[solved] Unable to install Cells V2

Pydio Cells
#1

Hi,

I’ve been trying to setup Pydio Cells v2.0.0 for a few hours now, and ~8 droplets later, it seems to not go my way.

I’ve had a myriad of issues, mostly I am unable to get it correctly set-up with a domain & SSL.
If I don’t use a domain and no TLS, I can access my site fine, until I restart it, then it stops working.

If I use a domain with Let’sEncrypt, I am stuck at an SSL error when trying to complete the setup via the Browser.

Internal Endpoint is 127.0.0.1:8080
External Endpoint is https://pydio.domain.com:443

Has anyone had success in setting it up on Ubuntu 18.04.3 Bionic Beaver with TLS?

Cheers

#2

Yes sir, I just recently did. Today in fact. It confused me greatly at first.

I was not able to get the software working when using different ports for local vs external. When I did the following, the web server worked fine:

Internal:
0.0.0.0:443

External:
https://mywebaddresshere.com

It is also worth noting that I did not use Lets Encrypt, or the Browser setup. I used certs generated from GoDaddy and the cli-based setup. I also was setup in AWS and had to make sure that my /etc/hosts file had the “External URL” pointed to the localhost IP.

Not sure if that information will help you, but I hope it does. This is a pretty cool software once you figure out how to get it working.

URL doesn`t open during Cells installation process
#3

Thanks for the swift response.

Sadly it still comes out to: “ERR_SSL_PROTOCOL_ERROR”
with Let’sEncrypt, 0.0.0.0:443 and CLI Setup on DigitalOcean.

If you have time at some point I’d love to jump on a Skype call and see if we can set it up, AWS is fine w/ me, I’d just like it setup to be honest.
I’ll then write an article or something about it, if that’s alright w/ you?

Cheers

#4

Hi @JapSeyz
0.0.0.0 may be problematic.
Can you try

  • a proper internal interface IP e.g. 192.168.0.XX:443 or 10.0.0.1:443 (what do you have on your droplet?),
  • do not put 443 port in the external url.
    With let’s encrypt it should work seamlessly, unless you’ve temporarily blocked your domain on LE by making too many tries,
    charles
#5

Hi Charles.

I’ll give it a go today after work and get back to you.

Cheers

#6

Hi Charles, I tried this and I still get a ERR_SSL_PROTOCOL_ERROR from Chrome.

It correctly redirects http to https, but the site doesn’t work. I’ll rummage through the logs for a bit.

WARN[0005] JSON Web Key Set "hydra.openid.id-token" does not exist yet, generating new key pair...
[TLS] Cannot load site sub.domain.com from TLS File Storage

Caddy errors is empty.

I can’t really see what’s going wrong, neither the STDOUT nor the caddy log-file has any errors.

#7

must definitely be the issue for LE…
Going back to your first post,

what’s the symptom here? do you restart just cells ? or the whole droplet ? Are you always using a given system user for installing / starting ?

#8

Hi, my exact process:

  1. Provision new Droplet from DO. (Ubuntu 18.04 LTS)
    1a) create A-record for subdomain to point to droplet IP

  2. ssh root@ip

  3. Install MariaDB
    3a)sudo apt-get install software-properties-common
    3b)sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
    3c)sudo add-apt-repository ‘deb [arch=amd64,arm64,ppc64el] http://mariadb.petarmaric.com/repo/10.4/ubuntu bionic main’
    3d)sudo apt update
    3e)sudo apt install mariadb-server

  4. Setup pydio user
    4a) sudo useradd -m pydio
    4b) sudo passwd pydio
    4c) sudo usermod -aG sudo pydio

  5. Setup MariaDB
    5a) mysql_secure_installation
    5b) mysql -u root -p
    5c) > CREATE USER 'pydio'@'localhost' IDENTIFIED BY '<your-password-here>';
    5d) > CREATE DATABASE cells;
    5e) > GRANT ALL PRIVILEGES ON cells.* to 'pydio'@'localhost';
    5f) > FLUSH PRIVILEGES;

  6. Switch to Pydio user

  7. wget https://download.pydio.com/latest/cells/release/{latest}/linux-amd64/cells
    7a) sudo chmod u+x cells
    7b) sudo setcap ‘cap_net_bind_service=+ep’ cells

  8. install cells
    8a) ./cells install
    8b) selecting the droplet’s internal ip and port 443 ie. 10.19.0.4:443
    8c) selecting the external domain configured in 1a)
    8d) select Let’sEncypt

After the CLI is done and I run ./cells start,

I get the SSL error in Chrome.

It may be a bit overzealous to list every command here, almost. (I have changed Mysql Passwords etc…)

I’ve tried approx 10 droplets now, with different setups and root/non-root etc. I can not get it to work with Let’sEncrypt.

Fresh Install never starts
#9

Can you try to use the LE Staging CA URL (the Do you want to use Let's Encrypt staging entrypoint? question during install) ? If it works, this will probably confirm the domain is banned (for a week…)
If it is confirmed, see https://letsencrypt.org/docs/rate-limits/

#10

Yeah sure, will give the DNS an hour to propagate the IP change of a new Droplet.

#11

Hi,

Unfortunately it’s the same outcome.

This site can’t provide a secure connection
sub.domain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

The caddy log is still empty by the way.

#12

Alright, bought a SSL Cert now, let’s see if that’ll work.

#13

So after trying out a separate SSL, I get the following error:

421 Site sub.domain.com is not served on this interface

However SSL is enabled.

  "cert": {
    "proxy": {
      "certFile": "/etc/ssl/certs/sub_domain_com.crt",
      "httpRedir": true,
      "keyFile": "/etc/ssl/private/sub_domain_com.key",
      "ssl": true
    }
  },

Defaults

"defaults": {
    "database": "c08dbff4672e09fb31daf312a645bf54694e5f61",
    "datasource": "pydiods1",
    "url": "https://sub.domain.com",
    "urlInternal": "https://10.72.3.10:443"
  },

Caddy error log is still empty

#14

This worked wonderfully with a NameCheap generated SSL.

I changed internal to 0.0.0.0:443 and added my external url in the hosts file. I suppose that is a requirement and not documented very well.

Either way I’ll give this a spin now and see if I can get an article written to help other people get this setup with less hassle than I’ve had.

#15

So, almost at the goal. S3 doesn’t seem to work.

It creates a .pydio in the bucket correctly, but whenever I try to upload something via the UI, I get a
cannot run action actions.images.thumbnails: personal/username/image.jpeg: The specified bucket does not exist:

Which I don’t understand, as Pydio has just placed a .pydio file in the bucket.

Have you experienced this before?

#16

It’s in a somewhat odd state of being both uploaded and not:

On the main-screen the images look fine, but once I click on one of them it goes into indefinite loading:

Main Screen:

26
261504×968 167 KB

Clicked on 128.png

32
321434×554 39.3 KB

And after writing all this, they’re still loading in my other tab.

#17

The Cells Sync also seems to be having some issues:

44
441892×1334 171 KB

#18

Also getting an unable to connect from the mobile-app, albeit it can fetch the certificate and asks me to acknowledge it.

#19

I had to adjust the /etc/hosts file as well in one of my cells server test setups (lxc container on proxmox). But then I realized that the server couldn’t resolve my domain. After setting a dns server manually, everything worked without having to change the /etc/hosts file.

#20

What is your set up? Cells server with ssl enabled behind a caddy proxy? And with S3 buckets?