Running Cells in addition to Apache on Debian Buster

Hi guys!

I’ve been running pydio for a number of years without issues. When cells was released I tried to upgrade several times with to no avail…
Today, I’ve got a new server, so instead of rsyncing everything from old to new, I’ve decided to start with a fresh install. I’m hosting a website with Apache and would like to serve/transfer files with cells. Install went fine but I’m struggling with running both Apache and cells on the same machine. I always end up with “bind address already in use”. My guess is I need to use a reverse proxy, but I have no idea how…

Help would be greatly appreciated!

Thanks!

Hello @matthewoliver ,

Cells has an embedded webserver, by default it will bind on 0.0.0.0:443 if you wish to use this port with apache, I would advise you to run the command ./cells configure sites and change the bind port to for instance 8080 then in your Apache reverse proxy config you can proxy the requests to localhost:8080.

If was not clear do not hesitate to ping me for me details.

1 Like

Hi @zayn, thanks for the reply. Following the reverse-proxy docs, I added a new virtualhost. Can’t paste it here as I can’t post more than 2 links (because I’m a noob apparently)

But now I’m getting this error: Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
And in pydio output I get this: INFO pydio.gateway.proxy Service failed to start - restarting in 10s {“error”: “ErrServiceStartNeedsRetry - listen tcp :8080: bind: address already in use”}

Hello @matthewoliver ,

it is indicating that the port 8080 is already used, make sure that the port is free and not bound to any software otherwise you can set another port with the command: ./cells configure sites.

Here are 2 samples to illustrate a simple apache2 + cells setup.

Assuming that I have the following configuration on Cells
(you can swap the port 8080 by any port of your choice)

pydio@cells-test:~$ ./cells configure sites
The following sites are currently defined:
+---+-----------------------+--------+------------------------------------------------+
| # |        BIND(S)        |  TLS   |                  EXTERNAL URL                  |
+---+-----------------------+--------+------------------------------------------------+
| 0 | http://localhost:8080 | No Tls | https://my-reverse-proxy.eu  |
+---+-----------------------+--------+------------------------------------------------+

and apache2 conf

<VirtualHost *:80>
    ServerName my-reverse-proxy.eu.eu
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{SERVER_NAME} =cells-staging.your-files-your-rules.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName my-reverse-proxy.eu.eu
    AllowEncodedSlashes On
    RewriteEngine On

    ProxyPass / http://localhost:8080/ nocanon
    ProxyPassReverse / http://localhost:8080/ nocanon

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/my-reverse-proxy.eu/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my-reverse-proxy.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

The certificate directives are created by certbot, but it will give you a global view of the setup.

Also make sure to add the websocket reverse proxy directives, see our documentation:

Hi @zayn, thanks for your help!
Still getting errors… but I’ll keep trying!

Hello @matthewoliver ,

Did you manage to have your install running or are you still having issues, if that is the case would like more help ?

1 Like

Hi @zayn,

Thanks for your reply! I’m actually still struggling… Is there a way I can send you my httpd.conf? So you can help me add the necessary directives to allow cells in a reverse apache2 proxy?

Hello @matthewoliver

we try to avoid private communication for problem solving, so that the errors of some can benefit others.
(it is another story if you subscribe to our support service :wink: )

Anyway, do you have any errors in your apache logs when you try to reach the server ?
Could you first try to manage exposing a simple webpage with SSL behind your apache reverse proxy ?

Hi @bsinou,

As a “newbie”, I can’t post more than 2 links (either logs or httpd.conf contain more than 2 links…) hence wanting to send either to @zayn via pm to avoid forum restrictions. That doesn’t prevent me from publicly posting the solution when it is found!

Here’s my default.conf:

VirtualHost matthewoliver.fr:443
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@matthewoliver.fr
    ServerName matthewoliver.fr

#AllowEncodedSlashes On
#RewriteEngine On
#ProxyPass / http://localhost:9000/ nocanon
#ProxyPassReverse / http://localhost:9000/ nocanon
#Redirect / https://matthewoliver.fr/

#Available loglevels: trace8, …, trace1, debug, info, notice, warn,
#error, crit, alert, emerg.
#It is also possible to configure the loglevel for particular
#modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
    DocumentRoot /var/www
    SSLEngine on
    SSLProtocol +TLSv1.2 +TLSv1.3
    SSLCertificateFile /etc/webmin/letsencrypt-cert.pem
    SSLCertificateKeyFile /etc/webmin/letsencrypt-key.pem
    SSLCACertificateFile /etc/webmin/letsencrypt-ca.pem

#For most configuration files from conf-available/, which are
#enabled or disabled at a global level, it is possible to
#include a line for only one particular virtual host. For example the
#following line enables the CGI configuration for this host only
#after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

#Proxy WebSocket
#RewriteCond %{HTTP:Upgrade} =websocket [NC]
#RewriteRule /(.) wss://127.0.0.1:8080/$1 [P,L]
#ProxyPassMatch "/ws/(.
)" ws://192.168.0.172:8080/ws/$1 nocanon
#for ssl
#ProxyPassMatch “/ws/(.*)” wss://91.121.103.88/ws/$1 nocanon
VirtualHost

Hello @matthewoliver

Could you please edit your post so that it is correctly displayed ? Right now it’s (too) cumbersome to read.

Thx.