Hello all,
I’m experiencing an issue where my nginx reverse proxy is simply redirecting my clients to the actual seafile/hub web interface.
Here’s my config:
server {
listen 443 ssl;
server_name seafileproxy.mydomain.com;
proxy_set_header X-Real-IP $remote_addr;
ssl on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache shared:TLS:2m;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_dhparam /opt/cert/dhparams.pem;
ssl_certificate /etc/letsencrypt/live/you.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/you.com/privkey.pem;
location ^~ /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass https://192.168.0.1:443;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ / {
proxy_pass https://192.168.0.1:443;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
Are there any suggestions for what I’m missing here? Can provide any other info that might be needed.
EDIT: found my solution. Working conf file in next reply.
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name seafileproxy.whatever.com;
proxy_set_header X-Real-IP $remote_addr;
ssl on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache shared:TLS:2m;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
location ^~ /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass https://192.168.0.1:443;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ / {
proxy_pass https://192.168.0.1:443;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Not sure I follow. Are TLSv1.3 and Let’s Encrypt the big factors?
I’m not sure I see a complete configuration in either case. Where is location /media, for example?
Why do you substitute the IP address for 127.0.0.1? Are you running a separate proxy machine?
-Thanks!
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_ti$
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name seafile.x.com;
proxy_set_header X-Real-IP $remote_addr;
ssl on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNU$
ssl_session_cache shared:TLS:2m;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass https://192.168.230.x:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
proxy_buffering off;
}
location /media {
root /srv/seafile/seafile-server-latest/seahub;
proxy_pass http://192.168.230.x:443;
}
location ~ / {
proxy_pass https://192.168.230.x:443;
proxy_set_header HOST $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
That’s the full conf. My mistake. DOes that look correct?