[Solved] Can't acces pydio cell behind apache reverse proxy

Tamtrum · March 12, 2019, 7:31pm

Hello!
I try to install pydio cell with apache reverse proxy
For the internal URL i use the local IP of the computer (172.16.4.1:8080)
For the external URL i use a domain (https://cells.example.com)
I dissabled the SSL LetsEncrypt cause i generete the certs with certbot certonly, and this is my Apahce conf file:

<VirtualHost *:80>
    ServerName cells.example.com
    ServerSignature Off

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>
      
ErrorLog "/var/log/httpd/sites-cells-error.log"
CustomLog "/var/log/httpd/sites-cells-access.log" common
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  
  ServerName cells.example.com
  # May be necessary for API direct accesses
  AllowEncodedSlashes On
  RewriteEngine On
  SSLEngine On
   # Make sure to proxy SSL
  SSLProxyEngine On
  # Disable SSLProxyCheck : maybe necessary if Cells is configured with self_signed
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  SSLProxyVerify none

  # Proxy WebSocket
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           wss://172.16.4.1:8080/$1 [P,L]
   # Finally simple proxy instruction
  ProxyPass "/" "https://172.16.4.1:8080/"
  ProxyPassReverse "/" "https://172.16.4.1:8080/"

  #Uncomment if you are going to use SSL
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/cells.example.com/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/cells.example.com/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/cells.example.com/chain.pem"

  ErrorLog /var/log/httpd/cells-error-ssl.log
  CustomLog /var/log/httpd/cells-access-ssl.log combined
</VirtualHost>
</IfModule>

And whe i try to access to my domain i get a proxy error:

Someone have any idea of what i doing wrong?

Im working with Centos 7 i dont have any firewall active

Thanks for your help and sorry for my english

rossbeazley · March 13, 2019, 7:20am

Your English is great, don’t worry.

Have you installed cells with SSL totally disabled? In which case your proxy pass directives should NOT include https. For example

ProxyPass “/” “http://172.16.4.1:8080/”

The same is true for the reverse directive

Maybe you could try that?

zayn · March 13, 2019, 8:18am

Hi & welcome @Tamtrum ,
as @rossbeazley pointed it out, if your pydio cells is not set with SSL, you must change the proxyPass, to http.

i guess your setup would look like this, cells(http) -> proxy(https) therefore your proxy will use http to communicate with cells, whereas the browser(for instance) will communicate only in https with the proxy while using cells.

Tamtrum · March 15, 2019, 6:15pm

Hello!
I set it on https with Let’sEncrypt, i generate the certificates on a previous step with certbot certonly…
I configure my apache virtualhost with https on my proxy values, and on my cells external url, but, i can’t connect to my cells instance, my error changed and now it is:

Now i check my apache error log and i foud this error:

[proxy:error] [pid 4875] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.4.1:8080 (172.16.4.1) failed
[Wed Mar 13 09:57:37.854175 2019] [proxy:error] [pid 4875] AH00959: ap_proxy_connect_backend disabling worker for (172.16.4.1) for 60s
[proxy_http:error] [pid 4875] [client myPublicIP:37648] AH01114: HTTP: failed to make connection to backend: 172.16.4.1, referer: https://cells.example.com/

What i doing worng?

And thaks again for all your help!

zayn · March 18, 2019, 8:09am

Hi,
let’s take a step back,
could you give me the url of the proxy, the ip of the server on which your cells is running.

Tamtrum · March 18, 2019, 5:06pm

The apache server is in the same IP of the Pydio Cells (apache and Cells coexist on the same server), this server has the local IP: 172.16.4.1 and one public IP…
I try connect in the internal URL to the local IP (172.16.4.1), and the external URL i set the domain who’s point to the public IP with an A record…

I try serverals configuration for my Cells instance, with localhost, 0.0.0.0 and 127.0.0.1 on my apache configuration and pydio cells config…

This are my configuration steps:

./cells install
Command line install
Internal URL: 172.16.4.1:8080
Provide paths to certificate/key files—> Set to my let’s encrypt certs path
I redirect al traffic to https
My external URL is https://cells.example.com
My SQL Connection is on TCP
Host of my MySQL instance
DB port set as default 3306
DB user
DB password
All connections its Ok
Create Pydio Cells username
Create Pygio Cells password
And start with ./cells start

My apache reverse proxy have this config and listen on port 80 and 443…
ProxyPass “/” “https://172.16.4.1:8080”
ProxyPassReverse “/” “https://172.16.4.1:8080”

I restart apache…

And this is all what i do

Again thanks for the help!

zayn · March 19, 2019, 8:14am

Hi,
i would advise you to run cells with http, and put ssl on your reverse proxy
cells —http—> proxy —https—> clients.

For instance run cells on internal 172.16.4.1:8080 and external https://172.16.4.1
then on your proxy you use port 443 with your certificates,
and proxy pass will be the internal url of cells in this case:
http://172.16.4.1:8080

Tamtrum · March 19, 2019, 6:40pm

Excelent! This solve my problem!

Thanks for your help!

Topic		Replies	Views
Pydio Cells - External URL - WebSocket Closed Connection Issue Pydio Cells	1	1323	September 14, 2018
Can't access Cells behind a Caddy reverse proxy Pydio Cells install	4	3674	June 4, 2019
Nginx proxy reverse (Pydio Cells 1.0) Pydio Cells nginx , ubuntu	5	3823	July 11, 2018
Running Cells behind an Apache reverse proxy Pydio Cells	3	936	December 19, 2019
Change external URL, maybe? Pydio Cells	16	3382	May 16, 2023

[Solved] Can't acces pydio cell behind apache reverse proxy

Related Topics