Login Failed, Unauthorized after clean install on Ubuntu 20.04

Hi all.

I am trying to do a first clean install of Cells on Ubuntu 20.04 and can’t get past initial setup.
I follow the docs and all works before I get to “Finalisation” section and set up a daemon process.
Before I setup ‘systemd’ process, everything works perfectly fine, I have a separate pydio system user, mariadb running (10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04) with a separate pydio db user, just as docs describe. While cells run in a foreground mode things work fine, I can login and logout and login back again.
But right after I added systemd process and run it I can not login anymore with the following log issue:

2022-01-27T12:44:53.897Z        ERROR   pydio.grpc.oauth        Failed to create auth code      {"error": "error"}
2022-01-27T12:44:53.952Z        ERROR   pydio.rest.frontend     Rest Error 401  {"error": "{\"id\":\"login.failed\",\"code\":401,\"detail\":\"Login failed\",\"status\":\"Unauthorized\"}"}

After that I cannot login anymore. I tried turning off and disabling systemd process and just run the cells in a foreground mode, but nothing helps, from now on I just get ‘Login Failed’.
Tried running cells configure command a several times to change certificates from self signed (behind proxy) to no certificates, nothing changes, still the same issue. I really don’t get it :confused:

Hi, so you made sure to set up the Systemd process with User “pydio” as well.
Also you did not let the foreground mode running while starting the systemd service ?

Hey, Charles.
Thank you for joining me here.
If you mean setting

User=pydio
Group=pydio

in the systemd process, just as the docs describe, then yes.

Yes, I made sure to stop foreground mode when starting systemd service.

This is soooo frustrating, i dont get it…
So I reinstall Ubuntu once again, installed MySQL 5.7 instead, went through the configuration process - everything works nice and smooth. But after I run cells configure sites and do smth like this:


and just run pydio in a foreground more with cells start it comes back live (in the same adminsession), so I m already logged in. I clicklog outand from here on I cannot login anymore. It always showsUnauthorized`:

2022-01-29T09:18:40.699Z        INFO    pydio.grpc.data.sync.thumbnails Trying to contact object service data.objects.local1 (retry 1)
2022-01-29T09:18:40.856Z        INFO    pydio.grpc.data.objects.local1  Started
2022-01-29T09:18:40.862Z        INFO    pydio.grpc.data.objects.local1  Starting local objects service local1 on /var/cells/data
2022-01-29T09:18:43.359Z        INFO    pydio.grpc.tree Started
2022-01-29T09:18:43.374Z        INFO    pydio.grpc.data.index   Started
2022-01-29T09:18:43.375Z        INFO    pydio.grpc.data.index   Starting umbrella service pydio.grpc.data.index. with sources   {"sources": ["pydiods1", "personal", "cellsdata", "versions", "thumbnails"]}
2022-01-29T09:18:43.403Z        INFO    pydio.test.objects      Started
2022-01-29T09:18:43.405Z        INFO    pydio.rest.acl  Started
2022-01-29T09:18:43.406Z        INFO    pydio.gateway.grpc      Activating self-signed configuration for gRPC gateway to allow full TLS chain.
2022-01-29T09:18:43.418Z        INFO    pydio.gateway.grpc      Started
2022-01-29T09:18:43.516Z        INFO    pydio.grpc.versions     Started
2022-01-29T09:18:43.518Z        INFO    pydio.rest.tree Started
2022-01-29T09:18:43.520Z        INFO    pydio.gateway.dav       Started
2022-01-29T09:18:43.523Z        INFO    pydio.grpc.search       disabling content indexation in search engine
2022-01-29T09:18:43.539Z        INFO    pydio.grpc.activity     Started
2022-01-29T09:18:43.544Z        INFO    pydio.grpc.search       Started
2022-01-29T09:18:43.560Z        INFO    pydio.rest.meta Started
2022-01-29T09:18:43.564Z        INFO    pydio.rest.activity     Started
2022-01-29T09:18:43.565Z        INFO    pydio.gateway.wopi      Started
2022-01-29T09:18:43.570Z        INFO    pydio.rest.share        Started
2022-01-29T09:18:43.574Z        INFO    pydio.rest.templates    Started
2022-01-29T09:18:43.578Z        INFO    pydio.rest.search       Started
2022-01-29T09:18:44.411Z        INFO    pydio.gateway.proxy     Restarting proxy        {"caddyfile": "\n\n\n\n\n\n\n0.0.0.0:8080 {\n\t\n\n\t\n\n\tpydioproxy /a  pydio.gateway.rest {\n\t\twithout /a\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tpydioproxy /oidc pydio.web.oauth {\n\t\tinsecure_skip_verify\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tpydioproxy /io   pydio.gateway.data {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\tpydioproxy /data pydio.gateway.data {\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\tpydioproxy /buckets pydio.gateway.data {\n\t\twithout /buckets\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\tpydioproxy /ws pydio.gateway.websocket {\n\t\twebsocket\n\t\twithout /ws\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tpydioproxy /dav pydio.gateway.dav {\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Content-Security-Policy \"script-src 'none'\"\n\t\theader_downstream X-Content-Security-Policy \"sandbox\"\n\t}\n\t\n\n\tpydioproxy /plug/ pydio.web.statics {\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Cache-Control \"public, max-age=31536000\"\n\t}\n\tpydioproxy /public/ pydio.web.statics {\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\tpydioproxy /public/plug/ pydio.web.statics {\n\t\tfail_timeout 20s\n\t\twithout /public\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t\theader_downstream Cache-Control \"public, max-age=31536000\"\n\t}\n\tpydioproxy /user/reset-password/ pydio.web.statics {\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\n\tpydioproxy /robots.txt pydio.web.statics {\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\t\n\tpydioproxy /login pydio.web.statics {\n\t\twithout /login\n\t\twith /gui\n\t\tfail_timeout 20s\n\t\theader_upstream Host {host}\n\t\theader_upstream X-Real-IP {remote}\n\t\theader_upstream X-Forwarded-Proto {scheme}\n\t}\n\n\n\tpydioproxy /grpc pydio.gateway.grpc {\n\t\ttls\n\t\twithout /grpc\n\t\tinsecure_skip_verify\n\t\tfail_timeout 20s\n\t}\n\t\n\trewrite {\n\t\tif {>Content-type} has \"application/grpc\"\n\t\tto /grpc/{path}\n\t}\n\n\n\tredir 302 {\n\t\tif {>Content-type} not_has \"application/grpc\"\n\t\tif {>Authorization} not_has \"AWS4-HMAC-SHA256\"\n\t\tif {path} is /\n\t\t/ /login\n\t}\n\n\trewrite {\n\t\tif {>Authorization} has \"AWS4-HMAC-SHA256\"\n\t\tif {path} is / \n\t\tto /buckets{path}\n\t}\n\n\trewrite {\n\t\tif {>Authorization} has \"AWS4-HMAC-SHA256\"\n\t\tif {path} starts_with \"/probe-bucket-sign\"\n\t\tto /buckets{path}\n\t}\n\n\t\n\t\n        pydioproxy /wopi/ pydio.gateway.wopi {\n            transparent\n\t\t\theader_upstream Host {host}\n\t\t\theader_upstream X-Real-IP {remote}\n\t\t\theader_upstream X-Forwarded-Proto {scheme}\n        }\n\n    \n\t\n\t\n\trewrite {\n\t\tif {path} not_starts_with \"/a/\"\n\t\tif {path} not_starts_with \"/oidc/\"\n\t\tif {path} not_starts_with \"/io\"\n\t\tif {path} not_starts_with \"/data\"\n\t\tif {path} not_starts_with \"/buckets\"\n\t\tif {path} not_starts_with \"/ws/\"\n\t\tif {path} not_starts_with \"/plug/\"\n\t\tif {path} not_starts_with \"/dav\"\n\t\t\n\t\tif {path} not_starts_with \"/wopi/\"\n\t\t\n\t\tif {path} not_starts_with \"/loleaflet/\"\n\t\t\n\t\tif {path} not_starts_with \"/hosting/discovery\"\n\t\t\n\t\tif {path} not_starts_with \"/lool/\"\n\t\t\n\t\tif {path} not_starts_with \"/public/\"\n\t\tif {path} not_starts_with \"/user/reset-password\"\n\t\tif {path} not_starts_with \"/robots.txt\"\n\t\tto {path} {path}/ /login\n\t}\n\n\troot \"/a93cfaba-d619-4ae3-93a9-64ca3d06b585\"\n\n\t\n\ttls \"/var/cells/certs/384d4dd7256d68cc284f81ce4d395210.pem\" \"/var/cells/certs/384d4dd7256d68cc284f81ce4d395210-key.pem\"\n\terrors \"/var/cells/logs/caddy_errors.log\"\n\tlog \"/var/cells/logs/caddy_logs.log\"\n}\n\n\n\n\n\t"}
2022-01-29T09:18:44.646Z        INFO    pydio.grpc.data.index.versions  Started
2022-01-29T09:18:44.646Z        INFO    pydio.grpc.data.index.pydiods1  Started
2022-01-29T09:18:44.708Z        INFO    pydio.grpc.data.index.cellsdata Started
2022-01-29T09:18:44.764Z        INFO    pydio.grpc.data.index.thumbnails        Started
2022-01-29T09:18:44.793Z        INFO    pydio.grpc.data.index.personal  Started
2022-01-29T09:18:44.915Z        INFO    pydio.gateway.proxy     Restart done
2022-01-29T09:18:45.242Z        INFO    pydio.grpc.data.sync.pydiods1   Trying to contact object service data.objects.local1 (retry 2)
2022-01-29T09:18:45.254Z        INFO    pydio.grpc.data.sync.pydiods1   Successfully listed objects from bucket pydiods1
2022-01-29T09:18:45.260Z        INFO    pydio.grpc.data.sync.pydiods1   Started
2022-01-29T09:18:45.265Z        INFO    pydio.grpc.data.sync.cellsdata  Trying to contact object service data.objects.local1 (retry 2)
2022-01-29T09:18:45.276Z        INFO    pydio.grpc.data.sync.cellsdata  Successfully listed objects from bucket cellsdata
2022-01-29T09:18:45.286Z        INFO    pydio.grpc.data.sync.cellsdata  Started
2022-01-29T09:18:45.499Z        INFO    pydio.grpc.data.sync.versions   Trying to contact object service data.objects.local1 (retry 2)
2022-01-29T09:18:45.509Z        INFO    pydio.grpc.data.sync.versions   Successfully listed objects from bucket versions
2022-01-29T09:18:45.514Z        INFO    pydio.grpc.data.sync.versions   Started
2022-01-29T09:18:45.670Z        INFO    pydio.grpc.data.sync.personal   Trying to contact object service data.objects.local1 (retry 2)
2022-01-29T09:18:45.679Z        INFO    pydio.grpc.data.sync.personal   Successfully listed objects from bucket personal
2022-01-29T09:18:45.685Z        INFO    pydio.grpc.data.sync.personal   Started
2022-01-29T09:18:45.709Z        INFO    pydio.grpc.data.sync.thumbnails Trying to contact object service data.objects.local1 (retry 2)
2022-01-29T09:18:45.718Z        INFO    pydio.grpc.data.sync.thumbnails Successfully listed objects from bucket thumbs
2022-01-29T09:18:45.723Z        INFO    pydio.grpc.data.sync.thumbnails Started
2022-01-29T09:18:58.008Z        ERROR   pydio.grpc.oauth        Could not create authorize request      {"error": "invalid_request"}
2022-01-29T09:18:58.009Z        ERROR   pydio.rest.frontend     Failed to create auth code      {"error": "error"}
2022-01-29T09:18:58.112Z        ERROR   pydio.grpc.oauth        Could not create authorize request      {"error": "invalid_request"}
2022-01-29T09:18:58.113Z        ERROR   pydio.grpc.oauth        Failed to create auth code      {"error": "error"}
2022-01-29T09:18:58.169Z        ERROR   pydio.rest.frontend     Rest Error 401  {"error": "{\"id\":\"login.failed\",\"code\":401,\"detail\":\"Login failed\",\"status\":\"Unauthorized\"}"}

Edit:
Okay, some progress. Apparently somehow the fact that I specified external url in the cells configure is messing the whole thing causing Unauthorized issue. I deleted the existing external url and recreated with specifying NO external URL and now I can authenticate with no issues

Solution:
What de heck… I setup the nginx reverse proxy but things are still working only if I don’t setup an external URL. Hours later, I realise that my external URL MUST have https:// in front of it.
So, whoever ends up with the same issue as me, make sure to specify https:// in front of your external URL… waster like 3 days :smiley: now on to the next issue with cells syncing

1 Like

This topic was automatically closed 11 days after the last reply. New replies are no longer allowed.