cells
cells copied to clipboard
pydio
Cells not working behind cloudflare tunnel
📝 Describe the bug
Cells website not working behind cloudflare tunnel proxy, it's shown only blank page.
⚙️ How-to Reproduce
Steps to reproduce the behavior:
Configure cf tunnel proxy, set url https://ip:port, enable http2
Configure cells sites with same url and provide proxy url, select self-gen cert
Run cells
Done
🩺 Environment / Setup
Complete the following information:
Server Versions:
- Cells Version 4.4.3
- MariaDB/MySQL version 10.6.18
- Server OS: Ubuntu 22
- Other dependencies (MongoDB, Nats, ETCd, etc) none
Client used for testing:
- Browser chrome 126
- Client OS / mobile device, etc... not related
Additional context:
- Datasource type : flat/structured, storage type, etc... not related
- Add any other context about the problem here.
I can access pydio cells throught ip but not throught cloudflare tunnel.
My current sites config:
+---+-------------------------+-------------+----------------------------+
| # | BIND(S) | TLS | EXTERNAL URL |
+---+-------------------------+-------------+----------------------------+
| 0 | https://10.0.0.229:5555 | Self-signed | https://subdomain.example.tld |
+---+-------------------------+-------------+----------------------------+
When I open cells url then in logs can see entry, so connection is established and working. I have websockets and http2 on in configuration cf tunnel. No matters if I switch to http or change url or whatever, cells always return blank page if it accessed from cloudflare.
2024-06-30T22:20:37.813+0200 INFO pydio.caddy.http.log.access NOP {"request": {"client_ip":"10.0.0.229","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Encoding":["gzip, br"],"Accept-Language":["pl,cs;q=0.9,en;q=0.8,ru;q=0.7"],"Cache-Control":["max-age=0"],"Cdn-Loop":["cloudflare"],"Cf-Access-Jwt-Assertion":["eyJraWQiOiI2ZDYxNWYwMzkyMTE3ZGMwYzQ5NTYyNmMyYzVkYzVjYTg0YzJjYmRjNzU3YjNjZGNkMTUzODQwNzZmNTAwZjJmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJ0eXBlIjoiYXBwIiwiYXVkIjoiNzk1MzA4NjJiMTViOTkwM2JhZWZhZTc0YTU3N2Q1ZGRhMDVlNzc2MmVmMDg4N2RkMTQxODA4NTUzMGJhYzQ1ZSIsImV4cCI6MTcxOTc3ODg0NywiaXNzIjoiaHR0cHM6XC9cL3BsYXlhejQ0LmNsb3VkZmxhcmVhY2Nlc3MuY29tIiwiaWF0IjoxNzE5Nzc4ODM3LCJzdWIiOiIifQ.pUW_MD3V0t15TDJpkmGuFrImSf96X4JFcJ5e9wEw6cSnLSdC00d842N2wujw_pOU5plUdlvzCHFnER83SB8pUVs1FLIFGrDelA4nnZkxMS7Agx2hwrk6Fw2AK0EV0bXoHjKRlHCnAPKXGYYNhSSXcfZI0uVAK20CaD14R-d7TH9vo1CfuW__K5LINTiP651zxGnBY4732CXR5dKmuZRIJAGIRJcsNz9Usd6ijD2FDB-IE44SrqwvYqUwQpwpA6b0SmTI-B0DhjuznSXM0JQLbZj5_BRetfvHvm7eg6nVLsJaBGvIXXdvs35DS8sCM5obuzpnNCCeoXUDAkE6KJz7HA"],"Cf-Cert-Presented":["false"],"Cf-Cert-Revoked":["false"],"Cf-Cert-Verified":["false"],"Cf-Connecting-Ip":["254.69.153.188"],"Cf-Connecting-Ipv6":["2a09:bac5:27af:137::1f:75"],"Cf-Ipcity":["Prague"],"Cf-Ipcontinent":["EU"],"Cf-Ipcountry":["CZ"],"Cf-Iplatitude":["50.08830"],"Cf-Iplongitude":["14.41240"],"Cf-Postal-Code":["110 