Cannot upload/access files correctly

lug-sf · August 15, 2017, 12:42pm

Hi,
i just installed seafile and got some problems.

First of all my setup:
seafile is installed on a vm (ubuntu 16.04) with NAT internet access. (ip 192.168.123.1)
to access the seahub i use nginx reverse proxy like this:

server {
        listen 443;
        ssl on;
        ssl_certificate         /etc/nginx/ssl/fullchain.pem;
        ssl_certificate_key     /etc/nginx/ssl/privkey.pem;

        server_name             mydomain.example.org;

        location / {
                proxy_pass http://192.168.123.1:8000;
        }
}

and to access the seafile server i created a nat rule to forward incoming port 8082 tcp on the external ip to the port 8082 on 192.168.123.1

So when i directly access the seahub by entering http://192.168.123.1:8000/ i can use everything just perfect.

Entering the page by https://mydomain.example.org/ i can download files (port forwarding of 8082 works) but not upload files. I get unknown error on the seahub.

The Android app works perfectly, i can download and upload.
Windows Drive Client login does work, but it only shows a folder “my library” without contents, file upload not possible.
error log: [08/15/17 11:11:09] http-tx-mgr.c(1214): Bad response code for GET https://mydomain.example.org/seafhttp/protocol-version: 404.
gui error log:

[08/15/17 11:12:42] Unable to get config value download_limit: Config not exists
[08/15/17 11:12:42] Unable to get config value upload_limit: Config not exists

Cisco · August 15, 2017, 12:48pm

This can may be able to help you
https://manual.seafile.com/deploy/https_with_nginx.html

lug-sf · August 15, 2017, 1:10pm

I don’t think thats my problem, because it works on certain devices, maybe android doesn’t ask for the protocol-version.
Even if I try to open the 404 page in the same network, so without any port forwarding or reverse proxy, it shows 404.

http://192.168.123.1:8000/seafhttp/protocol-version

lug-sf · August 21, 2017, 6:49am

Anyone who can help me debugging/tell me what to look for?

Cisco · August 21, 2017, 7:23am

Show your complete configuration of nginx

Cisco · August 21, 2017, 7:39am

Try with this configuration:

server {
    listen 80;
    server_name your.domain.com www.your.domain.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 http2;
    server_name your.domain.com www.your.domain.com;

    ssl on;
    ssl_certificate         /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key     /etc/nginx/ssl/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA;";

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_ecdh_curve prime256v1:secp384r1;

    location / {
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        Host $http_host;
    proxy_intercept_errors  on;
    proxy_pass                  http://192.168.123.1:8000;

    }
}

lug-sf · August 21, 2017, 8:40am

So on the seafile server this is my config at the moment:

server {
    listen 80;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
        fastcgi_pass    127.0.0.1:8000;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param    SERVER_PROTOCOL        $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param    SERVER_ADDR         $server_addr;
        fastcgi_param    SERVER_PORT         $server_port;
        fastcgi_param    SERVER_NAME         $server_name;
        fastcgi_param   REMOTE_ADDR         $remote_addr;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
        fastcgi_read_timeout 36000;
        client_max_body_size 0;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }

    location /media {
        root /home/seafile/cloud/seafile-server-latest/seahub;
    }
}

I havent set a server name option, because I use this reverse proxy config on another server to access it:

server {
        listen 443;
        ssl on;
        ssl_certificate         /etc/nginx/ssl/fullchain.pem;
        ssl_certificate_key     /etc/nginx/ssl/privkey.pem;

        server_name             mydomain.example.org;

        location / {
                  proxy_set_header        X-Real-IP $remote_addr;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header        X-Forwarded-Proto $scheme;
                    proxy_set_header        Host $http_host;
                    proxy_intercept_errors  on;
                proxy_pass      http://192.168.123.1;
        }
}

I now know why the upload doesn’t work an the SSL secured site: when trying to upload a file it connects to http://mydomain.example.org:8082, which works, but chrome blocks it because of mixed content (non ssl request on a ssl site)
At least the windows clients work now because of the /seafhttp location in nginx (i didnt configure that before)

Would be nice if i could get the website uploading working too, do you have an idea?