oCIS using Cloudflare Tunnels
4 Apr 2024The Issue
I wanted to use my mini home server as a NAS. However, I didn’t want to make a full homelab but just a simple self-hosted cloud storage alternative. Knowing I’d want to go down this road, when I installed in Ubuntu Server onto the hardware, I opted-in to install NextCloud. However, my fresh NextCloud installation felt slow on my more-than-sufficient hardware. So I went down the rabbit-hole of self-hosted cloud storage.
Every blog, forum, and Reddit post just recommended using NextCloud, but I was set on finding a faster alternative. Then I stumbled upon Seafile, an open-source cloud storage alternative written in C which touted performance faster than the PHP-based NextCloud. Perfect, right? After setting it up with Docker and it was fast, but there was one glaring issue for me. The company behind Seafile was based in China and though the code is open-source, the code had not been audited as far as I could tell. This was a dealbreaker for me, so my hunt continued. I looked into File Cloud, Pydio Cells, Filestash, and dufs.
The Solution
Finally, I stumbled upon ownCloud Infinite Scale–a rewrite of ownCloud in Go. This meant it could harness the speed of Go, making much faster than it’s PHP-based brothers, ownCloud 10 and NextCloud. Already being a fan of Go, I was sold. I began working on getting it setup on my server but encountered some confusion due to documentation for oCIS being located on two different sites, https://doc.owncloud.com and https://owncloud.dev/ocis. I have outlined the process I used to setup oCIS on my server that uses Cloudflare Tunnels.
NOTE: if you do not already have Cloudflare Tunnels setup, you should do so first by following my guide.
Setup oCIS
Download the oCIS binary:
sudo wget -O /usr/local/bin/ocis \
https://download.owncloud.com/ocis/ocis/stable/5.0.0/ocis-5.0.0-linux-amd64
NOTE: a list of recent binaries can be found here, simply edit the previous command with the desired binary.
Make the binary executable:
sudo chmod +x /usr/local/bin/ocis
Create the oCIS service file in /etc/systemd/system/:
# /etc/systemd/system/ocis.service
[Unit]
Description=OCIS server
[Service]
Type=simple
User=root
Group=root
EnvironmentFile=/etc/ocis/ocis.env
ExecStart=ocis server
Restart=always
[Install]
WantedBy=multi-user.target
Make the directory for the env file:
sudo mkdir /etc/ocis/
Configure the env file:
# /etc/ocis/ocis.env
OCIS_INSECURE=true
PROXY_HTTP_ADDR=0.0.0.0:9200
OCIS_URL=https://owncloud.<hostname>
OCIS_LOG_LEVEL=error
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis
Initialize the oCIS configuration:
ocis init --config-path /etc/ocis
NOTE: be sure to save save the admin password from the console output.
=========================================
generated OCIS Config
=========================================
configpath : /etc/ocis/ocis.yaml
user : admin
password : password
Enable the oCIS service:
systemctl enable --now ocis
NOTE: whenever changes are made to the env file, be sure to run systemctl restart ocis.
Configure the Cloudflare Tunnel
Update your cloudflared config file:
# .cloudflared/config.yml
tunnel: <tunnel_uuid>
credentials-file: /home/<user>/.cloudflared/<tunnel_uuid>.json
originRequest:
noTLSVerify: true
ingress:
- hostname: owncloud.<hostname>
service: https://localhost:9200
Validate ingress rules:
cloudflared tunnel ingress validate
Assign a CNAME record that points traffic to your tunnel domain/subdomain:
cloudflared tunnel route dns <tunnel_uuid or tunnel_name> owncloud.<hostname>
Copy the config.yml from ~/.cloudflared/ to /etc/cloudflared/:
sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml
Restart the cloudflared service:
sudo systemctl restart cloudflared