[Solved] Can't acces pydio cell behind apache reverse proxy


#1

Hello!
I try to install pydio cell with apache reverse proxy
For the internal URL i use the local IP of the computer (172.16.4.1:8080)
For the external URL i use a domain (https://cells.example.com)
I dissabled the SSL LetsEncrypt cause i generete the certs with certbot certonly, and this is my Apahce conf file:

<VirtualHost *:80>
    ServerName cells.example.com
    ServerSignature Off

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>
      
ErrorLog "/var/log/httpd/sites-cells-error.log"
CustomLog "/var/log/httpd/sites-cells-access.log" common
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  
  ServerName cells.example.com
  # May be necessary for API direct accesses
  AllowEncodedSlashes On
  RewriteEngine On
  SSLEngine On
   # Make sure to proxy SSL
  SSLProxyEngine On
  # Disable SSLProxyCheck : maybe necessary if Cells is configured with self_signed
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  SSLProxyVerify none

  # Proxy WebSocket
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           wss://172.16.4.1:8080/$1 [P,L]
   # Finally simple proxy instruction
  ProxyPass "/" "https://172.16.4.1:8080/"
  ProxyPassReverse "/" "https://172.16.4.1:8080/"

  #Uncomment if you are going to use SSL
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/cells.example.com/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/cells.example.com/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/cells.example.com/chain.pem"

  ErrorLog /var/log/httpd/cells-error-ssl.log
  CustomLog /var/log/httpd/cells-access-ssl.log combined
</VirtualHost>
</IfModule>

And whe i try to access to my domain i get a proxy error:

Someone have any idea of what i doing wrong?

Im working with Centos 7 i dont have any firewall active

Thanks for your help and sorry for my english


#2

Your English is great, don’t worry.

Have you installed cells with SSL totally disabled? In which case your proxy pass directives should NOT include https. For example

ProxyPass “/” “http://172.16.4.1:8080/

The same is true for the reverse directive

Maybe you could try that?


#3

Hi & welcome @Tamtrum ,
as @rossbeazley pointed it out, if your pydio cells is not set with SSL, you must change the proxyPass, to http.

i guess your setup would look like this, cells(http) -> proxy(https) therefore your proxy will use http to communicate with cells, whereas the browser(for instance) will communicate only in https with the proxy while using cells.


#4

Hello!
I set it on https with Let’sEncrypt, i generate the certificates on a previous step with certbot certonly…
I configure my apache virtualhost with https on my proxy values, and on my cells external url, but, i can’t connect to my cells instance, my error changed and now it is:

Now i check my apache error log and i foud this error:

[proxy:error] [pid 4875] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.4.1:8080 (172.16.4.1) failed
[Wed Mar 13 09:57:37.854175 2019] [proxy:error] [pid 4875] AH00959: ap_proxy_connect_backend disabling worker for (172.16.4.1) for 60s
[proxy_http:error] [pid 4875] [client myPublicIP:37648] AH01114: HTTP: failed to make connection to backend: 172.16.4.1, referer: https://cells.example.com/

What i doing worng?

And thaks again for all your help!


#5

Hi,
let’s take a step back,
could you give me the url of the proxy, the ip of the server on which your cells is running.


#6

The apache server is in the same IP of the Pydio Cells (apache and Cells coexist on the same server), this server has the local IP: 172.16.4.1 and one public IP…
I try connect in the internal URL to the local IP (172.16.4.1), and the external URL i set the domain who’s point to the public IP with an A record…

I try serverals configuration for my Cells instance, with localhost, 0.0.0.0 and 127.0.0.1 on my apache configuration and pydio cells config…

This are my configuration steps:

  • ./cells install
  • Command line install
  • Internal URL: 172.16.4.1:8080
  • Provide paths to certificate/key files—> Set to my let’s encrypt certs path
  • I redirect al traffic to https
  • My external URL is https://cells.example.com
  • My SQL Connection is on TCP
  • Host of my MySQL instance
  • DB port set as default 3306
  • DB user
  • DB password
    All connections its Ok
  • Create Pydio Cells username
  • Create Pygio Cells password
  • And start with ./cells start

My apache reverse proxy have this config and listen on port 80 and 443…
ProxyPass “/” “https://172.16.4.1:8080
ProxyPassReverse “/” “https://172.16.4.1:8080

I restart apache…

And this is all what i do

Again thanks for the help!


#7

Hi,
i would advise you to run cells with http, and put ssl on your reverse proxy
cells —http—> proxy —https—> clients.

For instance run cells on internal 172.16.4.1:8080 and external https://172.16.4.1
then on your proxy you use port 443 with your certificates,
and proxy pass will be the internal url of cells in this case:
http://172.16.4.1:8080


#8

Excelent! This solve my problem!

Thanks for your help!


closed #9