pydio.json; exec /bin/docker-entrypoint.sh cells start' ]
    volumes: 
      - cells-config:/root/.config
      - cells-nas-media:/home/media/nfs/video
    environment:
      CELLS_BIND: '0.0.0.0:8080'
      CELLS_EXTERNAL: 'files.wanderingcarbon.com'
      CELLS_NO_SSL: '1'
      PYDIO_LOGS_LEVEL: 'info'
    networks:
      - webgateway
    hostname: cells
    deploy:
        labels:
          traefik.enable: 'true'
          traefik.backend: 'cells'
          traefik.docker.network: 'webgateway'
          traefik.frontend.passHostHeader: 'true'
          traefik.frontend.rule: 'Host:files.wanderingcarbon.com'
          traefik.port: '8080'

Note that after initial setup I shell into the container and

vi /root/.config/pydio/cells/pydio.json

Then update the defaults section to replace the 0.0.0.0 with my FQDN:

  "defaults": {
    "database": "dcdc65c150dab541b4cd1ee18e35b446d78b2867",
    "datasource": "pydiods1",
    "url": "https://files.wanderingcarbon.com",
    "urlInternal": "http://files.wanderingcarbon.com:8080"
  },

Thanks for any suggestions!