“Failed to load files” on iOS after closing seafile app (nginx) (fastcgi) (certbot)

Seafile works fine through the browser and syncs fine with my desktop client. I have the latest raspberry pi server installed, configured with nginx, fastcgi, and I recently installed certbot (note: I had the same issue with self-signed cert). The iOS client works fine for a day or so. However, starting at some point in server version 5, every time I attempt to access a file (mostly PDFs) it starts the download and when the file pulls up to load an X appears with a dialogue that says “failure to load file”. The only way to correct the problem is to remove the account from my iOS app account list and then add it again. After I do this it works fine, however, when I attempt to access any file in any of my encrypted libraries the next day I will get the same error. So it seems like it may be related to an expiration of some sort of authentication which is specific to the iOS client. Any help would be appreciated.


USER_NAME = [user]
ID = [unique_id]
NAME = [user]
SERVICE_URL = https://[domain.duckdns.org]    [Network]
PORT = 10001

PORT = 13419

ENGINE = mysql
USER = root
PASSWD = [root_password]
DB = ccnet-db


type = mysql
host =
user = root
password = [root_password]
db_name = seafile-db
connection_charset = utf8

port = 12001

port = 8082

port = 8000
fastcgi = true

keep_days = 180`


SECRET_KEY = "[secret_key]"
FILE_SERVER_ROOT = 'https://[domain.duckdns.org]/seafhttp'

    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'root',
        'PASSWORD': '[root_password]',
        'HOST': 'localhost',
#        'OPTIONS': {
#            'init_command': 'SET storage_engine=INNODB',
#        }

#    'default': {
#	'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
#	'LOCATION': '',
#    }


user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

#	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;


server {
    listen 80;
    listen [::]:80;
    server_name [domain.duckdns.org];
    rewrite ^ https://$http_host$request_uri? permanent;

server {
    listen 443;
    listen [::]:443;
    server_name [domain.duckdns.org];

    ssl on;
    ssl_certificate /etc/letsencrypt/live/[domain.duckdns.org]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[domain.duckdns.org]/privkey.pem;
    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location '/.well-known/acme-challenge' {
        default_type "text/plain";
        root /var/www/certbot;

    location / {
        fastcgi_param   SCRIPT_FILENAME     	$document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           		$fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     	$server_protocol;
        fastcgi_param   QUERY_STRING        	$query_string;
        fastcgi_param   REQUEST_METHOD      	$request_method;
        fastcgi_param   CONTENT_TYPE       	$content_type;
        fastcgi_param   CONTENT_LENGTH      	$content_length;
        fastcgi_param   SERVER_ADDR        	$server_addr;
        fastcgi_param   SERVER_PORT         	$server_port;
        fastcgi_param   SERVER_NAME         	$server_name;
        fastcgi_param   REMOTE_ADDR         	$remote_addr;
        fastcgi_param   HTTPS               		on;
        fastcgi_param   HTTP_SCHEME         	https;

        access_log      		/var/log/nginx/seahub.access.log;
        error_log       		/var/log/nginx/seahub.error.log;
        fastcgi_read_timeout 	36000;

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        client_max_body_size 0;
        proxy_connect_timeout 36000s;
        proxy_read_timeout 36000s;
        proxy_send_timeout 36000s;
        send_timeout 36000s;

        access_log      /var/log/nginx/seafhttp.access.log;
        error_log      /var/log/nginx/seafhttp.error.log;


    location /media {
        root /home/pi/[media_directory];

Yes, this is a bug in using encrypted libraries. It will be fixed in the next release. You can also turn on “local decryption” to bypass the problem.

Thank you for the response. I hadn’t seen this posted anywhere else so I thought I had done something wrong. I turned on “local depryption” as suggested and it works perfectly.