How to make seafile work on ssl

Seafile Server
#1

I have managed to get seafile work on my internal ip as well as external ip on my raspberry pi. I have used seafile 6.2.3 version plus nginx and have generated ssl certs/keys etc.

i have port forwarded 80 to internal pi ip address and the same port as nginx which is 8000. This works as i can access seafile from outside of my LAN. My mobile can sync as well both inside LAN and outside of LAN through port 80.

FYI I also run
PIVPN that runs on port UDP/TCP 443

Issue 1:
The issue comes when i try to use SSL by following all the guides that are available. I change nginx to run on 8001 as I dont want to use 443 because I run openvpn tcp on that and port-share option of openvpn does not work well for me for some reason. I make the chanes in ccnet.conf and seahub_settings.py, restart seahub on fastcgi. For router port forwarding I just match 8001 to 8001 as 443 to 8001 will stop my openvpn traffic.
Once i have done the above, the page does not load at all. I dont know why but I wonder if anyone with all these services i.e. pivpn running have managed to do this?

Issue 2:
One more thing that I have not fully understood is on the settings page (web interface) I had to keep the FILE_SERVER_ROOT = http://192.168.1.86:8082 as this. Any other settings just does not work. I had to use the same setting under seahub_settings.py as well.

although my HTTP_SERVER_ROOT = ‘https://xxx.ddns.net:8000/seafhttp’ in both seahub_settings.py and under settings page on web gui.

If I change FILE_SERVER_ROOT = https://192.168.1.86:8082 it stops working and if change it to FILE_SERVER_ROOT = ‘https://xxx.ddns.net:8000’ or ‘https://xxx.ddns.net:8082’ or ‘http://xxx.ddns.net:8082’ it does not work.

I want to understand what should go in here and how it affects seafile.

If any one has any input, please share.
Thanks
V

#2

I have been writting a guide about how to setup Seafile on Ubuntu 16.04 LTS but the configuration for NGINX should be the same, take alook at it.

https://nohatech.se/how-to-setup-seafile-with-ubuntu-server-16-04-lts/

#3

Regarding Issue #1: are you using memcached? Post your nginx configuration from /etc/nginx/sites-enabled/you_conf

regards,

#4

hi, I re-installed seafile. I am using 6.2.3 version. I also added port-share option on both openvpn.conf files as 443 and 80 to local webserver 127.0.0.1 443 and 127.0.0.1 80 respectively

I cannot upload files anymore not sure what the issue is. I also can’t seem to access the page as https:// from inside or outside of lan.

here are config files as requested
GNU nano 2.2.6 File: seafile.conf

server {
listen 80;
server_name xxxx.ddns.net;
ssl on;
ssl_certificate /etc/nginx/ssl/seahub.crt;
ssl_certificate_key /etc/nginx/ssl/seahub.key;
client_max_body_size 10G; # set max upload size

proxy_set_header X-Forwarded-For $remote_addr;

location / {
     proxy_pass         http://127.0.0.1:8000;
     proxy_set_header   Host $host;
     proxy_set_header   X-Real-IP $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header   X-Forwarded-Host $server_name;
     proxy_read_timeout  1200s;

     # used for view/edit office file via Office Online Server
     client_max_body_size 0;

     access_log      /var/log/nginx/seahub.access.log;
     error_log       /var/log/nginx/seahub.error.log;
}

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://127.0.0.1:8082;
    client_max_body_size 0;

    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;

    send_timeout  36000s;
}
location /media {
    root /home/pi/seafile/seafile-server-latest/seahub;
}

}

ccnet.conf

[General]
USER_NAME = paperplane
ID = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
NAME = paperplane
SERVICE_URL = https://xxxxx.ddns.net:80

seafile.conf

[fileserver]
port = 8082
host = 127.0.0.1
worker_threads = 15

seahub_settings.py

-- coding: utf-8 --

SECRET_KEY = “xxxxxxxxxxxxxxx”
FILE_SERVER_ROOT = ‘https://xxxxxxxxxxxxxxx.ddns.net/seafhttp

#5

doesnt the Nginx config file need to have a rule for listening to port 443 as well? or this is not needed if it gets proxied from your local web server?