Pydio Cells docker + NGINX = 404 error on /ws/chat and /ws/event

Question

I have set up a Docker container using the pydio/cells:2.1.1 image from dockerhub.

My docker-compose.yaml contains the following section:

cells:
    image: pydio/cells:2.1.1
    environment:
     - CELLS_NO_TLS=1
     - CELLS_BIND=files.redacted.dev:8080
     - CELLS_EXTERNAL=https://files.redacted.dev
    volumes:
     - /srv/cells:/var/cells
    ports:
     - "8081:8080"
    depends_on:
     - cells_mysql
    restart: unless-stopped

To expose Cells to the network I'm using NGINX with the following configuration:

server {

    client_max_body_size 200M;
    server_name files.redacted.dev;

    location / {
        proxy_buffering off;
        proxy_pass http://localhost:8081$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
    }

    location /ws {
        proxy_buffering off;
        proxy_pass http://localhost:8081;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/files.redacted.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/files.redacted.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = files.redacted.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name files.redacted.dev;

    listen 80;
    listen [::]:80;
    return 404; # managed by Certbot
}

Pretty much everything works OK however I noticed that when I create a new file or folder I then had to reload before it appeared in the UI.

Looking at Firefox's dev console I see 404 errors on GET wss://files.redacted.dev/ws/chat and wss://files.redacted.dev/ws/event requests.

I tested on the host with the following command (thereby bypassing NGINX):

curl --include --no-buffer --header "Connection: Upgrade" --header "Upgrade: websocket" --header "Host: files.redacted.dev:80" --header "Origin: https://files.redacted.dev" --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" --header "Sec-WebSocket-Version: 13" http://localhost:8081/ws/chat

And the command didn't terminate (I'm assuming that means it was successful...).

Looks like the NGINX configuration is the problem. Does anybody know how to fix this?

Answer 1

In the end it was a missing header for the /ws location:

location /ws {
    proxy_buffering off;
    proxy_pass http://localhost:8081;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
    proxy_set_header Host $host; # This is what was missing!
    proxy_http_version 1.1; # This might also be needed...
}