Hi there!
I am currently trying to get away from Dropbox and looking for an alternative without much overhead (looking at you, Nextcloud). oCIS seems perfect and syncs to the desktop, which is needed by my family.
A simple install via docker-compose works fine on the local network, however, when I try to open it to the outside with the help of cloudflare’s tunnel (which I use for the rest of my docker setup), it breaks:
TLS handshake error from <docker host's ip>:60862: remote error: tls: bad certificate
could not initialize oidcAuth provider | service=proxy error=502 Bad Gateway: 502 Bad Gateway Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared
I tried to use a rather minimal docker-compose setup, maybe one of you see immediately where I went wrong?
I’ve had trouble before getting ocis to run with SSL offloading.
I got it working by creating a backend server SSL certificate in the Cloudflare interface. You can, with just a few clicks, create a 15 year certificate validated by Cloudflare.
I put the certificate files into the ocis-config folder, mounted them straight in / inside the container.
And then added some env variables for ocis to pick those up:
2023-03-30T12:03:04Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for ocis.domain.tld, not localhost" connIndex=1 dest=https://ocis.domain.tld/themes/owncloud/theme.json ip=198.41.200.113 type=http
2023-03-30T12:03:05Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for ocis.domain.tld, not localhost" cfRay=<someRayID>-FRA originService=https://localhost:9200
So I adjusted the cloudflared config.yaml like so:
Hello Thanks for your job, it helped me a lot. I added Authelia for OIDC via Cloudflare. That work perfect for access to OCIS via browser but KO for client desktop ans IOS… If you have any ideas? Have a good day Fred