I installed Seafile (version 7.0.5 stable) on a rpi3 B+ with mysql and nginx. The files are installed on a usb storage.
The domain name of my rpi3 will be denoted “pidom” and my local ip adress “locip”.
I can access (without nginx, through http://locip:8000 or http://pidom:8000) the web application, login as admin, upload and download files.
But with nginx, it’s an other story.
First I configured it using the instructions of Seafile documentation and I enabled the HTTPS (with DH algorithm).
The secure process seems ok : I checked my website on https://www.ssllabs.com/ssltest/index.html and I got an “A+” hurrah.
Then, requesting “http:mydom”, I get redirected (with “https”, (that’s ok)) to the login page. I can log in to the web application but immediately after I obtain a white page, completely white. I tried with different web browsers, refreshing, same problem. The source code of the white page doesn’t show any problems and I don’t see any errors in the seafile, seahub log files.
I am thinking a problem with my nginx configuration, I would appreciate if you can have a look.
I removed the default file in “/etc/nginx/sites-availables” and the symlink in sites-enables and I create the file “/etc/nginx/sites-availables/seafile.conf” and its symbolic link in sites-enables. Here is its content:
server {
listen 80;
server_name pidom;
rewrite ^ https://$http_host$request_uri? permanent;
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/pidom/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pidom/privkey.pem;
server_name pidom;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /media/user/usb/seafile/seafile-server-latest/seahub;
}
}
Also I redirected the ports 8000,8082,80,433,443 to locip.
I can synchronize folder/files with the seafile client in https.
what could be the problem ?
Since my configuration is working through “http:mydom:8000”, I don’t think it’s a problem with the seafile’s or seahub’s configuration files.
EDIT: I have the following error for seahug.log:
2019/12/09 00:02:46 [error] 2509#2509: *2548 open() "/media/user/usb/seafile/seafile-server-latest/seahub/media/assets/frontend/js/app.faa7ba429394.js" failed (13: Permission denied), client: 192.168.1.1, server: pidom, request: "GET /media/assets/frontend/js/app.faa7ba429394.js HTTP/1.1", host: "pidom", referrer: "https://pidom"
It seems it’s a permission error.
All my directories and file in my seafile installation are user:user and in the 777 mode (by the way isn’t it too much ? 755 is always sufficient ?) (following Nginx file permissions in seahub/media/)