00"],"Cf-Pseudo-Ipv4":["254.69.153.188"],"Cf-Ray":["89c0dba7fdffb348-PRG"],"Cf-Region":["Prague"],"Cf-Region-Code":["10"],"Cf-Timezone":["Europe/Prague"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Warp-Tag-Id":["e3b332a0-4b7e-4f89-ae9d-2df39330528b"],"Cookie":["REDACTED"],"Dnt":["1"],"Priority":["u=0, i"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"X-Forwarded-For":["254.69.153.188"],"X-Forwarded-Proto":["https"]},"host":"subdomain.example.tld","method":"GET","proto":"HTTP/2.0","remote_ip":"10.0.0.229","remote_port":"36594","tls":{"cipher_suite":4865,"proto":"h2","resumed":false,"server_name":"","version":772},"uri":"/"}, "bytes_read": 0, "user_id": "", "duration": 0.000004, "resp_headers": {"Alt-Svc":["h3=\":5555\"; ma=2592000"],"Server":["Caddy"]}, "status": 0, "size": 0}
Pydio startup logs:
Binary:
Package: Pydio Cells Home Edition
Version: 4.4.3
BuildTime: 17 Jun 24 16:41 +0000
Git Commit: e04b2537bbda5a3607069ef7dad76fe96a19bc9c
Go Version: go1.21.11
OS/arch: linux/arm64
Drivers:
Registry: mem:///registry
Broker: mem:///broker
Config: file:///root/.config/pydio/cells/pydio.json
Vault: file:///root/.config/pydio/cells/pydio-vault.json
Keyring: file:///root/.config/pydio/cells/cells-vault-key
Certificates: file:///root/.config/pydio/cells/certs
Cache: bigcache:///cache
ShortCache: pm:///shortcache
Queue: mem:///queue
Persisting Queue: file:///queue
Networking:
Hostname: instance-20220715-2018
Advertise: 127.0.0.1
Monitoring:
Metrics: false
Profiles: false
Build Settings:
-buildmode: exe
-compiler: gc
-trimpath: true
CGO_ENABLED: 0
GOARCH: arm64
GOOS: linux
vcs: git
vcs.revision: e04b2537bbda5a3607069ef7dad76fe96a19bc9c
vcs.time: 2024-06-17T16:36:00Z
vcs.modified: false
2024-06-30T22:31:06.431+0200 INFO pydio.grpc.broker ready
2024-06-30T22:31:06.432+0200 INFO pydio.grpc.config ready
2024-06-30T22:31:06.432+0200 INFO pydio.grpc.registry ready
2024-06-30T22:31:06.433+0200 INFO pydio.grpc.log ready
2024-06-30T22:31:06.434+0200 INFO pydio.server.manager Discovery services started, carry on to other services
2024-06-30T22:31:06.456+0200 INFO pydio.gateway.grpc Configuring self-signed configuration for gRPC gateway to allow full TLS chain.
2024-06-30T22:31:06.460+0200 INFO pydio.rest.search starting {"service": "pydio.rest.search", "hook router to": "/a/search"}
2024-06-30T22:31:06.477+0200 INFO pydio.web.statics ready
2024-06-30T22:31:06.487+0200 INFO pydio.rest.jobs starting {"service": "pydio.rest.jobs", "hook router to": "/a/jobs"}
2024-06-30T22:31:06.488+0200 INFO pydio.rest.mailer starting {"service": "pydio.rest.mailer", "hook router to": "/a/mailer"}
2024-06-30T22:31:06.490+0200 INFO pydio.gateway.grpc ready
2024-06-30T22:31:06.492+0200 INFO pydio.grpc.statics ready
2024-06-30T22:31:06.494+0200 INFO pydio.grpc.versions ready
2024-06-30T22:31:06.495+0200 INFO pydio.rest.config starting {"service": "pydio.rest.config", "hook router to": "/a/config"}
2024-06-30T22:31:06.496+0200 INFO pydio.rest.share starting {"service": "pydio.rest.share", "hook router to": "/a/share"}
2024-06-30T22:31:06.497+0200 INFO pydio.gateway.data ready
2024-06-30T22:31:06.498+0200 INFO pydio.gateway.wopi ready
2024-06-30T22:31:06.503+0200 INFO pydio.rest.meta starting {"service": "pydio.rest.meta", "hook router to": "/a/meta"}
2024-06-30T22:31:06.503+0200 INFO pydio.rest.graph starting {"service": "pydio.rest.graph", "hook router to": "/a/graph"}
