OCIS cannot be reachable from out of the "localhost" TLS handshake error

[erwinpalma]

Describe the bug

I tried to access the OCIS as regular from a machine out of the localhost, and it was not possible.

In the beginning, I got a blank page after accepting the certificate.

I took a look into the OCIS server output and I noticed the follow:

2021-02-02 15:10:04.295802 I | http: TLS handshake error from 192.168.178.20:3059: remote error: tls: unknown certificate
2021-02-02 15:10:04.299093 I | http: TLS handshake error from 192.168.178.20:3058: remote error: tls: unknown certificate
2021-02-02 15:10:04.394335 I | http: TLS handshake error from 192.168.178.20:3062: remote error: tls: unknown certificate
2021-02-02 15:10:04.394397 I | http: TLS handshake error from 192.168.178.20:3063: remote error: tls: unknown certificate
{"level":"info","service":"proxy","from":"192.168.178.20:3064","method":"GET","path":"/settings.js","time":"2021-02-02T15:10:05.659067+01:00","message":"access-log"}
{"level":"info","service":"proxy","from":"192.168.178.20:3064","method":"GET","path":"/accounts.js","time":"2021-02-02T15:10:05.704794+01:00","message":"access-log"}

And here is my Certificate

Steps to reproduce

Steps to reproduce the behavior:

1. start the server ./ocis server
2. From a sepatare Computer open your ocis website "https://192.168.178.35:9200"
3. Accept the certificate

Actual behavior

I got a Blank Page

Setup

Please describe how you started the server

 ./ocis server

and provide a list of relevant environment variables.

Server Side

./ocis --version
ocis version 1.1.0-rc1

Additional context

I have the follow small infraestructure.

[OCIS Server]

• Operating System: Mac
• Version: 1.1.0-rc1
• IP Add: 192.168.178.35

[Regular OC]

• Operating System: Windows 10
• Browser: Firefox, Edge.
• IP: 192.168.178.20

[LoggeL]

Same problem here. Additionally I have the following error in the firefox dev console:

Seems like it's sending a CORS request to the client instead of the server?

./ocis -version
ocis version 1.1.0

Also confirmed with ocis version 98c90e9d Running ocis-linux-arm Also confirmed the same on windows

It only works if the server & client IP are the same

[erwinpalma]

@micbar,

is an expected behavior? or there is a way to configure OCIS to access out of localhost?

[ackr-8]

Is this an issue with trusted domains? If yes how can we add trusted domains/

[micbar]

If you want to configure ocis to run on a different domain than localhost, you need to configure it

See https://owncloud.github.io/ocis/deployment/basic-remote-setup/.

or

https://owncloud.github.io/ocis/deployment/ocis_traefik/

[pascalwengerter]

@erwinpalma has your question been answered?

[001101]

n order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace your-host with an IP or hostname.

PROXY_HTTP_ADDR=0.0.0.0:9200 \ OCIS_URL=https://your-host:9200 \ ./ocis server

not working

[pascalwengerter]

Hey @001101 thanks for giving oCIS a try. Could you confirm you're running on the latest version (v.1.8.0), provide more information on your setup (OS, Dockerized vs compiled oCIS etc) and a paste the error msg you're receiving?

[001101]

thanks for the fast reply! docker debian buster

2021/07/04 08:35:46 http: TLS handshake error from my-host-ip:51904: read tcp my-kvm-ip:9200->my-host-ip:51904: read: connection reset by peer

maybe it is also a faulty kvm network configuration, cause i am seeing the handshake error coming from the host ip of my new kvm, which is from a provider, so nothing selfhosted, is this normal?

[pascalwengerter]

thanks for the fast reply! docker debian buster

2021/07/04 08:35:46 http: TLS handshake error from my-host-ip:51904: read tcp my-kvm-ip:9200->my-host-ip:51904: read: connection reset by peer

maybe it is also a faulty kvm network configuration, cause i am seeing the handshake error coming from the host ip of my new kvm, which is from a provider, so nothing selfhosted, is this normal?

You're welcome! Since you're running it dockerized ./ocis server seems to be the wrong command (unless I'm missing sth obvious). @wkloucek helped someone else out in a similar scenario recently, could you check this thread and see if it applies to you, too?

[001101]

yes, this circumstance is right, but i tried first docker and as i noticed that the configs are written to run for localhost I tried to run it directly by binary and ended up with the TLS error, could you also take reference to my asked question about the host system issue with the error?

[wkloucek]

... ...

Actual behavior

I got a Blank Page

@pascalwengerter @kulmann if ownCloud Web fails on the openid-configuration endpoint it just displays a white page. Could we instead show some error message?

Steps to reproduce:

• run oCIS OCIS_URL=https://187.1.0.5 ./ocis server with setting a non reachable OCIS_URL
• access https://localhost:9200
• see that openid-configuration fails and a white page is displayed

[pascuflow]

Any updates? Running OCIS in Docker and get the same error:

docker run \
    --name ocis_runtime \
    --rm \
    -it \
    -p 9200:9200 \
    --mount type=bind,source=$PWD/ocis/ocis-config,target=/etc/ocis \
    --mount type=bind,source=$PWD/ocis/ocis-data,target=/var/lib/ocis \
    -e OCIS_INSECURE=true \
    -e PROXY_HTTP_ADDR=0.0.0.0:9200 \
    -e OCIS_URL=https://My-Ip:9200 \
    owncloud/ocis

http: TLS handshake error from 139.60.191.197:55712: remote error: tls: unknown certificate

[rhafer]

@pascuflow Would you mind opening a separate issue for your problem? I am pretty sure you're running into something different than what was reported here. If possible please add screenshots and debug level log files (OCIS_LOG_LEVEL=debug ) to that issue.