Pydio logs out every 15 minutes: "invalid_request"

Pydio Cells
,
1

Describe your issue in detail

Every 15 minutes, independent of which client I use, my session expires and I am logged out. I’ve actually confirmed this with someone else also running a pydio cells instance (both behind NGINX which is the only thing I can think that would affect it at this point) that they have the same issue. Here’s the error log when the client attempts to refresh the token:

HttpProtocol : HTTP/1.0
JsonZaps : {"ContentType":"application/json"}
Level : error
Logger : pydio.rest.frontend
Msg : Rest Error 401 - {"Id":"","Code":0,"Detail":"invalid_request","Status":""}
RemoteAddress : [recacted ipv6]:6e4c:7f09127.0.0.1
SpanUuid : 2491a3d3-f6a2-4647-882e-4db31c97eae0
Ts : 1698610844
UserAgent : Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

What version of Cells are you using?

Pydio 4.3

What is the server OS? Database name/version? Browser name or mobile device description (if issue appears client-side)?

Inside docker container, host is Debian 12.
Another instance without docker on Debian 12 has had the same problems.
Clients have included:
Firefox and Chrome (Linux, Android, iOS, Windows 10)
Android App

What steps have you taken to resolve this issue already?

I’ve looked through Hydra’s code to no avail, from the client side I see no difference between my instance and the demo instance (but that one does NOT exhibit this issue,) nor can I find any nginx configuration options to change the behavior (config below.)

server {
    include snippets/snakeoil.conf;
        root /home/smokeping/htdocs;
        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html smokeping.fcgi;
        server_name [domain];
    # Allow any size file to be uploaded
    client_max_body_size 0;
    # Disable buffering
    proxy_buffering off;
    proxy_ssl_server_name on;
    proxy_ssl_verify off;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-For $remote_addr;
    proxy_set_header  X-Forwarded-Host $remote_addr;
	add_header Strict-Transport-Security "max-age=31536000" always;
	proxy_set_header Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    location / {
        if ($http_content_type = "application/grpc") {
            grpc_pass grpcs://127.0.0.1:8080;
        }
        proxy_pass https://127.0.0.1:8080;
    }
    # Enable the websocket
    location /ws/ {
        proxy_pass https://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
   # Necessary to use Collabora (online edition of office documents)
   location /cool/ {
        proxy_pass https://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
    listen [ipv6 addr]:443 ssl http2;

    ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem; # managed by Certbot
}
server {
    return 301 https://$host$request_uri;
        listen [ipv6 addr]:80;
        server_name pydio.clickable.systems;
    return 404; # managed by Certbot
}

At this point I’m pulling my hair out trying to figure out the problem, as the error message is incredibly vague and it just keeps happening.

2

Hi,

It’s usually the problem of difference of cookie domain vs actual domain in address bar.

Try to use “configure sites” (cells configure sites | Pydio) then browse cells with domain name.

3

My nginx config is rather simple. Just to share with you: I don’t recall having the issues after I resolved my upload 403 issue by disabling proxy_request_buffering. But now, I have migrated to caddy, which is way more simpler than caddy, and no issues so far. No lengthy essays required.

server {

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name <redacted>;
    include honami/snippets/<redacted>/ssl;
#    ssl_verify_client optional_no_ca;

    # our magic
    client_max_body_size 0;
#    proxy_read_timeout   86400;
    proxy_socket_keepalive on;
#    proxy_connect_timeout 300;

    # minio magic
#    ignore_invalid_headers off;
#    proxy_buffering off;
    proxy_request_buffering off;

    location / {
        # minio magic
#        proxy_set_header Host $server_host;
#        proxy_set_header X-Real-IP $remote_addr;
#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;

        location /ws/ {
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            proxy_pass http://localhost:8080;
        }

        # our magic
        proxy_set_header Connection "";

        proxy_pass http://localhost:8080;
#        proxy_redirect http://$server_name:8334/ $scheme://$server_name/disk/;
    }

}

server {

    listen 80;
    listen [::]:80;
    server_name <redacted>;

    include honami/snippets/common/redir-https;

    include honami/snippets/common/acme.sh;

}

This is my caddy config:

<redacted> {

        handle /* {
                reverse_proxy * https://localhost:8080 {
                        header_up Host {upstream_hostport}
                        transport http {
                                tls
                                tls_insecure_skip_verify
                        }
                }
        }

}
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.