Unable to Login

Hi All,

I am running cells in in a docker container - when trying to login as admin I am getting the following error on the backend.

Rest Error 401 {“error”: “could not unmarshall response with status 403: 403 Forbidden\nerror cause: invalid character ‘<’ looking for beginning of value”}

I have tried all manner of combination for the BIND and EXTERNAL params but nothing seems to work.

My docker-compose.yml as follows

version: '3'
services:

    cells:
        image: pydio/cells:latest
        restart: always
        ports: ["19997:443", "33066:33060"]
        environment:
            - CELLS_BIND=pydio.REDACTED.com:443
            - CELLS_EXTERNAL=https://pydio.REDACTED.com/
        volumes:
            - "cellsdir:/var/cells"
            - "data:/var/cells/data"

    # MySQL image with a default database cells and a dedicated user pydio
    mysql:
         image: mysql:5.7
         restart: always
         ports: ["33306:3306"]
         environment:
             MYSQL_ROOT_PASSWORD: REDACTED
             MYSQL_DATABASE: cells
             MYSQL_USER: pydio
             MYSQL_PASSWORD: REDACTED
         command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
         volumes:
             - "mysqldir:/var/lib/mysql"

volumes:
    data: {}
    cellsdir: {}
    mysqldir: {}

Here is my nginx config

server {
        listen         80;
        server_name    pydio.redacted.com;
        return         301 https://$server_name$request_uri;
}

server {
    client_max_body_size 200M;
    server_name pydio.redacted.com;

    location / {
            proxy_buffering off;
            proxy_pass https://localhost:19997$request_uri;
            proxy_pass_request_headers on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
    }

    location /ws {
            proxy_buffering off;
            proxy_pass https://localhost:19997;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 86400;
    }

    error_log /var/log/nginx/cells-proxy-error.log;
    access_log /var/log/nginx/cells-proxy-access.log;

    listen 443;
    ssl_certificate     /etc/nginx/ssl/pydio.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/pydio.redacted.com/key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
}


server {
    listen 33060 ssl http2;
    listen [::]:33060 ssl http2;
    ssl_certificate     /etc/nginx/ssl/pydio.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/pydio.redacted.com/key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    keepalive_timeout 600s;

    location / {
        grpc_pass grpcs://localhost:33061;
    }

  error_log /var/log/nginx/proxy-grpc-error.log;
  access_log /var/log/nginx/proxy-grpc-access.log;
}

Thanks in advance.

Rod.

Hello @Rod_Telford,

Correct me if i’m wrong,

  • you have cells + mysql running on docker
  • and nginx running as a software on your server ?

That is correct. The system nginx provides a multitude of other functions.

Hello @Rod_Telford,

Could you try to run your docker instance with CELLS_BIND (on the private address of your server) then in proxy pass instead of localhost, you would have this address.

I believe that your reverse proxy could not proxy the trafic because cells is not bound on localhost, (you could also use the same set of port)

For instance:

  ports: ["19997:19997", "33066:33060"]
        environment:
            - CELLS_BIND=192.168.1.1:19997

and for your nginx,

    location / {
            proxy_buffering off;
            proxy_pass https://192.168.1.1:19997$request_uri;

Then you can access your Cells through the external address.