How do we move /seafdav to a custom path (for security by obscurity purposes) if we’re using nginx? I replaced /seafdav in seafile/conf/seafdav.conf with my own path, and made relevant replacements also in nginx config, but gettin 502 by nginx.
Is the path not customizable? Or is there a path length limit?
For some reason I continue getting 502, although the paths got replaced verbatim in both seafdav & nginx configs.
This seems to be another victim of the overly complicated setup that comes with docker. As far as I can tell, if you want to do that you are going to need to bypass the nginx built into the seafile docker container, because it has /seafdav built into its unchangeable config. That config looks like:
-*- mode: nginx -*-
# Auto generated at 01/14/2025 14:29:43
server {
listen 80;
server_name files.north-by-northwest.com;
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_read_timeout 36000s;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /notification/ping {
proxy_pass http://127.0.0.1:8083/ping;
access_log /var/log/nginx/notification.access.log seafileformat;
error_log /var/log/nginx/notification.error.log;
}
location /notification {
proxy_pass http://127.0.0.1:8083/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /var/log/nginx/notification.access.log seafileformat;
error_log /var/log/nginx/notification.error.log;
}
location /seafdav {
rewrite ^/seafdav$ /seafdav/ permanent;
}
location /seafdav/ {
proxy_pass http://127.0.0.1:8080/seafdav/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /:dir_browser {
# Logo of WebDAV
proxy_pass http://127.0.0.1:8080/:dir_browser;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
In your seafile-server.yml file you will need to add at least port 8080 like this. While you are there you could also add 8000 and 8082 if you want to bypass the nginx in the container for those as well, if you think you might want to make similar customization to other parts.
ports:
- "8080:8080"
Then you can copy the /seafdav section to your reverse proxy, changing the address it forwards to to be the IP of your server (instead of 127.0.0.1), and set the path to whatever you want.
Let me be clear, this is what I think you need to do, but I haven’t used seafdav, and haven’t tested this, so I don’t know that it is all you will need to do.