Hi there, I’m a new user of Seafile. Thank you very much for building the great software! I’m filling this feature request for a scenario where the seafile server is behind a reverse proxy (like pangolin, or Cloudflare tunnel) that needs another layer of authentication.
The issue is, when seafile server runs behind the reverse proxy and the proxy requires an extra authentication, mobile client and desktop client can’t handle this and won’t be able to log in. Currently the workaround is to expose the seafile directly to the internet without proxy authentication. However, most such reverse proxies accept authentication with special HTTP headers (like token headers). If the desktop/mobile client can allow such configuration during login (and sends the headers for all the subsequent requests to the domain), the software can stay behind the proxy while functional. This solves problem for mobile/desktop client specifically.
How did you manage to get the clients to work with Pangolin bypass? I tried several different ways and just could not get the Sync client to connect. I checked Seafile docs and I must’ve missed it but I didn’t see it explicitly stated what the URL looks like from the client that then needs to be entered as bypass in Pangolin.
All that said, I also support this feature request!
I just found this Feature Request via google as I was searching for the exact same solution. As I know, no file sync/share software (nextcloud, owncloud, opencloud etc.) is supporting this mechanism. So it would be a great USP for Seafile, especially for the selfhosted/homelab community
Maybe a short info what it is about:
Adding siginifcant security to the selfhosted, exposed seafile server by using Zero Trust.
The seafile server is exposed via a Cloudflare tunnel or a Pangolin instance.
Local Seafile Server ↔ Cloudflare Tunnel or Pangolin (VPS Server) ↔ Seafile Clients
Every seafile user is getting a secret token that he adds into his client (as a custom proxy header).
Only requests with a valid token are forwarded from the Cloudflare/Pangolin tunnel to the seafile server.
One popular software that has this implemented is Immich.
