How to set up a Seafile Server with a valid and free SSL-Certificate


#1

My little tutorial may not work for everybody but for me its the perfect solution. What you need:

  • Seafile server with local IP-Adress
  • Self-signed certificate
  • Any DynDSN-Service (if you don’t have a fixed public IP-address)
  • DNS-Access to your domain name
  • Free Cloudflare-Account

Step 1
Set up the seafile server with a self-signed SSL-certificate. The server has an internal IP-address, lets say 192.168.0.5 and is listening to SSL-Port 8001

So, if you open the web interface with https://192.168.0.5:8001 you will get a message that the certificate is unsecure.

Next step is to open the ports in your router to grant access from outside. Redirect port 443 to internal IP 192.168.0.5 and port 8001

Its very important that you forward external Port 443 because the free Cloudflare service (description below) only supports the ports 80 and 443.


Step 2
This step is only needed if you don’t have a fixed public IP-address:

One of your devices in your local network should run a DynDNS-Client. It’s not important for which service you decide. This tutorial should work with any DynDSN-provider.

Lets say, that your DynDNS-name is seafile.dyndns.org


Step 3
Now you need a free Cloudflare-account. Add your Domain name to this account and follow the instructions of the Cloudflare website. They will generate a free SSL-certificate for your domain (including wildcard-names).

When your domain name is activated in your cloudflare account add a DNS-entry for your Seafile-server. It has to be a CNAME entry pointing to your DynDNS-name. The cloud icon on the right side has to be active (orange) for this entry.

Example:
CNAME seafile.yourdomain.xyz --> seafile.dyndns.org

If you have a fixed public IP-address you can make an A-record pointing to your IP instead.

Make sure that your Seafile-server is responding on seafile.yourdomain.xyz

Check the Cloudflare “Crypt” settings tab. The SSL-mode has to be set to Full. This setting will encrypt the connection between your website visitors and Cloudflare, and from Cloudflare to your server. The difference between Full and Full (Strict) is that Full (Strict) checks for a valid certificate on your origin server, whereas Full checks for any certificate. You will need to have an SSL certificate on your server. However, Cloudflare will not attempt to validate the certificate (certificates may be self-signed).


Thats it! Your Seafile server should now be accessible with https://seafile.yourdomain.xyz without any warning messages. The same domain name can be used with the Seafile clients.


#2

If you don’t need other features from Cloudflare, a cleaner solution would be to just use a free SSL certificate from Let’s Encrypt.

Also, instead of using a CNAME record, you could use a DDNS service that supports custom domains (these can be free as well).

(Just providing some alternatives, your suggestions are useful.)


#3

I agree. But implementing a LetsEncrypt certificate is a bit more complicated and on top comes that you have to open Port 80 for renewal. My solution doesn’t need that so it’s a bit easier to handle (for me).