2024-06-30T22:31:06.504+0200 INFO pydio.rest.role starting {"service": "pydio.rest.role", "hook router to": "/a/role"}
2024-06-30T22:31:06.507+0200 INFO pydio.rest.auth starting {"service": "pydio.rest.auth", "hook router to": "/a/auth"}
2024-06-30T22:31:06.508+0200 INFO pydio.rest.activity starting {"service": "pydio.rest.activity", "hook router to": "/a/activity"}
2024-06-30T22:31:06.508+0200 INFO pydio.rest.policy starting {"service": "pydio.rest.policy", "hook router to": "/a/policy"}
2024-06-30T22:31:06.509+0200 INFO pydio.rest.user starting {"service": "pydio.rest.user", "hook router to": "/a/user"}
2024-06-30T22:31:06.509+0200 INFO pydio.grpc.data.sync Starting umbrella service pydio.grpc.data.sync. with sources {"sources": ["pydiods1", "personal", "cellsdata", "versions", "thumbnails"]}
2024-06-30T22:31:06.510+0200 INFO pydio.grpc.data.sync ready
2024-06-30T22:31:06.516+0200 INFO pydio.rest.acl starting {"service": "pydio.rest.acl", "hook router to": "/a/acl"}
2024-06-30T22:31:06.538+0200 INFO pydio.grpc.data.objects Starting umbrella service pydio.grpc.data.objects. with sources {"sources": ["local1"]}
2024-06-30T22:31:06.538+0200 INFO pydio.grpc.data.objects ready
2024-06-30T22:31:06.548+0200 INFO pydio.grpc.activity ready
2024-06-30T22:31:06.581+0200 INFO pydio.rest.update starting {"service": "pydio.rest.update", "hook router to": "/a/update"}
2024-06-30T22:31:06.582+0200 INFO pydio.rest.workspace starting {"service": "pydio.rest.workspace", "hook router to": "/a/workspace"}
2024-06-30T22:31:06.591+0200 INFO pydio.rest.log starting {"service": "pydio.rest.log", "hook router to": "/a/log"}
2024-06-30T22:31:06.592+0200 INFO pydio.rest.templates starting {"service": "pydio.rest.templates", "hook router to": "/a/templates"}
2024-06-30T22:31:06.592+0200 INFO pydio.rest.user-meta starting {"service": "pydio.rest.user-meta", "hook router to": "/a/user-meta"}
2024-06-30T22:31:06.593+0200 INFO pydio.gateway.dav ready
2024-06-30T22:31:06.593+0200 INFO pydio.web.libreoffice Skipping LibreOffice plugin as not enabled
2024-06-30T22:31:06.593+0200 INFO pydio.rest.tree starting {"service": "pydio.rest.tree", "hook router to": "/a/tree"}
2024-06-30T22:31:06.595+0200 INFO pydio.generic.timer ready
2024-06-30T22:31:06.595+0200 INFO pydio.grpc.data.objects.peer ready
2024-06-30T22:31:06.595+0200 INFO pydio.grpc.update ready
2024-06-30T22:31:06.602+0200 INFO pydio.web.libreoffice ready
2024-06-30T22:31:06.607+0200 INFO pydio.grpc.tree ready
2024-06-30T22:31:06.626+0200 INFO pydio.grpc.policy MariaDB Detected - switching to specific migrations
2024-06-30T22:31:06.632+0200 INFO pydio.grpc.policy ready
2024-06-30T22:31:06.634+0200 INFO pydio.rest.frontend starting {"service": "pydio.rest.frontend", "hook router to": "/a/frontend"}
2024-06-30T22:31:06.635+0200 INFO pydio.grpc.user-key ready
2024-06-30T22:31:06.649+0200 INFO pydio.grpc.workspace ready
2024-06-30T22:31:06.664+0200 INFO pydio.grpc.data-key ready
2024-06-30T22:31:06.692+0200 INFO pydio.grpc.token ready
2024-06-30T22:31:06.696+0200 INFO pydio.grpc.acl ready
2024-06-30T22:31:06.700+0200 INFO pydio.grpc.docstore ready
2024-06-30T22:31:06.708+0200 INFO pydio.grpc.mailer Starting mailer with sender 'disabled'
