Nginx/reverse proxy + nginx/seafile

Grostinok · November 29, 2016, 5:13am

Hi,
I am able to access my Seafile server locally and externally. However, I am able to download/upload files only based on what I put in the WebUI’s SERVICE_URL, FILE_SERVER_ROOT.
I am able to download/upload files locally if:

SERVICE_URL = https://192.168.0.15
FILE_SERVER_ROOT = https://192.168.0.15/seafhttp

and externally if I have:

SERVICE_URL = https://domainname.com
FILE_SERVER_ROOT = https://domainname.com/seafhttp

But not both! What am i doing wrong?

My setup is:

VM1: wan nginx (reverse proxy), Letsencrypt SSL cert
VM2: lan nginx + seafile, self signed SSL cert

VM1 wan-nginx config:

server  {

  listen  80;
  server_name  mydomainname.com;
  return 301 https://$server_name/$1;
}

server  {

  listen 443;
  server_name  mydomainname.com;

  ssl  on;
  ssl_certificate  /etc/letsencrypt/live/mydomainname.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mydomainname.com/privkey.pem;
  ssl_dhparam  /etc/ssl/certs/dhparam.pem;
  ssl_session_timeout  5m;
  ssl_prefer_server_ciphers  on;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  AES256+EECDH:AES256+EDH:!aNULL;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  server_tokens off;

  access_log /var/log/nginx/mydomainname.com_access.log;
  error_log /var/log/nginx/mydomainname.com_error.log;


  location  / {

     proxy_pass  https://192.168.0.15;
     proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; 
     proxy_set_header X-Real-IP $remote_addr;              
     proxy_set_header Host $host;           
     proxy_hide_header X-Powered-By;
  }

  location /seafhttp {

      rewrite ^/seafhttp(.*)$ $1 break;
      proxy_pass http://192.168.0.15:8082;
      client_max_body_size 0;
      proxy_connect_timeout  36000s;
      proxy_read_timeout  36000s;
   }

}

VM2 lan nginx config:

server {

            listen       80;
            return 301 https://$server_name/$1;

    }

    server {

            listen 443;
            ssl on;
            ssl_certificate         /etc/ssl/seafile_cacert.pem;
            ssl_certificate_key     /etc/ssl/seafile_privkey.pem;

            location / {

            fastcgi_pass    127.0.0.1:8000;
            fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
            fastcgi_param   PATH_INFO           $fastcgi_script_name;

            fastcgi_param   SERVER_PROTOCOL       $server_protocol;
            fastcgi_param   QUERY_STRING        $query_string;
            fastcgi_param   REQUEST_METHOD      $request_method;
            fastcgi_param   CONTENT_TYPE        $content_type;
            fastcgi_param   CONTENT_LENGTH      $content_length;
            fastcgi_param   SERVER_ADDR         $server_addr;
            fastcgi_param   SERVER_PORT         $server_port;
            fastcgi_param   SERVER_NAME         $server_name;
            fastcgi_param   HTTPS               on;
            fastcgi_param   HTTP_SCHEME         https;

            add_header X-UA-Compatible "IE=Edge,chrome=1";

            access_log      /var/log/nginx/seahub.access.log;
            error_log       /var/log/nginx/seahub.error.log;

            }

            location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://127.0.0.1:8082;
            client_max_body_size 0;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;

            }

            location /media {

            root /opt/seafile/seafile-server-latest/seahub;

            }

    }

Adam_Ashraf · August 15, 2017, 11:49pm

You ever get this working? I am interested in the exact same configuration for obvious reasons.

marcusm · August 16, 2017, 7:32am

Use the external address in the server config and all clients. Then configure your local / internal DNS settings (firewall / router) to resolve the external hostname to the internal IP address and everything should work fine.

So if you are in your local network, the hostname will be resolved to the internal IP, if you are external (and do not use your internal DNS Server) it will provide the external IP.

grantthomas · August 18, 2017, 6:51pm

I did what marcusm suggested, as well as edited the hosts (exists in *nix and windows) file on the LAN machines that I wanted to resolve the LAN and not WAN address for internal network only synchs.

On my LAN installation we don’t have any DNS services running (By design, and won’t be changed) and wanted to make sure both LAN/WAN went well and via the expected areas.

marcusm · August 19, 2017, 11:20am

Yes this works as long as your PC/Laptop does not switch between WAN/LAN, because it will resolve the internal IP even if you’re in the WAN, which would not work.

So in this scenario a local DNS Server which would be assigned via DHCP is the best solution but if you don’t switch between networks, it works with the hosts file.

grantthomas · August 22, 2017, 7:12pm

marcusm,
Agreed on all of your points.
The setup works for me because the clients I edited the hosts file on do not move networks, and in one of my installations DNS/DHCP is not an option.