[Solved] Can't acces pydio cell behind apache reverse proxy

Hello!
I try to install pydio cell with apache reverse proxy
For the internal URL i use the local IP of the computer (172.16.4.1:8080)
For the external URL i use a domain (https://cells.example.com)
I dissabled the SSL LetsEncrypt cause i generete the certs with certbot certonly, and this is my Apahce conf file:

<VirtualHost *:80>
    ServerName cells.example.com
    ServerSignature Off

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>
      
ErrorLog "/var/log/httpd/sites-cells-error.log"
CustomLog "/var/log/httpd/sites-cells-access.log" common
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  
  ServerName cells.example.com
  # May be necessary for API direct accesses
  AllowEncodedSlashes On
  RewriteEngine On
  SSLEngine On
   # Make sure to proxy SSL
  SSLProxyEngine On
  # Disable SSLProxyCheck : maybe necessary if Cells is configured with self_signed
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  SSLProxyVerify none

  # Proxy WebSocket
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           wss://172.16.4.1:8080/$1 [P,L]
   # Finally simple proxy instruction
  ProxyPass "/" "https://172.16.4.1:8080/"
  ProxyPassReverse "/" "https://172.16.4.1:8080/"

  #Uncomment if you are going to use SSL
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/cells.example.com/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/cells.example.com/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/cells.example.com/chain.pem"

  ErrorLog /var/log/httpd/cells-error-ssl.log
  CustomLog /var/log/httpd/cells-access-ssl.log combined
</VirtualHost>
</IfModule>

And whe i try to access to my domain i get a proxy error:

Someone have any idea of what i doing wrong?

Im working with Centos 7 i dont have any firewall active

Thanks for your help and sorry for my english

Your English is great, don’t worry.

Have you installed cells with SSL totally disabled? In which case your proxy pass directives should NOT include https. For example

ProxyPass “/” “http://172.16.4.1:8080/

The same is true for the reverse directive

Maybe you could try that?

Hi & welcome @Tamtrum ,
as @rossbeazley pointed it out, if your pydio cells is not set with SSL, you must change the proxyPass, to http.

i guess your setup would look like this, cells(http) -> proxy(https) therefore your proxy will use http to communicate with cells, whereas the browser(for instance) will communicate only in https with the proxy while using cells.

Hello!
I set it on https with Let’sEncrypt, i generate the certificates on a previous step with certbot certonly…
I configure my apache virtualhost with https on my proxy values, and on my cells external url, but, i can’t connect to my cells instance, my error changed and now it is:

Now i check my apache error log and i foud this error:

[proxy:error] [pid 4875] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.4.1:8080 (172.16.4.1) failed
[Wed Mar 13 09:57:37.854175 2019] [proxy:error] [pid 4875] AH00959: ap_proxy_connect_backend disabling worker for (172.16.4.1) for 60s
[proxy_http:error] [pid 4875] [client myPublicIP:37648] AH01114: HTTP: failed to make connection to backend: 172.16.4.1, referer: https://cells.example.com/

What i doing worng?

And thaks again for all your help!

Hi,
let’s take a step back,
could you give me the url of the proxy, the ip of the server on which your cells is running.

The apache server is in the same IP of the Pydio Cells (apache and Cells coexist on the same server), this server has the local IP: 172.16.4.1 and one public IP…
I try connect in the internal URL to the local IP (172.16.4.1), and the external URL i set the domain who’s point to the public IP with an A record…

I try serverals configuration for my Cells instance, with localhost, 0.0.0.0 and 127.0.0.1 on my apache configuration and pydio cells config…

This are my configuration steps:

  • ./cells install
  • Command line install
  • Internal URL: 172.16.4.1:8080
  • Provide paths to certificate/key files—> Set to my let’s encrypt certs path
  • I redirect al traffic to https
  • My external URL is https://cells.example.com
  • My SQL Connection is on TCP
  • Host of my MySQL instance
  • DB port set as default 3306
  • DB user
  • DB password
    All connections its Ok
  • Create Pydio Cells username
  • Create Pygio Cells password
  • And start with ./cells start

My apache reverse proxy have this config and listen on port 80 and 443…
ProxyPass “/” “https://172.16.4.1:8080
ProxyPassReverse “/” “https://172.16.4.1:8080

I restart apache…

And this is all what i do

Again thanks for the help!

Hi,
i would advise you to run cells with http, and put ssl on your reverse proxy
cells —http—> proxy —https—> clients.

For instance run cells on internal 172.16.4.1:8080 and external https://172.16.4.1
then on your proxy you use port 443 with your certificates,
and proxy pass will be the internal url of cells in this case:
http://172.16.4.1:8080

Excelent! This solve my problem!

Thanks for your help!