Hi, me again.
So I really tried to get this to work today and stumbled across post 5943
This is working for me after I had regenerated my local certificat.
I also specified a way to host pydio as http, you would need to add a second entry in cloudflare using http2 on your grpc port for pydio sync. Though using tls works for me so I would recommend using that.
Cloudflare (see above post):
- Enabled gRPC:
- Dashboard/Domain/Network/gRPC |-> On
- Enable HTTP2,NoTLSVerify:
- Dashboard/Zero Trust/Networks/Tunnels/Configure/Public Hostname/Edit/Create/Additional app settings/TLS |-> On (required type: https)
Local/Docker:
- Allow port (tcp) via firewall
- Docker:
- Add
--protocol http2to cloudflare
- using docker compose: cloudflare-tunnel-service >
command: tunnel run --protocol http2 ...
My working compose file:
services:
cloudflare-tunnel:
container_name: cloudflare-tunnel
image: cloudflare/cloudflared:latest
restart: unless-stopped
command: tunnel run --protocol http2
env_file:
# env requires: `TUNNEL_TOKEN=...` (also make this `chmod 600`)
- ./envionment.env
networks:
- default
- cloudflare
services:
pydio:
image: lscr.io/linuxserver/pydio-cells:latest
hostname: pydio
container_name: pydio
restart: unless-stopped
environment:
# Linuxserver docs: https://docs.linuxserver.io/images/docker-pydio-cells/#docker-cli-click-here-for-more-info
- PUID=1000
- PGID=1000
# - TZ=Europe/Berlin
- SERVER_IP=0.0.0.0:8080
- EXTERNALURL=https://cloudflare.domain
- CELLS_LOG_DIR=/config/log
- CELLS_WORKING_DIR=/config
- CELLS_DATA=/config/data
# Uncomment following env and grpc port to use http (no TLS)
# - CELLS_BIND=0.0.0.0:8080
# - CELLS_EXTERNAL=https://cloudflare.domain
# - CELLS_NO_SSL=1
# - CELLS_GRPC_EXTERNAL=50051
networks:
- cloudflare
- pydio
ports:
- "8080:8080" # http (frontend)
# - "50051:50051" # gRPC, cloudflare fix: https://forum.pydio.com/t/how-to-configure-pydio-cloudflare-tunnel-to-support-cellssync/5943/2
depends_on:
- "db"
volumes:
# fix storage issues: https://forum.pydio.com/t/cannot-add-storages-in-pydio-cells/4000
- ${PYDIO_ROOT}:/config
- ${PYDIO_DATA}:/config/data
- ${PYDIO_SHARED}:/config/shared-media:z # Shared media => use "existing data import"
deploy:
resources:
limits:
cpus: '2.0' # max 100% on 2 cores
memory: 2G
mysql:
image: mysql:latest
hostname: pydio-db
container_name: pydio-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: ${MSQL_PWD}
MYSQL_DATABASE: ${PYDIO_DB}
MYSQL_USER: ${PYDIO_DB_USR}
MYSQL_PASSWORD: ${PYDIO_DB_PWD}
command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci]
volumes:
- ${MYSQL_DATA}:/var/lib/mysql
networks:
- pydio
networks:
cloudflare:
name: cloudflare
internal: true
pydio:
name: pydio
internal: true
Note: When I had cert issues, I regenerated the config after deleting config/certs, then restart the docker container.
$ docker exec -it --user=1000 pydio bash
1000@pydio:/# cells configure sites
The following sites are currently defined:
+---+----------------------+-------------+------------------------+
| # | BIND(S) | TLS | EXTERNAL URL |
+---+----------------------+-------------+------------------------+
| 0 | https://0.0.0.0:8080 | Self-signed | https://cloudflare.dom |
+---+----------------------+-------------+------------------------+
> Quit