Setting Up Cells on Subdomain with Apache on Ubuntu 22.04

Describe your issue in detail

I am trying to set up Cells to work on a subdomain (cells.example.com). I am used to setting up a vhost file that redirects requests for the subdomain to the port on which an app operates, but have not found success trying this with Cells.

I would appreciate any guidance on this front.

What version of Cells are you using?

Pydio Cells Home Edition Version: 4.4.2 Built: 04 Jun 24 11:49 +0000 Git commit: 370fe5acdad840eaad6f327d2fde210525c14735 OS/Arch: linux/amd64 Go version: go1.21.10

What is the server OS? Database name/version? Browser name or mobile device description (if issue appears client-side)?

Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-112-generic x86_64)
mariadb Ver 15.1 Distrib 10.6.16-MariaDB

What steps have you taken to resolve this issue already?

I have set up a vhost file pointing requests for the desired subdomain to port 8080.

Thank you kindly in advance for your time and attention.

Hi,

That’s a setup that we widely test and use in production (with various reverse proxies, e.g Apache, Caddy, Nginx…) with no problem: it works!

That said, you have to configure Cells and your proxy accordingly: did you follow the instruction from this page: Pydio | Running Cells behind an Apache reverse proxy

If it still doesn’t work, can you please provide more details and the error you see in Apache and in Cells ?

Hello, and thank you for your reply,

I apologize for my belated response.

I somehow missed that page in my searches, but after following it (using the recommended settings regarding localhost, &c.), visiting the subdomain yields a blank page with the singular message:

Client sent an HTTP request to an HTTPS server.

This happens even when I explicitly type https:// into the URL field.

The relevant error from /var/log/apache2/error.log is:

[Mon Jun 17 02:08:22.418560 2024] [proxy_http:error] [pid 167196:tid 140379143738944] (104)Connection reset by peer: [client REDACTED] AH01110: error reading response

Actually, with the localhost config, Cells froze on startup. I had to kill the process.

************************************************************
✗ Error while starting discovery server:
✗ server.Start grpc: listen tcp 127.0.0.1:8030: bind: address already in use
✗ FATAL : shutting down now!
************************************************************
Error: no discovery server

I have no idea where 8030 is coming from.

Changing the relevant fields to 127.0.0.1 in vhost and config allows Cells to start, but does not change the error in the browser.

Could you please provides the results of the cells configure sites command and your Apache configuration file ?
From what you describe, it seems that you are missing something.

cells configure sites:

The following sites are currently defined:
+---+------------------------+-------------+----------------------------------+
| # |        BIND(S)         |     TLS     |           EXTERNAL URL           |
+---+------------------------+-------------+----------------------------------+
| 0 | https://127.0.0.1:8080 | Self-signed | https://cells.my.site            |
+---+------------------------+-------------+----------------------------------+

/etc/apache2/sites-enabled/cells.my.site.conf:

<VirtualHost *:80>
    ServerName cells.my.site
    ServerAlias www.cells.my.site
    
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    RewriteCond %{SERVER_NAME} =cells.my.site
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName cells.my.site
    AllowEncodedSlashes On
    RewriteEngine On
    SSLProxyEngine On

    ## The order of the directives matters.
    # If Cells is not running with https, consider using ws instead of wss
    ProxyPassMatch "/ws/(.*)" wss://127.0.0.1:8080/ws/$1 nocanon

    ## This rewrite condition is required if using Cells-Sync
    # RewriteCond %{HTTP:Content-Type} =application/grpc [NC]
    # RewriteRule /(.*) h2://127.0.0.1:8080/$1 [P,L]

    ProxyPass "/" "https://127.0.0.1:8080/"
    ProxyPassReverse "/" "https://127.0.0.1:8080/"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/cells.my.site/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cells.my.site/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Anything jumping out?

Hi,

It seems you lack the directives to authorize Apache to accept the Cells self-signed certificate:

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off`

You should also add nocanon at the end of these 2 lines:

ProxyPass "/" "https://127.0.0.1:8080/"
ProxyPassReverse "/" "https://127.0.0.1:8080/"

Hello again, and thank you always for your help.

I pulled that conf file’s contents straight from the documentation, only changing the relevant info. What would be different for me that I have to add extra things?

These changes do not have any visible effect.

Using cells configure sites to change to using a custom certificate (using a certificate generated by certbot) yields a 503 page with the following content:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.52 (Ubuntu) Server at cells.my.site Port 443