Cells not working behind cloudflare tunnel

playaz44 commented 2 months ago

📝 Describe the bug

Cells website not working behind cloudflare tunnel proxy, it's shown only blank page.

⚙️ How-to Reproduce

Steps to reproduce the behavior:

Configure cf tunnel proxy, set url https://ip:port, enable http2 Configure cells sites with same url and provide proxy url, select self-gen cert Run cells Done

🩺 Environment / Setup

Complete the following information:

Server Versions:

Cells Version 4.4.3
MariaDB/MySQL version 10.6.18
Server OS: Ubuntu 22
Other dependencies (MongoDB, Nats, ETCd, etc) none

Client used for testing:

Browser chrome 126
Client OS / mobile device, etc... not related

Additional context:

Datasource type : flat/structured, storage type, etc... not related
Add any other context about the problem here.

I can access pydio cells throught ip but not throught cloudflare tunnel.

My current sites config:

+---+-------------------------+-------------+----------------------------+
| # |         BIND(S)         |     TLS     |        EXTERNAL URL        |
+---+-------------------------+-------------+----------------------------+
| 0 | https://10.0.0.229:5555 | Self-signed | https://subdomain.example.tld |
+---+-------------------------+-------------+----------------------------+

When I open cells url then in logs can see entry, so connection is established and working. I have websockets and http2 on in configuration cf tunnel. No matters if I switch to http or change url or whatever, cells always return blank page if it accessed from cloudflare.

2024-06-30T22:20:37.813+0200    INFO    pydio.caddy.http.log.access     NOP     {"request": {"client_ip":"10.0.0.229","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Encoding":["gzip, br"],"Accept-Language":["pl,cs;q=0.9,en;q=0.8,ru;q=0.7"],"Cache-Control":["max-age=0"],"Cdn-Loop":["cloudflare"],"Cf-Access-Jwt-Assertion":["eyJraWQiOiI2ZDYxNWYwMzkyMTE3ZGMwYzQ5NTYyNmMyYzVkYzVjYTg0YzJjYmRjNzU3YjNjZGNkMTUzODQwNzZmNTAwZjJmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJ0eXBlIjoiYXBwIiwiYXVkIjoiNzk1MzA4NjJiMTViOTkwM2JhZWZhZTc0YTU3N2Q1ZGRhMDVlNzc2MmVmMDg4N2RkMTQxODA4NTUzMGJhYzQ1ZSIsImV4cCI6MTcxOTc3ODg0NywiaXNzIjoiaHR0cHM6XC9cL3BsYXlhejQ0LmNsb3VkZmxhcmVhY2Nlc3MuY29tIiwiaWF0IjoxNzE5Nzc4ODM3LCJzdWIiOiIifQ.pUW_MD3V0t15TDJpkmGuFrImSf96X4JFcJ5e9wEw6cSnLSdC00d842N2wujw_pOU5plUdlvzCHFnER83SB8pUVs1FLIFGrDelA4nnZkxMS7Agx2hwrk6Fw2AK0EV0bXoHjKRlHCnAPKXGYYNhSSXcfZI0uVAK20CaD14R-d7TH9vo1CfuW__K5LINTiP651zxGnBY4732CXR5dKmuZRIJAGIRJcsNz9Usd6ijD2FDB-IE44SrqwvYqUwQpwpA6b0SmTI-B0DhjuznSXM0JQLbZj5_BRetfvHvm7eg6nVLsJaBGvIXXdvs35DS8sCM5obuzpnNCCeoXUDAkE6KJz7HA"],"Cf-Cert-Presented":["false"],"Cf-Cert-Revoked":["false"],"Cf-Cert-Verified":["false"],"Cf-Connecting-Ip":["254.69.153.188"],"Cf-Connecting-Ipv6":["2a09:bac5:27af:137::1f:75"],"Cf-Ipcity":["Prague"],"Cf-Ipcontinent":["EU"],"Cf-Ipcountry":["CZ"],"Cf-Iplatitude":["50.08830"],"Cf-Iplongitude":["14.41240"],"Cf-Postal-Code":["110 00"],"Cf-Pseudo-Ipv4":["254.69.153.188"],"Cf-Ray":["89c0dba7fdffb348-PRG"],"Cf-Region":["Prague"],"Cf-Region-Code":["10"],"Cf-Timezone":["Europe/Prague"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Warp-Tag-Id":["e3b332a0-4b7e-4f89-ae9d-2df39330528b"],"Cookie":["REDACTED"],"Dnt":["1"],"Priority":["u=0, i"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"X-Forwarded-For":["254.69.153.188"],"X-Forwarded-Proto":["https"]},"host":"subdomain.example.tld","method":"GET","proto":"HTTP/2.0","remote_ip":"10.0.0.229","remote_port":"36594","tls":{"cipher_suite":4865,"proto":"h2","resumed":false,"server_name":"","version":772},"uri":"/"}, "bytes_read": 0, "user_id": "", "duration": 0.000004, "resp_headers": {"Alt-Svc":["h3=\":5555\"; ma=2592000"],"Server":["Caddy"]}, "status": 0, "size": 0}

