Very interesting product (cloudflared).
I’ve had trouble before getting ocis to run with SSL offloading.
I got it working by creating a backend server SSL certificate in the Cloudflare interface. You can, with just a few clicks, create a 15 year certificate validated by Cloudflare.
I put the certificate files into the ocis-config folder, mounted them straight in / inside the container.
And then added some env variables for ocis to pick those up:
version: "3.7"
services:
ocis:
image: owncloud/ocis:latest@sha256:c6b137cf781c57d3fd4cc74099dd67316f885e26b8509c688322ba774119a023
container_name: owncloud
environment:
OCIS_INSECURE: "true"
OCIS_URL: "https://ocis.domain.tld"
OCIS_LOG_LEVEL: debug
PROXY_TRANSPORT_TLS_KEY: "/ocis.domain.tld.key"
PROXY_TRANSPORT_TLS_CERT: "/ocis.domain.tld.crt"
volumes:
- /opt/owncloud/ocis-config/ocis.yaml:/etc/ocis/ocis.yaml
- /opt/owncloud/ocis-config/ocis.domain.tld.key:/ocis.domain.tld.key
- /opt/owncloud/ocis-config/ocis.domain.tld.crt:/ocis.domain.tld.crt
- /opt/owncloud/ocis-data:/var/lib/ocis
ports:
- 9200:9200
restart: always # or on-failure / unless-stopped
logging:
driver: local
But then I still had trouble:
2023-03-30T12:03:04Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for ocis.domain.tld, not localhost" connIndex=1 dest=https://ocis.domain.tld/themes/owncloud/theme.json ip=198.41.200.113 type=http
2023-03-30T12:03:05Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is valid for ocis.domain.tld, not localhost" cfRay=<someRayID>-FRA originService=https://localhost:9200
So I adjusted the cloudflared config.yaml like so:
tunnel: <tunnelID>
credentials-file: /home/erik/.cloudflared/<tunnelID>.json
originRequest:
noTLSVerify: true
ingress:
- service: https://localhost:9200
And then it started working, perhaps that’s a workaround that could work for you?