oCIS using Cloudflare Tunnels
The Issue
I wanted to use my mini home server as a NAS. However, I didn’t want to make a full homelab but just a simple self-hosted cloud storage alternative. Knowing I’d want to go down this road, when I installed in Ubuntu Server onto the hardware, I opted-in to install NextCloud. However, my fresh NextCloud installation felt slow on my more-than-sufficient hardware. So I went down the rabbit-hole of self-hosted cloud storage.
Every blog, forum, and Reddit post recommended to “just use NextCloud”, but I was set on finding a faster alternative. I stumbled upon Seafile, an open-source cloud storage alternative written in C which touted faster performance than the PHP-based NextCloud. Perfect, right? I set it up with Docker and it was fast, but there was one glaring issue for me. The company behind Seafile is based in China and although the code is open-source, the code had not been audited as far as I could tell. This was a dealbreaker for me, so my hunt continued. I looked into File Cloud, Pydio Cells, Filestash, and dufs.
The Solution
Finally, I stumbled upon ownCloud Infinite Scale–a rewrite of ownCloud in Go. Harnessing the speed of Go made it much faster than its PHP-based siblings (ownCloud 10 and NextCloud). And so, already being a fan of Go, I was sold. I began to work to set it up on my server but encountered some confusion due to documentation for oCIS being located on two different sites, https://doc.owncloud.com and https://owncloud.dev/ocis. So, here is a walkthrough of how I setup oCIS on my server with Cloudflare Tunnels.
NOTE: if you do not already have Cloudflare Tunnels setup, see my guide.
Setup oCIS
Download the oCIS binary. A list of recent binaries can be found here, simply edit this command with the desired binary.
sudo wget -O /usr/local/bin/ocis \
https://download.owncloud.com/ocis/ocis/stable/5.0.0/ocis-5.0.0-linux-amd64
Make the binary executable.
sudo chmod +x /usr/local/bin/ocis
Create an oCIS service file in /etc/systemd/system/.
# /etc/systemd/system/ocis.service
[Unit]
Description=OCIS server
[Service]
Type=simple
User=root
Group=root
EnvironmentFile=/etc/ocis/ocis.env
ExecStart=ocis server
Restart=always
[Install]
WantedBy=multi-user.target
Then, make the directory for the environment file.
sudo mkdir /etc/ocis/
Create the env file.
# /etc/ocis/ocis.env
OCIS_INSECURE=true
PROXY_HTTP_ADDR=0.0.0.0:9200
OCIS_URL=https://owncloud.<domain>
OCIS_LOG_LEVEL=error
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis
Initialize the oCIS configuration.
ocis init --config-path /etc/ocis
Be sure to save save the admin password from the console output.
=========================================
generated OCIS Config
=========================================
configpath : /etc/ocis/ocis.yaml
user : admin
password : password
Enable the oCIS service.
systemctl enable --now ocis
NOTE: whenever changes are made to the environment file, be sure to run systemctl restart ocis.
Configure the Cloudflare Tunnel
Update your cloudflared config file.
# ~/.cloudflared/config.yml
tunnel: <tunnel_uuid>
credentials-file: /home/<user>/.cloudflared/<tunnel_uuid>.json
originRequest:
noTLSVerify: true
ingress:
- hostname: owncloud.<domain>
service: https://localhost:9200
Validate ingress rules.
cloudflared tunnel ingress validate
Assign a CNAME record that points traffic from your domain/subdomain to your tunnel.
cloudflared tunnel route dns <tunnel_uuid or tunnel_name> owncloud.<domain>
Copy your config from ~/.cloudflared/ to /etc/cloudflared/.
sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml
Restart the cloudflared service.
sudo systemctl restart cloudflared
NOTE: if you have a firewall setup, you may need to add a rule to allow traffic on port 9200.