Pydio startup logs:

Binary:
  Package:      Pydio Cells Home Edition
  Version:      4.4.3
  BuildTime:    17 Jun 24 16:41 +0000
  Git Commit:   e04b2537bbda5a3607069ef7dad76fe96a19bc9c
  Go Version:   go1.21.11
  OS/arch:      linux/arm64

Drivers:
  Registry:     mem:///registry
  Broker:       mem:///broker
  Config:       file:///root/.config/pydio/cells/pydio.json
  Vault:        file:///root/.config/pydio/cells/pydio-vault.json
  Keyring:      file:///root/.config/pydio/cells/cells-vault-key
  Certificates: file:///root/.config/pydio/cells/certs
  Cache:        bigcache:///cache
  ShortCache:   pm:///shortcache
  Queue:        mem:///queue
  Persisting Queue:     file:///queue

Networking:
  Hostname:     instance-20220715-2018
  Advertise:    127.0.0.1

Monitoring:
  Metrics:      false
  Profiles:     false

Build Settings:
  -buildmode:   exe
  -compiler:    gc
  -trimpath:    true
  CGO_ENABLED:  0
  GOARCH:       arm64
  GOOS: linux
  vcs:  git
  vcs.revision: e04b2537bbda5a3607069ef7dad76fe96a19bc9c
  vcs.time:     2024-06-17T16:36:00Z
  vcs.modified: false

