Open the-hotmann opened 4 months ago
Upload sometimes werid: Since I use Cloudflare as a proxy and Cloudflare Tunnle, there are some limitations that come with it. Files shall be uploaded in Chunks. AFAIK ocis currently does not do this. Uploading in Chunks brings these benefits: 2.1. no proxy-timeouts 2.2. easier resume on error 2.3. not running into upload-limit-size errors
That is already possible. We are using TUS and the chunk size can be configured via
FRONTEND_UPLOAD_MAX_CHUNK_SIZE |
int | default: 10000000 | "Sets the max chunk sizes in bytes for uploads via the clients." |
---|
TUS is capable of resuming uploads.
Having set the OCIS_URL to https://my.domain.tld I noticed, that it is not possible for me to locally login through my local IP (which is direct, faster and does not require internet. I think there should be the possibility to set OCIS_LOCAL_URL which allows local access to this URL. Also the Windows App shall know the local URL and the public URL and always first try to reach the server through the local URL (if the fingerprint of the server matches -> login)
I must admit, that this could be a use case. But from my POV, adding such a feature would not fit into the goals of ocis, to be "secure by default". We always want a FQDN and a valid SSL cert, so bypassing this locally weakens the security from my POV.
It weakens security in a local environment. However, this does not necessarily have to be the case since an invalid SSL certificate is technically neither less nor more secure than a valid one. The technical encryption is still provided.
For instance, if I resolve cloud.localhost
to the OCIS instance in my home LAN and use a self-signed SSL certificate, the same level of security is maintained. This setup has the added benefit of keeping the traffic within the local network, making it even more secure since no one outside can intercept the local traffic.
Nice - finally a Cloud based on GoLang :)
Just tested it. found some things that have been inconvinient:
I run
ocis
at home and make it public through Cloudflare Tunnle. It works surprisingly well, but some things caught my attention after some more in-depth testing.Having set the
OCIS_URL
tohttps://my.domain.tld
I noticed, that it is not possible for me to locally login through my local IP (which is direct, faster and does not require internet. I think there should be the possibility to setOCIS_LOCAL_URL
which allows local access to this URL. Also the Windows App shall know the local URL and the public URL and always first try to reach the server through the local URL (if the fingerprint of the server matches -> login)Upload sometimes werid: Since I use Cloudflare as a proxy and Cloudflare Tunnle, there are some limitations that come with it. Files shall be uploaded in Chunks. AFAIK ocis currently does not do this. Uploading in Chunks brings these benefits: 2.1. no proxy-timeouts 2.2. easier resume on error 2.3. not running into upload-limit-size errors
To solve this, I guess these general settings shall be able to set:
LIMIT_UPLOAD_CHUNK_SIZE
LIMIT_PROXY_TIMEOUT
Maybe they shall be named differently - but the general idea behind this would be the same. These limits shall just apply to the public URL - not the local one.
I, ofc am open for discussion on this :)
tl;dr:
WISHLIST:
ENVIRONMENT VARIABLE
DEFAULT
TYPE
UNIT
OCIS_LOCAL_URL
*``**""
string
/url.URL
-
LIMIT_UPLOAD_CHUNK_SIZE
0
int
mb
/Megabytes
LIMIT_PROXY_TIMEOUT
0
int
s
/seconds
*`
**: access to
OCIS_LOCAL_URLis limited to **
Class A**, **
Class B** and **
Class C`** private IP Ranges.