WebSocket seems to be disconnected

Pydio Cells
1

Hi,
I’ve installed pydio cells on apache server. After logging in successfully I see ’ Internal server’ error at the bottom.
and I see this error on the left Websocket seems to be disconnected, please make sure that the server is up and websocket connection is working
Can anyone help please?

2

Hello @Nayrouz_Boussoffara ,

It might be related to your reverse proxy configuration, maybe the websocket is not handled by apache, it needs a specific line on the configuration to allow it to proxy the websocket.

Could you share your current apache configuration ?

3

Thank you @zayn for your reply.
this is my configuration file

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName elab.diginov.tech
DocumentRoot /var/www/html/pydio/
ErrorLog ${APACHE_LOG_DIR}/pydioerror.log
CustomLog ${APACHE_LOG_DIR}/pydioaccess.log combined
Header set Access-Control-Allow-Origin "*"
AllowEncodedSlashes On
SSLProxyEngine On
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
ProxyPassMatch "/ws/(.*)" wss://elab.diginov.tech:8080/ws/$1 nocanon
ProxyPass / https://elab.diginov.tech:8080/ nocanon
ProxyPassReverse / https://elab.diginov.tech:8080/ nocanon
RewriteEngine on
RewriteCond %{SERVER_NAME} =elab.diginov.tech
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName elab.diginov.tech
DocumentRoot /var/www/html/pydio/
ErrorLog ${APACHE_LOG_DIR}/pydioerror.log
CustomLog ${APACHE_LOG_DIR}/pydioaccess.log combined
Header set Access-Control-Allow-Origin "*"
AllowEncodedSlashes On
SSLProxyEngine On
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
ProxyPassMatch "/ws/(.*)" wss://elab.diginov.tech:8080/ws/$1 nocanon
ProxyPass / https://elab.diginov.tech:8080/ nocanon
ProxyPassReverse / https://elab.diginov.tech:8080/ nocanon
SSLCertificateFile /etc/letsencrypt/live/elab.diginov.tech/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/elab.diginov.tech/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
4

Hi Thank you @zayn for your replyy.
this is my configuration file

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName elab.diginov.tech
DocumentRoot /var/www/html/pydio/
ErrorLog ${APACHE_LOG_DIR}/pydioerror.log
CustomLog ${APACHE_LOG_DIR}/pydioaccess.log combined
Header set Access-Control-Allow-Origin "*"
AllowEncodedSlashes On
SSLProxyEngine On
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
ProxyPassMatch "/ws/(.*)" wss://elab.diginov.tech:8080/ws/$1 nocanon
ProxyPass / https://elab.diginov.tech:8080/ nocanon
ProxyPassReverse / https://elab.diginov.tech:8080/ nocanon
RewriteEngine on
RewriteCond %{SERVER_NAME} =elab.diginov.tech
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName elab.diginov.tech
DocumentRoot /var/www/html/pydio/
ErrorLog ${APACHE_LOG_DIR}/pydioerror.log
CustomLog ${APACHE_LOG_DIR}/pydioaccess.log combined
Header set Access-Control-Allow-Origin "*"
AllowEncodedSlashes On
SSLProxyEngine On
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
ProxyPassMatch "/ws/(.*)" wss://elab.diginov.tech:8080/ws/$1 nocanon
ProxyPass / https://elab.diginov.tech:8080/ nocanon
ProxyPassReverse / https://elab.diginov.tech:8080/ nocanon
SSLCertificateFile /etc/letsencrypt/live/elab.diginov.tech/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/elab.diginov.tech/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
5

this is also a screenshot from my pydio log

MicrosoftTeams-image (39)
MicrosoftTeams-image (39)688×816 55.2 KB

6

Hello @Nayrouz_Boussoffara

Your configuration has the correct directives, maybe the virtual host 80 & 443 directives are conflicting,
I would advise you to use a configuration that redirects 80 to 443 without having to duplicate the code (see below).