2024-06-30T22:31:06.431+0200    INFO    pydio.grpc.broker       ready
2024-06-30T22:31:06.432+0200    INFO    pydio.grpc.config       ready
2024-06-30T22:31:06.432+0200    INFO    pydio.grpc.registry     ready
2024-06-30T22:31:06.433+0200    INFO    pydio.grpc.log  ready
2024-06-30T22:31:06.434+0200    INFO    pydio.server.manager    Discovery services started, carry on to other services
2024-06-30T22:31:06.456+0200    INFO    pydio.gateway.grpc      Configuring self-signed configuration for gRPC gateway to allow full TLS chain.
2024-06-30T22:31:06.460+0200    INFO    pydio.rest.search       starting        {"service": "pydio.rest.search", "hook router to": "/a/search"}
2024-06-30T22:31:06.477+0200    INFO    pydio.web.statics       ready
2024-06-30T22:31:06.487+0200    INFO    pydio.rest.jobs starting        {"service": "pydio.rest.jobs", "hook router to": "/a/jobs"}
2024-06-30T22:31:06.488+0200    INFO    pydio.rest.mailer       starting        {"service": "pydio.rest.mailer", "hook router to": "/a/mailer"}
2024-06-30T22:31:06.490+0200    INFO    pydio.gateway.grpc      ready
2024-06-30T22:31:06.492+0200    INFO    pydio.grpc.statics      ready
2024-06-30T22:31:06.494+0200    INFO    pydio.grpc.versions     ready
2024-06-30T22:31:06.495+0200    INFO    pydio.rest.config       starting        {"service": "pydio.rest.config", "hook router to": "/a/config"}
2024-06-30T22:31:06.496+0200    INFO    pydio.rest.share        starting        {"service": "pydio.rest.share", "hook router to": "/a/share"}
2024-06-30T22:31:06.497+0200    INFO    pydio.gateway.data      ready
2024-06-30T22:31:06.498+0200    INFO    pydio.gateway.wopi      ready
2024-06-30T22:31:06.503+0200    INFO    pydio.rest.meta starting        {"service": "pydio.rest.meta", "hook router to": "/a/meta"}
2024-06-30T22:31:06.503+0200    INFO    pydio.rest.graph        starting        {"service": "pydio.rest.graph", "hook router to": "/a/graph"}
2024-06-30T22:31:06.504+0200    INFO    pydio.rest.role starting        {"service": "pydio.rest.role", "hook router to": "/a/role"}
2024-06-30T22:31:06.507+0200    INFO    pydio.rest.auth starting        {"service": "pydio.rest.auth", "hook router to": "/a/auth"}
2024-06-30T22:31:06.508+0200    INFO    pydio.rest.activity     starting        {"service": "pydio.rest.activity", "hook router to": "/a/activity"}
2024-06-30T22:31:06.508+0200    INFO    pydio.rest.policy       starting        {"service": "pydio.rest.policy", "hook router to": "/a/policy"}
2024-06-30T22:31:06.509+0200    INFO    pydio.rest.user starting        {"service": "pydio.rest.user", "hook router to": "/a/user"}
2024-06-30T22:31:06.509+0200    INFO    pydio.grpc.data.sync    Starting umbrella service pydio.grpc.data.sync. with sources        {"sources": ["pydiods1", "personal", "cellsdata", "versions", "thumbnails"]}
2024-06-30T22:31:06.510+0200    INFO    pydio.grpc.data.sync    ready
2024-06-30T22:31:06.516+0200    INFO    pydio.rest.acl  starting        {"service": "pydio.rest.acl", "hook router to": "/a/acl"}
2024-06-30T22:31:06.538+0200    INFO    pydio.grpc.data.objects Starting umbrella service pydio.grpc.data.objects. with sources     {"sources": ["local1"]}
2024-06-30T22:31:06.538+0200    INFO    pydio.grpc.data.objects ready
2024-06-30T22:31:06.548+0200    INFO    pydio.grpc.activity     ready
2024-06-30T22:31:06.581+0200    INFO    pydio.rest.update       starting        {"service": "pydio.rest.update", "hook router to": "/a/update"}
2024-06-30T22:31:06.582+0200    INFO    pydio.rest.workspace    starting        {"service": "pydio.rest.workspace", "hook router to": "/a/workspace"}
2024-06-30T22:31:06.591+0200    INFO    pydio.rest.log  starting        {"service": "pydio.rest.log", "hook router to": "/a/log"}
2024-06-30T22:31:06.592+0200    INFO    pydio.rest.templates    starting        {"service": "pydio.rest.templates", "hook router to": "/a/templates"}
2024-06-30T22:31:06.592+0200    INFO    pydio.rest.user-meta    starting        {"service": "pydio.rest.user-meta", "hook router to": "/a/user-meta"}
2024-06-30T22:31:06.593+0200    INFO    pydio.gateway.dav       ready
