Non-root deployment problem: 2FA related?

i’m running into an issue with seafile server CE (9.0.4, but problem was already present with 8.*) deployed to a non-root location. the desired result is https://$DOMAIN:$PORT/$NONROOTDIR, therefore i have configured seahub_settings.py like this:

FILE_SERVER_ROOT = 'https://$DOMAIN:$PORT/seafhttp'
MEDIA_URL = '/seafmedia/'
STATIC_URL = MEDIA_URL + 'assets/'
SITE_ROOT = '/$NONROOTDIR/'
LOGIN_URL = '/$NONROOTDIR/accounts/login/'
SERVICE_URL = 'https://$DOMAIN:$PORT/$NONROOTDIR'

syncing via the desktop client or using its file browser works fine, also visiting the URL directly leads to the login page.

however, when i use the server link shown in the desktop client, it sends me to https://$DOMAIN:$PORT/$NONROOTDIR/$NONROOTDIR and therefore an error message because the page doesn’t exist.

what i find odd is that this used to work flawlessly on the server and has now stopped working correctly for a while.

from what i recall i was beginning to see the duplication of SITE_ROOT ever since i activated 2FA (OTP). it’s a long shot, but is there any connection between 2FA and the URL construction?

i would like to add something odd:

klicking on the server link in the GUI client (8.0.7, server 9.0.10) still opens https://$DOMAIN:$PORT/$NONROOTDIR/$NONROOTDIR, but right-click + copy the same link then pasting it to the browser correctly leads to https://$DOMAIN:$PORT/$NONROOTDIR. looks to me like this is definitely a bug in the GUI client.

users on the same server who haven’t activated 2FA are still able to directly log in via GUI client. i would expect the login with 2FA to direct me to the page where i can provide the second factor and then be autheticated.