Cloudlfare Tunnel

Hi all I’m new to Seafile would like to get some advice/help.

I’m running the service over my Cloudflare tunnel and can connect via the web with no issues ( i can updload and download fine ) only when I’m trying to connect via the client app Im unable to to connect with my own custom domain.it works fine on the lan ip’s and lan port numbers.

My setting on Cloudflare

my setting on seafile

service urls

{https}://domain.xxx

FILE_SERVER_ROOT

{https}://domain.xxx/seafhttp

I’m running it on docker Ubuntu and i have opened the port 8075 on my server firewall.

I forgot to mention I added the the port in my docker compose

ports:
- “8075:80”

i did remove the port number in my cloudflare setup , now i can view the files in the in the web browser , but still i cannot log in at all form any of the client apps ,

i just get logn failed …

the odd thing is I’m not seeing anything in logs , no login attempt at all

/seafile/seafile-data/logs/var-log/nginx

Ok i manged to get this to work ,

I’m also using prioxy manager and this i needed to add

There are some mistakes…
You should not open port 8075 on your router. That is why you use a tunnel.

Your service URLs should be
file.hennie.uk
file.hennie.uk/seafhttp

i did remove the port number in my cloudflare setup

This is incorrect. The tunnel is also your reverse proxy.

I’m also using prioxy manager and this i needed to add

This is totally unnecessary when using Cloudflare tunnels.

1 Like

My Nginx config:

# Required for OnlyOffice DocumentServer

map $http_x_forwarded_proto $the_scheme {

	default $http_x_forwarded_proto;

	"" $scheme;

}



map $http_x_forwarded_host $the_host {

	default $http_x_forwarded_host;

	"" $host;

}



map $http_upgrade $proxy_connection {

	default upgrade;

	"" close;

}

    server {
        listen 80;
        server_name  cloud.datanetwork.cloud www.cloud.datanetwork.cloud;
        rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
	server_tokens off;
    }
    server {
        listen 443 http2;
	server_name cloud.datanetwork.cloud www.cloud.datanetwork.cloud;

	location /stub_status {
	stub_status on;
	access_log off;
	# Security: Only allow access from the IP below.
	#allow 127.0.0.1;
	# Deny anyone else
	#deny all;
	}

        ssl_certificate /etc/letsencrypt/live/datanetwork.cloud/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/datanetwork.cloud/privkey.pem;

#	ssl_trusted_certificate /etc/letsencrypt/live/datanetwork.cloud/fullchain.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_ecdh_curve secp384r1;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-D:ECDHE-RSA-CHACHA20-POLY1305-D:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384';
	#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
	#ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-D:ECDHE-RSA-CHACHA20-POLY1305-D:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384';

	ssl_stapling on;
	ssl_stapling_verify on;
    #    ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;

	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
        proxy_set_header X-Forwarded-For $remote_addr;

 #       add_header Strict-Transport-Security "max-age=15552000; always";
	add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
        server_tokens off;

	location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
	 proxy_set_header   X-Forwarded-Proto https;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

        location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://127.0.0.1:8082;
            client_max_body_size 0;
	    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
            proxy_send_timeout  36000s;
            send_timeout  36000s;
	    proxy_request_buffering off;
        }
        location /media {
            root /home/boubou/cloud/seafile/seafile-server-latest/seahub;
        }

  #   Seafdav with WSGI behind Nginx
        location /webdav {
            proxy_pass         http://127.0.0.1:8070/webdav;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_read_timeout  86400s;
          # This option is only available for Nginx >= 1.8.0. See more details below.
            client_max_body_size 0; 
            proxy_request_buffering off;
            access_log      /var/log/nginx/webdav.access.log;
            error_log       /var/log/nginx/webdav.error.log;
    }



    #
    # onlyofficeds

    #

       location /onlyofficeds/ {

            # IMPORTANT ! - Trailing slash !
            proxy_pass http://127.0.0.1:88/;
            proxy_http_version 1.1;
            client_max_body_size 100M; # Limit Document size to 100MB
            proxy_read_timeout 3600s;
            proxy_connect_timeout 3600s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $proxy_connection;

        # IMPORTANT ! - Subfolder and NO trailing slash !
            proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;		
            proxy_set_header X-Forwarded-Proto $the_scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

}
1 Like

maybe it can help you

Wow its not so often I get a response on my posts this is a Great community !!

So my setup is working :slight_smile:

I prefer to use proxy manager and point all the services to my container, so all the traffic is contained or pointed to the actual container IP.

So in portainer I see the ip adress is 172.22.0.4 for my app then ill point proxy manager to IP 172.22.0.1

Did you check for DNS / IPV4 * IPV6 issues? Does name resolution work at all externally? Does it try to connect to IPV6 or IPV4? Is there any service on IPV6 running? E.g. Fritzbox?