2024-06-30T22:31:06.593+0200    INFO    pydio.web.libreoffice   Skipping LibreOffice plugin as not enabled
2024-06-30T22:31:06.593+0200    INFO    pydio.rest.tree starting        {"service": "pydio.rest.tree", "hook router to": "/a/tree"}
2024-06-30T22:31:06.595+0200    INFO    pydio.generic.timer     ready
2024-06-30T22:31:06.595+0200    INFO    pydio.grpc.data.objects.peer    ready
2024-06-30T22:31:06.595+0200    INFO    pydio.grpc.update       ready
2024-06-30T22:31:06.602+0200    INFO    pydio.web.libreoffice   ready
2024-06-30T22:31:06.607+0200    INFO    pydio.grpc.tree ready
2024-06-30T22:31:06.626+0200    INFO    pydio.grpc.policy       MariaDB Detected - switching to specific migrations
2024-06-30T22:31:06.632+0200    INFO    pydio.grpc.policy       ready
2024-06-30T22:31:06.634+0200    INFO    pydio.rest.frontend     starting        {"service": "pydio.rest.frontend", "hook router to": "/a/frontend"}
2024-06-30T22:31:06.635+0200    INFO    pydio.grpc.user-key     ready
2024-06-30T22:31:06.649+0200    INFO    pydio.grpc.workspace    ready
2024-06-30T22:31:06.664+0200    INFO    pydio.grpc.data-key     ready
2024-06-30T22:31:06.692+0200    INFO    pydio.grpc.token        ready
2024-06-30T22:31:06.696+0200    INFO    pydio.grpc.acl  ready
2024-06-30T22:31:06.700+0200    INFO    pydio.grpc.docstore     ready
2024-06-30T22:31:06.708+0200    INFO    pydio.grpc.mailer       Starting mailer with sender 'disabled'
2024-06-30T22:31:06.709+0200    INFO    pydio.grpc.mailer       ready
2024-06-30T22:31:06.716+0200    INFO    pydio.grpc.role ready
2024-06-30T22:31:06.760+0200    INFO    pydio.grpc.meta ready
2024-06-30T22:31:06.772+0200    INFO    pydio.grpc.chat ready
2024-06-30T22:31:06.787+0200    INFO    pydio.grpc.user-meta    ready
2024-06-30T22:31:06.792+0200    INFO    pydio.grpc.user ready
2024-06-30T22:31:06.796+0200    INFO    pydio.grpc.oauth        Finished auth.InitRegistry
2024-06-30T22:31:06.797+0200    INFO    pydio.grpc.oauth        ready
2024-06-30T22:31:06.836+0200    INFO    pydio.web.oauth ready
2024-06-30T22:31:07.210+0200    INFO    pydio.grpc.tasks        ready
2024-06-30T22:31:07.281+0200    INFO    pydio.rest.search       ready
2024-06-30T22:31:07.281+0200    INFO    pydio.rest.jobs ready
2024-06-30T22:31:07.282+0200    INFO    pydio.grpc.search       ready
2024-06-30T22:31:07.282+0200    INFO    pydio.rest.mailer       ready
2024-06-30T22:31:07.283+0200    INFO    pydio.rest.config       ready
2024-06-30T22:31:07.283+0200    INFO    pydio.rest.share        ready
2024-06-30T22:31:07.284+0200    INFO    pydio.rest.activity     ready
2024-06-30T22:31:07.284+0200    INFO    pydio.rest.graph        ready
2024-06-30T22:31:07.284+0200    INFO    pydio.rest.meta ready
2024-06-30T22:31:07.284+0200    INFO    pydio.rest.auth ready
2024-06-30T22:31:07.287+0200    INFO    pydio.rest.policy       ready
2024-06-30T22:31:07.287+0200    INFO    pydio.rest.user ready
2024-06-30T22:31:07.287+0200    INFO    pydio.rest.acl  ready
2024-06-30T22:31:07.284+0200    INFO    pydio.rest.role ready
2024-06-30T22:31:07.288+0200    INFO    pydio.rest.update       ready
2024-06-30T22:31:07.288+0200    INFO    pydio.rest.workspace    ready
2024-06-30T22:31:07.289+0200    INFO    pydio.rest.log  ready
2024-06-30T22:31:07.289+0200    INFO    pydio.rest.templates    ready
2024-06-30T22:31:07.291+0200    INFO    pydio.rest.user-meta    ready
2024-06-30T22:31:07.291+0200    INFO    pydio.rest.tree ready
2024-06-30T22:31:07.292+0200    INFO    pydio.rest.frontend     ready
2024/06/30 20:31:07.298 INFO    redirected default logger       {"from": "stderr", "to": "caddy.logging.writers.cells"}
2024-06-30T22:31:07.298+0200    WARN    pydio.caddy.admin       admin endpoint disabled
2024-06-30T22:31:07.299+0200    INFO    pydio.gateway.websocket ready
2024-06-30T22:31:07.300+0200    WARN    pydio.caddy.tls stapling OCSP   {"error": "no OCSP stapling for [10.0.0.229]: no OCSP server specified in certificate"}
2024-06-30T22:31:07.300+0200    INFO    pydio.caddy.http.auto_https     skipping automatic certificate management because one or more matching certificates are already loaded      {"domain": "10.0.0.229", "server_name": "srv0"}
