Force domain name over WAN IP


I have a running Seafile server which works via a domain name. If you try to connect to it with HTTP, it will force you to HTTPS. Still, you can connect to it with the WAN IP followed by “:8000”. You can also use https://WANIP to connect to it(unsfe website, no certificates. My domain name has let’s encrypt certificates).

How do I force Seafile to use my domain name? I have it specified everywhere(I can upload and download, my seafhttp directory is correctly too, just saying). I use Duck DNS.

Greetings and thanks in advance.

There is not any easy solution. You have to let this work cause of proxy pass. So this is maybe FEATURE REQUEST @daniel.pan?

Oh okay, I thought I was doing something wrong. Glad to hear that it should be like that.

Isn’t this approach a little bit unsafe? The Seafile server is accessible through HTTP and (unprotected, I can fix that I guess?) HTTPS, doesn’t seem like best practice to me.

And your users know your IP? If not then it’s doesn’t matter. HTTPS not adding some special security. It’s security for users and their comunication with server. If you have accesable server over HTTP and public IP it’s not backdoor.

If your server is behind NAT, then just block 8000 port so no one from WAN can access it over IP/directly.

Well, they don’t. But by simply using ping in a cmd window you get the IP of my Seafile server.

I blocked port 8000, my server is now not available anymore via HTTP. Thank you so much!

Yes, but why user will do it?

I don’t know now if it only irony :smiley:

I don’t know, maybe people with bad intentions(I’m by far not an expert but HTTP is not considered safe AFAIK).

I am being serious btw, I wanted to disable the possibility of users accessing my server via HTTP and by blocking port 8000 they can’t do that anymore.

HTTPS only encrypt data which you send to server (for example if you send form for login, then is your password and login encrypted) so if some one listening he see that you send some request to your server but don’t see what you send. So basicaly if some one upload file over HTTP, the “hacker” can get it. But he have to have access between you and server and if he have this access your server running over HTTP is your smallest problem. But always is block unsecured connection, protocols, aplications, user accounts etc …

Ok that cleared up my confusion. Thank you so much for your help!