Closed playaz44 closed 1 month ago
@playaz44 , not sure about this but if you do a verbose curl
to that endpoint that gives you a blank page in the browser, what does it say?
Something like this from the terminal:
curl -v https://subdomain.example.tld/
@playaz44 , not sure about this but if you do a verbose
curl
to that endpoint that gives you a blank page in the browser, what does it say?Something like this from the terminal:
curl -v https://subdomain.example.tld/
ubuntu@instance-20220715-2018:~$ curl -v https://subdomain.example.tld
* Trying 188.114.97.3:443...
* Connected to https://subdomain.example.tld (188.114.97.3) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=example.tld
* start date: Jul 12 02:34:11 2024 GMT
* expire date: Oct 10 02:34:10 2024 GMT
* subjectAltName: host "https://subdomain.example.tld" matched cert's "*.example.tld"
* issuer: C=US; O=Google Trust Services; CN=WE1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0xbdae40f4dcc0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: https://subdomain.example.tld
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< date: Fri, 12 Jul 2024 07:49:53 GMT
< content-length: 0
< alt-svc: h3=":443"; ma=86400
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDFa1lAW%2BrKkNFnaSvyl9GFIE1fWHC6fSvjjTGZXzZ2JRj7eDTtLHbhpYnL5njhJINFSCB%2Btz9kAQmuhWS9%2ByJETGCAdchs2hiS8u8OOcj7Pxo4N8vw8fJ1315PJZEAHJ72jWMo%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; includeSubDomains; preload
< expect-ct: max-age=86400, enforce
< referrer-policy: same-origin
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< server: cloudflare
< cf-ray: 8a1f706f99b3bbf1-FRA
<
* Connection #0 to host subdomain.example.tld left intact
CellsSync is not working with cloudflare tunnels
You have to configure site like this:
+---+-------------------------+-------------+----------------------------+ | # | BIND(S) | TLS | EXTERNAL URL | +---+-------------------------+-------------+----------------------------+ | 0 | https://0.0.0.0:5555 | Self-signed | none | +---+-------------------------+-------------+----------------------------+
Then configure cloudflare tunnel with your ip:port
10.0.0.229:5555
and enable https, on TLS enable "noTLSVerify" and "http2 connection".
You have to configure site like this:
+---+-------------------------+-------------+----------------------------+ | # | BIND(S) | TLS | EXTERNAL URL | +---+-------------------------+-------------+----------------------------+ | 0 | https://0.0.0.0:5555 | Self-signed | none | +---+-------------------------+-------------+----------------------------+
Then configure cloudflare tunnel with your
ip:port
10.0.0.229:5555
and enable https, on TLS enable "noTLSVerify" and "http2 connection".
Entering 0.0.0.0 as the IP address works, I didn't think about it, thank you for your help
📝 Describe the bug
Cells website not working behind cloudflare tunnel proxy, it's shown only blank page.
⚙️ How-to Reproduce
Steps to reproduce the behavior:
Configure cf tunnel proxy, set url
https://ip:port
, enable http2 Configure cells sites with same url and provide proxy url, select self-gen cert Run cells Done🩺 Environment / Setup
Complete the following information:
Server Versions:
Client used for testing:
Additional context:
I can access pydio cells throught ip but not throught cloudflare tunnel.
My current sites config:
When I open cells url then in logs can see entry, so connection is established and working. I have websockets and http2 on in configuration cf tunnel. No matters if I switch to http or change url or whatever, cells always return blank page if it accessed from cloudflare.
Pydio startup logs:
I can't find any useful documentation on how to run pydio cells behind a cloudflare tunnel, is it even possible?