My seafile server is established via HTTP, whose url is http://xxx.xxx.xxx.xxx:8000. I’ve learnt that HTTPS is safer than HTTP. Then, does that mean my HTTP server is in danger and easy to be attacked? And why is HTTPS is safer than HTTP?
Sorry for beeing blunt, but if you don’t even know the difference between http and https you shouldn’t expose your Seafile server to the internet.
HTTPS encrypts the internet traffic. Communication via HTTP is unencrypted. If you only use seafile within your LAN, there is nothing to be afraid of.
So please do yourself a favor an learn the basics of internet communication before setting up your own server.
How can I change my http server into https on windows system? I didn’t find it in the documents.
You talking about the client, right? Seafile Server on Windows is long gone…
Seafile itself doesn’t support HTTPS, you have to put a reverse proxy in front of it (on the server side). Which is described in the manual.
Thanks! But I am indeed talking about the Windows server…Then, will it work if I set HTTPS with nginx on my Windows Seafile server?
- Take a look for this post:
- You can also use a ssl certificate by Let´s Encrypt. There are a lot of tutorials if you search for “iis lets encrypt”.
You can do, what @Termi2 wrote. But i strongly suggest that you switch to the actual Linux version. Version 6 is vulnerable to Log4j. If you use Seafile only internally, this is halfway okay, but then you don’t have to worry about HTTPS also.
Basically, the topic HTTPS is not to be discussed here at all. Seafile runs as a server internally on Gunicorn. If you add HTTPS (which you want to do in almost any case), you configure a reverse proxy such as Nginx.
Even the question shows that you should first learn what a web server is and how to install certificates.
If I only have a public IP and don’t have a domain name, can I get a CA certificate?
Hello, Termi2. I’m referring to this document to configure my Windows server (I’m using HTTP for now), but I’m not successful. I don’t know the reference value of this document, because I didn’t find the
seafile-data/seafile.conf file mentioned in it on my seafile server. The seafile version I use is seafile 6.0.7 for Windows server.
I think, I should first use nginx to successfully configure the HTTP-based seafile server before proceeding to the next HTTPS attempt (I have already obtained a certificate). Can you please tell me how to implement it? Is there any more reference material? Thanks!
Problem solved. The location of file
seafile-server\conf. Now the seafile server can be accessed successfully via HTTP.
The next step is to repeat the configuration for HTTPS. I hope everything goes well.
HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP .
I am very curious that if I only use the HTTP protocol in my seafile service, will the data my users upload on the clients be sent to the seafile server in plaintext? Doesn’t seafile itself carry out any encryption measures in data transmission?
You need to encrypt the transport layer (HTTPS) if you want any kind of security. The server has some rest encryption functionality, but since the passwords for it would be transmitted over HTTP, you might as well consider them compromised.
Windows should be ce. It doesn’t use java, does it? Without it cannot be vulnerable to log4j.
Do you have a fixed public IP or a dynamic IP?
You can get a domain name for your public IP easily with a DynDNS service, such as no-ip.com. Check with your internet router, which DNS services are supported, so that the router updates your domain-name with the current IP address if it changes.
Thank you all of you! Your suggestions are very useful and timely to me!