Nginx reverse proxy for Seafile v11 on Debian 13

Rob_Nicholson · September 29, 2025, 6:03pm

My adventure to build a new Seafile v11 bare metal server continues and it’s rare that I find anything quite this complicated in 45 years of computing! I’m battling on as I like the challenge and boy is it teaching me about Debian Linux. Anyway, I got a standalone Seafile 11 Pro system running on a new Debian server. That was quite a long journey…

But the next task was to get it working with Nginx reverse proxy as a) want it on port 80 and b) accessing via port 8000 external just worries people. I struck out trying to find this specific requirement on here so I thought, what the heck, I’ll ask Grok. It drew a blank first (not entirely surprised) but told if to think harder And voila! It came up with the goods. And it actually worked first time. AI is both scary and very, very impressive. Anyway, here is the Nginx configuration. Not running on SSL so that’s the next task but certbot usually does good here!

server {
    listen 80;
    server_name yourdomain.co.uk;
    server_tokens off;

    # Seahub (web interface)
    location / {
        proxy_pass http://debian13lab:8000/;  # Replace with your Seafile server IP:port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_connect_timeout 3600s;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        send_timeout 3600s;
        client_max_body_size 0;  # For large file uploads/edits

        access_log /var/log/nginx/seahub.access.log;
        error_log /var/log/nginx/seahub.error.log;
    }

    # File upload/download (seafhttp)
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://debian13lab:8082;  # Replace with your Seafile server IP:port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_connect_timeout 3600s;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        send_timeout 3600s;
        client_max_body_size 0;
        proxy_request_buffering off;

        access_log /var/log/nginx/seafhttp.access.log;
        error_log /var/log/nginx/seafhttp.error.log;
    }

    # Static media (proxied to remote Seahub)
    location /media {
        proxy_pass http://debian13lab:8000/media;  # Replace with your Seafile server IP:port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;

        access_log /var/log/nginx/seafmedia.access.log;
        error_log /var/log/nginx/seafmedia.error.log;
    }

    # SeaDAV/WebDAV (optional)
    location /seafdav {
        proxy_pass http://debian13lab:8080/seafdav;  # Replace with your Seafile server IP:port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_connect_timeout 3600s;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        send_timeout 3600s;
        client_max_body_size 0;
        proxy_request_buffering off;

        access_log /var/log/nginx/seafdav.access.log;
        error_log /var/log/nginx/seafdav.error.log;
    }
}

Rob_Nicholson · September 29, 2025, 6:30pm

Spoke too soon, I’ve got the dreaded CSRF verification failed going into system admin. I’m drained and can’t learn anymore so later! I changed proxy_set_header Host $host to proxy_set_header Host $http_host but that doesn’t help.

garl1 · September 29, 2025, 6:47pm

This is working for me. But it is Version 12 and Debian 12.

      location / {
          proxy_pass         http://127.0.0.1:8000;
          proxy_set_header   Host $host:8000;
          proxy_set_header   X-Real-IP $remote_addr;
          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header   X-Forwarded-Host $server_name;
      }

Rob_Nicholson · September 29, 2025, 7:05pm

I think that’s helped in that I managed to get from an external system. Still couldn’t access it internally on my LAN but I’ve been moving IP addresses and SSL around all over the place so it’s not unusual for some caching to be going on. DNS - it’s always DNS

garl1 · September 29, 2025, 8:16pm

hostname and hostname -f should resolve to the internal ip. So that:
ping $(hostname -f)
is working. This should also be the service URL for seafile.

garl1 · September 29, 2025, 8:18pm

Yes, “It’s Always DNS”

Rob_Nicholson · September 29, 2025, 11:32pm

I rolled back and couldn’t get it working again - typical! However, this post resolved it for me as well:

[solved] “CSRF verification failed” error after upgrading from CE 9.0.10 top 11.0.4 - Seafile Server - Seafile Community Forum

Rob_Nicholson · September 30, 2025, 9:01am

Aside but shouldn’t the upgrade script add this line to seahub_settings.py settings. It could be determined from the line above?

SERVICE_URL = "http://seafile2.maltsystems.co.uk"