2024-06-30T22:31:07.301+0200    INFO    pydio.caddy.http.auto_https     automatic HTTP->HTTPS redirects are disabled        {"server_name": "srv0"}
2024-06-30T22:31:07.301+0200    INFO    pydio.caddy.tls.cache.maintenance       started background certificate maintenance  {"cache": "0x4007075900"}
2024-06-30T22:31:07.302+0200    INFO    pydio.caddy.http        enabling HTTP/3 listener        {"addr": ":5555"}
2024-06-30T22:31:07.303+0200    INFO    pydio.caddy.http.log    server running  {"name": "srv0", "protocols": ["h1","h2","h3"]}
2024-06-30T22:31:07.306+0200    INFO    pydio.caddy.tls storage cleaning happened too recently; skipping for now    {"storage": "FileStorage:/root/.config/pydio/cells/caddy", "instance": "e5c0ef3d-d2f8-4e1b-9fb9-44b6ff2e32a9", "try_again": 1719865867.3067896, "try_again_in": 86399.99999972}
2024-06-30T22:31:07.307+0200    INFO    pydio.caddy.tls finished cleaning storage units
2024-06-30T22:31:07.434+0200    INFO    pydio.grpc.data.objects.local1  ready
2024-06-30T22:31:07.436+0200    INFO    pydio.grpc.data.objects.local1  Starting local objects service local1 on /home/ubuntu/cells/data
2024-06-30T22:31:07.439+0200    INFO    pydio.grpc.data.objects.local1  Performing a first clean of minio stale data
2024-06-30T22:31:07.447+0200    INFO    pydio.grpc.data.sync.pydiods1   ready
2024-06-30T22:31:07.448+0200    INFO    pydio.grpc.data.sync.versions   ready
2024-06-30T22:31:07.459+0200    INFO    pydio.grpc.data.sync.thumbnails ready
2024-06-30T22:31:07.477+0200    INFO    pydio.grpc.data.index.versions  ready
2024-06-30T22:31:07.476+0200    INFO    pydio.grpc.data.index.pydiods1  ready
2024-06-30T22:31:07.487+0200    INFO    pydio.grpc.data.sync.cellsdata  ready
2024-06-30T22:31:07.490+0200    INFO    pydio.grpc.jobs Clean tasks with status Running
2024-06-30T22:31:07.501+0200    INFO    pydio.grpc.jobs Clean tasks with status Paused
2024-06-30T22:31:07.503+0200    INFO    pydio.grpc.jobs ready
2024-06-30T22:31:07.510+0200    INFO    pydio.grpc.data.sync.personal   ready
2024-06-30T22:31:07.516+0200    INFO    pydio.grpc.data.index.thumbnails        ready
2024-06-30T22:31:07.533+0200    INFO    pydio.grpc.data.index.cellsdata ready
2024-06-30T22:31:07.553+0200    INFO    pydio.grpc.data.index.personal  ready
2024-06-30T22:31:07.843+0200    INFO    pydio.grpc.data.objects.local1  IAM initialization complete
2024-06-30T22:31:08.697+0200    INFO    pydio.grpc.data.sync.thumbnails Index connected
2024-06-30T22:31:08.722+0200    INFO    pydio.grpc.data.sync.personal   Index connected
2024-06-30T22:31:08.724+0200    INFO    pydio.grpc.data.sync.pydiods1   Index connected
2024-06-30T22:31:08.724+0200    INFO    pydio.grpc.data.sync.versions   Index connected
2024-06-30T22:31:08.733+0200    INFO    pydio.generic.timer     Registering Job {"job": "actions.auth.prune.tokens"}
2024-06-30T22:31:08.734+0200    INFO    pydio.generic.timer     Registering Job {"job": "clean-expired-acls"}
2024-06-30T22:31:08.734+0200    INFO    pydio.generic.timer     Registering Job {"job": "clean-orphans-nodes"}
2024-06-30T22:31:08.735+0200    INFO    pydio.generic.timer     Registering Job {"job": "flush-mailer-queue"}
2024-06-30T22:31:08.736+0200    INFO    pydio.generic.timer     Registering Job {"job": "internal-prune-jobs"}
2024-06-30T22:31:08.738+0200    INFO    pydio.generic.timer     Registering Job {"job": "users-activity-digest"}
2024-06-30T22:31:08.733+0200    INFO    pydio.grpc.data.sync.thumbnails Successfully retrieved first object from bucket thumbs (35.254256ms)
2024-06-30T22:31:08.732+0200    INFO    pydio.grpc.data.sync.cellsdata  Index connected
2024-06-30T22:31:08.761+0200    INFO    pydio.grpc.data.sync.personal   Successfully retrieved first object from bucket personal (32.709926ms)
2024-06-30T22:31:08.774+0200    INFO    pydio.grpc.data.sync.versions   Successfully retrieved first object from bucket versions (47.583103ms)
2024-06-30T22:31:08.785+0200    INFO    pydio.grpc.data.sync.cellsdata  Successfully retrieved first object from bucket cellsdata (29.915035ms)
2024-06-30T22:31:08.799+0200    INFO    pydio.grpc.data.sync.pydiods1   Successfully retrieved first object from bucket pydiods1 (56.462737ms)

