Seafile 6.2.2 CE: When I want to share a file and start searching for a user in the share dialogl, the avatar is missing. The API request returns “http://127.0.0.1:8000/media/avatars/…” as avatar_url which is not right I guess.
Avatars in general (profile, login, etc.) are working fine.
I experienced the same Issue. Not only with the avatars but with the 2F-Authentication also.
Tested with Version 6.2.5 (CE) and 6.2.9 (Pro):
Apache config according to server manual (HTTPS Reverse Proxy)
Avatars in Share Dialogue are tried to load from “http://127.0.0.1:8000”: Avatars are broken, HTTPS OK
Title for Entry in Google Authenticator is “127.0.0.1:8000”.
Apache config according to server manual (HTTPS Reverse Proxy) with ProxyPreserveHost ON
Avatars are requested from the correct domain on port 80, redirected by apache to 443 and displayed coorectly. The HTTPS Icon in the Browser changed to broken because of the redirect from port 80.
Title in Google Authenticator is correct domain without ports.
Is it possible that in this relavant code snippets the server/port part of the URLS is taken from the HTTP-Request reaching 127.0.0.1:8000 and not from the config (where it should be the correct domain)?
After upgrading to 6.2.X, I had a very similar issue. The API returned http instead of https:, but mine was at login. I finally came up with a solution. I am on NGinx, but I would assume that Apache has a similar setting somewhere.
The fix involves changing the NGinx config file for the site. Replacing proxy_set_header Host $host; with proxy_set_header Host $host:$server_port; did the trick.
With 6.3.0 I finally have to switch to WSGI, but I’m still struggling with a working Apache config for avatars because they are still partially delivered via http and not https.
I found workarounds for both existing problems with avatars (windows client & API call in share dialog), but they should be both https in the first place.
As a temporary solution I just rewrite the http calls to https. But with the strict browser settings I am using, the share dialog will still produce mixed content. I could solve this with changing
"avatar_url": request.build_absolute_uri(url),
to
"avatar_url": url,
in seahub\seahub\api2\endpoints\search_user.py (Line 172).
By the way, I would suggest to change the default values of USE_X_FORWARDED_HOST and SECURE_PROXY_SSL_HEADER in Django for the next-version of Seafile, so that the user doesn’t have to change the seahub_setting.py. The apache configuration in the document is also needed to update.
Yes, thanks for sharing, I notice your solution now cause didn’t got notification.
Did I got it right that seahub shares configuration directives with build-in gunicorn? Or USE_X_FORWARDED_HOST and SECURE_PROXY_SSL_HEADER are seahub only which saying how to start gunicorn?