2024-06-30T22:31:06.709+0200 INFO pydio.grpc.mailer ready
2024-06-30T22:31:06.716+0200 INFO pydio.grpc.role ready
2024-06-30T22:31:06.760+0200 INFO pydio.grpc.meta ready
2024-06-30T22:31:06.772+0200 INFO pydio.grpc.chat ready
2024-06-30T22:31:06.787+0200 INFO pydio.grpc.user-meta ready
2024-06-30T22:31:06.792+0200 INFO pydio.grpc.user ready
2024-06-30T22:31:06.796+0200 INFO pydio.grpc.oauth Finished auth.InitRegistry
2024-06-30T22:31:06.797+0200 INFO pydio.grpc.oauth ready
2024-06-30T22:31:06.836+0200 INFO pydio.web.oauth ready
2024-06-30T22:31:07.210+0200 INFO pydio.grpc.tasks ready
2024-06-30T22:31:07.281+0200 INFO pydio.rest.search ready
2024-06-30T22:31:07.281+0200 INFO pydio.rest.jobs ready
2024-06-30T22:31:07.282+0200 INFO pydio.grpc.search ready
2024-06-30T22:31:07.282+0200 INFO pydio.rest.mailer ready
2024-06-30T22:31:07.283+0200 INFO pydio.rest.config ready
2024-06-30T22:31:07.283+0200 INFO pydio.rest.share ready
2024-06-30T22:31:07.284+0200 INFO pydio.rest.activity ready
2024-06-30T22:31:07.284+0200 INFO pydio.rest.graph ready
2024-06-30T22:31:07.284+0200 INFO pydio.rest.meta ready
2024-06-30T22:31:07.284+0200 INFO pydio.rest.auth ready
2024-06-30T22:31:07.287+0200 INFO pydio.rest.policy ready
2024-06-30T22:31:07.287+0200 INFO pydio.rest.user ready
2024-06-30T22:31:07.287+0200 INFO pydio.rest.acl ready
2024-06-30T22:31:07.284+0200 INFO pydio.rest.role ready
2024-06-30T22:31:07.288+0200 INFO pydio.rest.update ready
2024-06-30T22:31:07.288+0200 INFO pydio.rest.workspace ready
2024-06-30T22:31:07.289+0200 INFO pydio.rest.log ready
2024-06-30T22:31:07.289+0200 INFO pydio.rest.templates ready
2024-06-30T22:31:07.291+0200 INFO pydio.rest.user-meta ready
2024-06-30T22:31:07.291+0200 INFO pydio.rest.tree ready
2024-06-30T22:31:07.292+0200 INFO pydio.rest.frontend ready
2024/06/30 20:31:07.298 INFO redirected default logger {"from": "stderr", "to": "caddy.logging.writers.cells"}
2024-06-30T22:31:07.298+0200 WARN pydio.caddy.admin admin endpoint disabled
2024-06-30T22:31:07.299+0200 INFO pydio.gateway.websocket ready
2024-06-30T22:31:07.300+0200 WARN pydio.caddy.tls stapling OCSP {"error": "no OCSP stapling for [10.0.0.229]: no OCSP server specified in certificate"}
2024-06-30T22:31:07.300+0200 INFO pydio.caddy.http.auto_https skipping automatic certificate management because one or more matching certificates are already loaded {"domain": "10.0.0.229", "server_name": "srv0"}
2024-06-30T22:31:07.301+0200 INFO pydio.caddy.http.auto_https automatic HTTP->HTTPS redirects are disabled {"server_name": "srv0"}
2024-06-30T22:31:07.301+0200 INFO pydio.caddy.tls.cache.maintenance started background certificate maintenance {"cache": "0x4007075900"}
2024-06-30T22:31:07.302+0200 INFO pydio.caddy.http enabling HTTP/3 listener {"addr": ":5555"}
2024-06-30T22:31:07.303+0200 INFO pydio.caddy.http.log server running {"name": "srv0", "protocols": ["h1","h2","h3"]}
2024-06-30T22:31:07.306+0200 INFO pydio.caddy.tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/root/.config/pydio/cells/caddy", "instance": "e5c0ef3d-d2f8-4e1b-9fb9-44b6ff2e32a9", "try_again": 1719865867.3067896, "try_again_in": 86399.99999972}
