Unable to install Cells V2

Hi,

I’ve been trying to setup Pydio Cells v2.0.0 for a few hours now, and ~8 droplets later, it seems to not go my way.

I’ve had a myriad of issues, mostly I am unable to get it correctly set-up with a domain & SSL.
If I don’t use a domain and no TLS, I can access my site fine, until I restart it, then it stops working.

If I use a domain with Let’sEncrypt, I am stuck at an SSL error when trying to complete the setup via the Browser.

Internal Endpoint is 127.0.0.1:8080
External Endpoint is https://pydio.domain.com:443

Has anyone had success in setting it up on Ubuntu 18.04.3 Bionic Beaver with TLS?

Cheers

Yes sir, I just recently did. Today in fact. It confused me greatly at first.

I was not able to get the software working when using different ports for local vs external. When I did the following, the web server worked fine:

Internal:
0.0.0.0:443

External:
https://mywebaddresshere.com

It is also worth noting that I did not use Lets Encrypt, or the Browser setup. I used certs generated from GoDaddy and the cli-based setup. I also was setup in AWS and had to make sure that my /etc/hosts file had the “External URL” pointed to the localhost IP.

Not sure if that information will help you, but I hope it does. This is a pretty cool software once you figure out how to get it working.

Thanks for the swift response.

Sadly it still comes out to: “ERR_SSL_PROTOCOL_ERROR”
with Let’sEncrypt, 0.0.0.0:443 and CLI Setup on DigitalOcean.

If you have time at some point I’d love to jump on a Skype call and see if we can set it up, AWS is fine w/ me, I’d just like it setup to be honest.
I’ll then write an article or something about it, if that’s alright w/ you?

Cheers

Hi @JapSeyz
0.0.0.0 may be problematic.
Can you try

  • a proper internal interface IP e.g. 192.168.0.XX:443 or 10.0.0.1:443 (what do you have on your droplet?),
  • do not put 443 port in the external url.
    With let’s encrypt it should work seamlessly, unless you’ve temporarily blocked your domain on LE by making too many tries,
    charles

Hi Charles.

I’ll give it a go today after work and get back to you.

Cheers

Hi Charles, I tried this and I still get a ERR_SSL_PROTOCOL_ERROR from Chrome.

It correctly redirects http to https, but the site doesn’t work. I’ll rummage through the logs for a bit.

WARN[0005] JSON Web Key Set "hydra.openid.id-token" does not exist yet, generating new key pair...
[TLS] Cannot load site sub.domain.com from TLS File Storage

Caddy errors is empty.

I can’t really see what’s going wrong, neither the STDOUT nor the caddy log-file has any errors.

must definitely be the issue for LE…
Going back to your first post,

what’s the symptom here? do you restart just cells ? or the whole droplet ? Are you always using a given system user for installing / starting ?

Hi, my exact process:

  1. Provision new Droplet from DO. (Ubuntu 18.04 LTS)
    1a) create A-record for subdomain to point to droplet IP

  2. ssh root@ip

  3. Install MariaDB
    3a)sudo apt-get install software-properties-common
    3b)sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
    3c)sudo add-apt-repository ‘deb [arch=amd64,arm64,ppc64el] http://mariadb.petarmaric.com/repo/10.4/ubuntu bionic main’
    3d)sudo apt update
    3e)sudo apt install mariadb-server

  4. Setup pydio user
    4a) sudo useradd -m pydio
    4b) sudo passwd pydio
    4c) sudo usermod -aG sudo pydio

  5. Setup MariaDB
    5a) mysql_secure_installation
    5b) mysql -u root -p
    5c) > CREATE USER 'pydio'@'localhost' IDENTIFIED BY '<your-password-here>';
    5d) > CREATE DATABASE cells;
    5e) > GRANT ALL PRIVILEGES ON cells.* to 'pydio'@'localhost';
    5f) > FLUSH PRIVILEGES;

  6. Switch to Pydio user

  7. wget https://download.pydio.com/latest/cells/release/{latest}/linux-amd64/cells
    7a) sudo chmod u+x cells
    7b) sudo setcap ‘cap_net_bind_service=+ep’ cells

  8. install cells
    8a) ./cells install
    8b) selecting the droplet’s internal ip and port 443 ie. 10.19.0.4:443
    8c) selecting the external domain configured in 1a)
    8d) select Let’sEncypt

After the CLI is done and I run ./cells start,

I get the SSL error in Chrome.

It may be a bit overzealous to list every command here, almost. (I have changed Mysql Passwords etc…)

I’ve tried approx 10 droplets now, with different setups and root/non-root etc. I can not get it to work with Let’sEncrypt.

Can you try to use the LE Staging CA URL (the Do you want to use Let's Encrypt staging entrypoint? question during install) ? If it works, this will probably confirm the domain is banned (for a week…)
If it is confirmed, see https://letsencrypt.org/docs/rate-limits/

Yeah sure, will give the DNS an hour to propagate the IP change of a new Droplet.

Hi,

Unfortunately it’s the same outcome.

This site can’t provide a secure connection
sub.domain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

The caddy log is still empty by the way.

Alright, bought a SSL Cert now, let’s see if that’ll work.

So after trying out a separate SSL, I get the following error:

421 Site sub.domain.com is not served on this interface

However SSL is enabled.

  "cert": {
    "proxy": {
      "certFile": "/etc/ssl/certs/sub_domain_com.crt",
      "httpRedir": true,
      "keyFile": "/etc/ssl/private/sub_domain_com.key",
      "ssl": true
    }
  },

Defaults

"defaults": {
    "database": "c08dbff4672e09fb31daf312a645bf54694e5f61",
    "datasource": "pydiods1",
    "url": "https://sub.domain.com",
    "urlInternal": "https://10.72.3.10:443"
  },

Caddy error log is still empty

This worked wonderfully with a NameCheap generated SSL.

I changed internal to 0.0.0.0:443 and added my external url in the hosts file. I suppose that is a requirement and not documented very well.

Either way I’ll give this a spin now and see if I can get an article written to help other people get this setup with less hassle than I’ve had.

So, almost at the goal. S3 doesn’t seem to work.

It creates a .pydio in the bucket correctly, but whenever I try to upload something via the UI, I get a
cannot run action actions.images.thumbnails: personal/username/image.jpeg: The specified bucket does not exist:

Which I don’t understand, as Pydio has just placed a .pydio file in the bucket.

Have you experienced this before?

It’s in a somewhat odd state of being both uploaded and not:

On the main-screen the images look fine, but once I click on one of them it goes into indefinite loading:

Main Screen:

Clicked on 128.png

And after writing all this, they’re still loading in my other tab.

The Cells Sync also seems to be having some issues:

Also getting an unable to connect from the mobile-app, albeit it can fetch the certificate and asks me to acknowledge it.

I had to adjust the /etc/hosts file as well in one of my cells server test setups (lxc container on proxmox). But then I realized that the server couldn’t resolve my domain. After setting a dns server manually, everything worked without having to change the /etc/hosts file.

What is your set up? Cells server with ssl enabled behind a caddy proxy? And with S3 buckets?