<VirtualHost *:80>
	ServerName my-cells-server.com
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    RewriteCond %{SERVER_NAME} =my-cells-server.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
	ServerName my-cells-server.com
	AllowEncodedSlashes On
	RewriteEngine On

    SSLProxyEngine On
    
	ProxyPassMatch "/ws/(.*)" wss://localhost:8080/ws/$1 nocanon
    ProxyPass "/" "https://localhost:8080/"
	ProxyPassReverse "/" "https://localhost:8080/"
	

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLCertificateFile /etc/letsencrypt/live/my-cells-server.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/my-cells-server.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

By the way while reading your configuring I noticed that your are redirecting to the same domain under a different port, is it required for your use case ?

Can you setup Cells without a reverse proxy ?

Could you also tell me what configuration Cells is running with, you can use ./cells configure sites to retrieve the list.

7

Hello,
Regarding the redirection we’re redirecting to the same domain because we’re using the ssl certificate with that domain. We tried port 443 and disabled apache it didnt work.

We did setup Cells without a reverse proxy but same issue.

This is our configuration, we changed to port 9000:

MicrosoftTeams-image (40)
MicrosoftTeams-image (40)1850×228 85.6 KB

By the way we tried the configuration file you recommended but didnt work too.

8

Could you try with one of the following solutions and see if it is working ?

1) Without Apache

If you can avoid using Apache, this configuration is adapted to the case.

Disable Apache and configure Cells like this:

pydio@debian:~$ ./cells configure sites
The following sites are currently defined:
+---+-------------------------------------------------+--------------+--------------+
| # |                     BIND(S)                     |     TLS      | EXTERNAL URL |
+---+-------------------------------------------------+--------------+--------------+
| 0 | https://cells-example.com:443                   | Lets Encrypt |              |
+---+-------------------------------------------------+--------------+--------------+

2) With Apache

Otherwise if you want to keep Apache, I would suggest this configuration:

On Cells you set the sites like this:

pydio@debian:~$ ./cells configure sites
The following sites are currently defined:
+---+-------------------------------------------------+--------------+---------------------------------------------+
| # |                     BIND(S)                     |     TLS      |                EXTERNAL URL                 |
+---+-------------------------------------------------+--------------+---------------------------------------------+
| 1 | https://localhost:8080                          | Self-signed  | https://cells-example.com.eu                |
+---+-------------------------------------------------+--------------+---------------------------------------------+

And then on Apache reverse proxy config will look like this:

pydio@debian:~$ cat /etc/apache2/sites-available/cells.conf
<VirtualHost *:80>
    ServerName cells-example.com

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    RewriteCond %{SERVER_NAME} =cells-example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName cells-example.com
    AllowEncodedSlashes On
    RewriteEngine On
    SSLProxyEngine On

    ## The order of the directives matters.
    # If Cells is not running with https, consider using ws instead of wss
    ProxyPassMatch "/ws/(.*)" wss://localhost:8080/ws/$1 nocanon

    ## This rewrite condition is required if using Cells-Sync
    RewriteCond %{HTTP:Content-Type} =application/grpc [NC]
    RewriteRule /(.*) h2://localhost:8080/$1 [P,L]

    ProxyPass "/" "https://localhost:8080/"
    ProxyPassReverse "/" "https://localhost:8080/"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/cells-example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cells-example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

This configuration is the same that I have on my server, if it still does not work, take a look at your firewall or network settings.

9

Hi Zayn,
This didn’t work as well.
We installed it on a new machine (Ubuntu 20 and Debian 10) without firewall or any specific network settings.
We also tried it without apache and reverse proxy but the socket issue is always there.
We installed the official version and the github version but same result.

MicrosoftTeams-image (41)
MicrosoftTeams-image (41)1318×144 42.4 KB

10

Hello @Nayrouz_Boussoffara,

when you reinstalled, did you make sure to clear the database and remove the config under ~/.config/pydio/cells your log seems to indicate that you ran multiple versions of Cells.

What type of server are you running, that is indeed weird that even without Apache the websocket does not work.

11

You don’t mention anything about your gateway or firewall, but in our case, I wasted a load of time server side only to find out that it was the firewall blocking WebSockets, the solution was simple in the end (of course WS needs to be enabled on your server too), you may have a different setup of course…