2024-06-30T22:31:07.307+0200 INFO pydio.caddy.tls finished cleaning storage units
2024-06-30T22:31:07.434+0200 INFO pydio.grpc.data.objects.local1 ready
2024-06-30T22:31:07.436+0200 INFO pydio.grpc.data.objects.local1 Starting local objects service local1 on /home/ubuntu/cells/data
2024-06-30T22:31:07.439+0200 INFO pydio.grpc.data.objects.local1 Performing a first clean of minio stale data
2024-06-30T22:31:07.447+0200 INFO pydio.grpc.data.sync.pydiods1 ready
2024-06-30T22:31:07.448+0200 INFO pydio.grpc.data.sync.versions ready
2024-06-30T22:31:07.459+0200 INFO pydio.grpc.data.sync.thumbnails ready
2024-06-30T22:31:07.477+0200 INFO pydio.grpc.data.index.versions ready
2024-06-30T22:31:07.476+0200 INFO pydio.grpc.data.index.pydiods1 ready
2024-06-30T22:31:07.487+0200 INFO pydio.grpc.data.sync.cellsdata ready
2024-06-30T22:31:07.490+0200 INFO pydio.grpc.jobs Clean tasks with status Running
2024-06-30T22:31:07.501+0200 INFO pydio.grpc.jobs Clean tasks with status Paused
2024-06-30T22:31:07.503+0200 INFO pydio.grpc.jobs ready
2024-06-30T22:31:07.510+0200 INFO pydio.grpc.data.sync.personal ready
2024-06-30T22:31:07.516+0200 INFO pydio.grpc.data.index.thumbnails ready
2024-06-30T22:31:07.533+0200 INFO pydio.grpc.data.index.cellsdata ready
2024-06-30T22:31:07.553+0200 INFO pydio.grpc.data.index.personal ready
2024-06-30T22:31:07.843+0200 INFO pydio.grpc.data.objects.local1 IAM initialization complete
2024-06-30T22:31:08.697+0200 INFO pydio.grpc.data.sync.thumbnails Index connected
2024-06-30T22:31:08.722+0200 INFO pydio.grpc.data.sync.personal Index connected
2024-06-30T22:31:08.724+0200 INFO pydio.grpc.data.sync.pydiods1 Index connected
2024-06-30T22:31:08.724+0200 INFO pydio.grpc.data.sync.versions Index connected
2024-06-30T22:31:08.733+0200 INFO pydio.generic.timer Registering Job {"job": "actions.auth.prune.tokens"}
2024-06-30T22:31:08.734+0200 INFO pydio.generic.timer Registering Job {"job": "clean-expired-acls"}
2024-06-30T22:31:08.734+0200 INFO pydio.generic.timer Registering Job {"job": "clean-orphans-nodes"}
2024-06-30T22:31:08.735+0200 INFO pydio.generic.timer Registering Job {"job": "flush-mailer-queue"}
2024-06-30T22:31:08.736+0200 INFO pydio.generic.timer Registering Job {"job": "internal-prune-jobs"}
2024-06-30T22:31:08.738+0200 INFO pydio.generic.timer Registering Job {"job": "users-activity-digest"}
2024-06-30T22:31:08.733+0200 INFO pydio.grpc.data.sync.thumbnails Successfully retrieved first object from bucket thumbs (35.254256ms)
2024-06-30T22:31:08.732+0200 INFO pydio.grpc.data.sync.cellsdata Index connected
2024-06-30T22:31:08.761+0200 INFO pydio.grpc.data.sync.personal Successfully retrieved first object from bucket personal (32.709926ms)
2024-06-30T22:31:08.774+0200 INFO pydio.grpc.data.sync.versions Successfully retrieved first object from bucket versions (47.583103ms)
2024-06-30T22:31:08.785+0200 INFO pydio.grpc.data.sync.cellsdata Successfully retrieved first object from bucket cellsdata (29.915035ms)
2024-06-30T22:31:08.799+0200 INFO pydio.grpc.data.sync.pydiods1 Successfully retrieved first object from bucket pydiods1 (56.462737ms)
I can't find any useful documentation on how to run pydio cells behind a cloudflare tunnel, is it even possible?