I can't find any useful documentation on how to run pydio cells behind a cloudflare tunnel, is it even possible?

andor-pierdelacabeza commented 1 month ago

@playaz44 , not sure about this but if you do a verbose curl to that endpoint that gives you a blank page in the browser, what does it say?

Something like this from the terminal:

curl -v https://subdomain.example.tld/

playaz44 commented 1 month ago

@playaz44 , not sure about this but if you do a verbose curl to that endpoint that gives you a blank page in the browser, what does it say?

Something like this from the terminal:

curl -v https://subdomain.example.tld/

ubuntu@instance-20220715-2018:~$ curl -v https://subdomain.example.tld
*   Trying 188.114.97.3:443...
* Connected to https://subdomain.example.tld (188.114.97.3) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=example.tld
*  start date: Jul 12 02:34:11 2024 GMT
*  expire date: Oct 10 02:34:10 2024 GMT
*  subjectAltName: host "https://subdomain.example.tld" matched cert's "*.example.tld"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0xbdae40f4dcc0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: https://subdomain.example.tld
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< date: Fri, 12 Jul 2024 07:49:53 GMT
< content-length: 0
< alt-svc: h3=":443"; ma=86400
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDFa1lAW%2BrKkNFnaSvyl9GFIE1fWHC6fSvjjTGZXzZ2JRj7eDTtLHbhpYnL5njhJINFSCB%2Btz9kAQmuhWS9%2ByJETGCAdchs2hiS8u8OOcj7Pxo4N8vw8fJ1315PJZEAHJ72jWMo%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; includeSubDomains; preload
< expect-ct: max-age=86400, enforce
< referrer-policy: same-origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< server: cloudflare
< cf-ray: 8a1f706f99b3bbf1-FRA
<
* Connection #0 to host subdomain.example.tld left intact

JMarcosHP commented 1 month ago

CellsSync is not working with cloudflare tunnels

JMarcosHP commented 1 month ago

You have to configure site like this:

+---+-------------------------+-------------+----------------------------+ | # | BIND(S) | TLS | EXTERNAL URL | +---+-------------------------+-------------+----------------------------+ | 0 | https://0.0.0.0:5555 | Self-signed | none | +---+-------------------------+-------------+----------------------------+

Then configure cloudflare tunnel with your ip:port 10.0.0.229:5555 and enable https, on TLS enable "noTLSVerify" and "http2 connection".

playaz44 commented 1 month ago

You have to configure site like this:

+---+-------------------------+-------------+----------------------------+ | # | BIND(S) | TLS | EXTERNAL URL | +---+-------------------------+-------------+----------------------------+ | 0 | https://0.0.0.0:5555 | Self-signed | none | +---+-------------------------+-------------+----------------------------+

Then configure cloudflare tunnel with your ip:port 10.0.0.229:5555 and enable https, on TLS enable "noTLSVerify" and "http2 connection".

Entering 0.0.0.0 as the IP address works, I didn't think about it, thank you for your help

pydio / cells

Cells not working behind cloudflare tunnel #574