HTTPS via Nginx: Upload working, download failing/stalling

Seafile Server
1

Hi there,

I enabled HTTPS with Nginx according to the manual. Currently running Version 9.0.7 over Win 10 with WSL/Ubuntu.
Webpage, login etc. is working and I can upload files with no problem at all. I can also see all my files, but downloads are not working or get stuck after a few KB. Sometimes I get 0 KB, my record is 912 KB. Which means, that I can download VERY small files, if I’m lucky. Not usable at the moment.

Current settings (via admin over the web page)
(h ttps = https):
SERVICE_URL h ttps://my-secret-server.de
FILE_SERVER_ROOT h ttps://my-secret-server.de/seafhttp

When setting it to the unsecure HTTP URLs and opening the page without nginx downloads are working again:
SERVICE_URL h ttp://my-secret-server.de:8000
FILE_SERVER_ROOT h ttp://my-secret-server.de:8082

Tried so many variants within the nginx seafile config and everything. Trying for days now and am officially stuck.
Would really appreciate the help.
Thanks!

log_format seafileformat ‘$http_x_forwarded_for $remote_addr [$time_local] “$request” $status $body_bytes_sent “$http_referer” “$http_user_agent” $upstream_response_time’;

server {
listen 80;
server_name secret-server.de;

rewrite ^ https://$http_host$request_uri? permanent; # Forced redirect from HTTP to HTTPS
server_tokens off; # Prevents the Nginx version from being displayed in the HTTP response header

#proxy_set_header X-Forwarded-For $remote_addr;

}

server {
listen 443 ssl;
#ssl on;
ssl_certificate /etc/letsencrypt/live/secret-server.de/fullchain.pem; # Path to your fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/secret-server.de/privkey.pem; # Path to your privkey.pem
server_name secret-server.de;
server_tokens off;

location / {
     proxy_pass         http://127.0.0.1:8000;
     #proxy_set_header   Host $host:8000;
   #proxy_set_header Host $host:$server_port;
   proxy_set_header   Host $host;
     proxy_set_header   X-Real-IP $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header   X-Forwarded-Host $server_name;
     proxy_read_timeout  1200s;

     # used for view/edit office file via Office Online Server
     client_max_body_size 0;

     access_log      /var/log/nginx/seahub.access.log seafileformat;
     error_log       /var/log/nginx/seahub.error.log;
}

#################################################################################

If you are using FastCGI,

which is not recommended, you should use the following config for location /.

location / {

fastcgi_pass 127.0.0.1:8000;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_script_name;

fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param QUERY_STRING $query_string;

fastcgi_param REQUEST_METHOD $request_method;

fastcgi_param CONTENT_TYPE $content_type;

fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SERVER_ADDR $server_addr;

fastcgi_param SERVER_PORT $server_port;

fastcgi_param SERVER_NAME $server_name;

fastcgi_param REMOTE_ADDR $remote_addr;

fastcgi_read_timeout 36000;

client_max_body_size 0;

access_log /var/log/nginx/seahub.access.log;

error_log /var/log/nginx/seahub.error.log;

}

#################################################################################

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://127.0.0.1:8082;
    client_max_body_size 0;
  
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
  
  proxy_request_buffering off;

    send_timeout  36000s;

    access_log      /var/log/nginx/seafhttp.access.log seafileformat;
    error_log       /var/log/nginx/seafhttp.error.log;
}
location /media {
    #root /opt/seafile/seafile-server-latest/seahub;
  root /mnt/c/SERVER/Linux/seafile-server-9.0.7/seahub;
}

}

2

Please post your other conf files (redact the DB password):

  • seahub_settings.py
  • seafile.conf
  • ccnnet.conf
3

seahub_settings.py

# -*- coding: utf-8 -*-
SECRET_KEY = "++++super-secret+++++"

seafile.conf

[fileserver]
port=8082

#host = 127.0.0.1  ## default port 0.0.0.0

# Set maximum upload file size to 200M.
max_upload_size=2048000

# Set maximum download directory size to 200M.
max_download_dir_size=20480000

ccnet.conf

[General]
USER_NAME = Secret-Server
ID = a51cac*******************
NAME = Secret-Server
#SERVICE_URL = http://192.168.0.20:8000
#SERVICE_URL = https://secret-server.de
#SERVICE_URL = https://192.168.0.20
#SERVICE_URL = https://secret-server.de:8000
#SERVICE_URL = https://192.168.0.20:8000


[Client]
PORT = 13419

Like I posted before I set the service_url and file_server_root over the admin console over the web page.

Thanks!

4

Is this your entire seahub_settings.py?

Please add the directive

proxy_set_header   X-Forwarded-Proto https;

to your nginx.conf in the location /

That’s what I found right away.

5

Yes, all the settings are done in the admin console, which overwrites the settings within the seahub_settings.py anyway.
Thanks for the tip, unfortunately nothing has changed.

6

This is certainly incorrect. Some parameters in seahub_settings.py are dispensable when using the web settings (such as FILE_SERVER_ROOT or SITE_ROOT). Some are not.

Where do you feed seahub the database credentials? This block is necessary in seahub_settings.py:

## MYSQL-Database
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub_db',
        'USER': 'seafile',
        'PASSWORD': 'secret_password',
        'HOST': '127.0.0.1',
        'PORT': '3306',
    }
}

I am surprised your Seahub works at all without the db config.

You can also enable debugging mode by setting

DEBUG = True

in seahub_settings.py.
This might give you some helpful messages in seahub.log.

7

Problem solved?