Operate Seafile completely within a VPN?

Is it possible to limit access to a Seafile server to only clients who are accessing via a VPN?

If yes, would it further also be possible to do the same with an SSH network (that is, a network made up of SSH tunnels that operates similarly to a VPN)?

For example, with the SSH network, all clients use addresses like tcp://127.0.0.1:$PORT (with the port being a number). Can Seafile be set up to use addresses like this?

We use this type of SSH tunnel network for both file syncing and access to web-based collaboration tools. Can Seafile be make to work inside of a network like this?

Are there any features or functions that could not work in a network like this? Thank you.

you could use apache or nginx rules on ip basis. Enable access only for certain ip

Thank you for the idea. I have never tried that with non-routable IP addresses such as 127.0.0.1.

Do you happen to know where I can find the documentation on the protocols and ports used by Seafile to communicate between the client and server?

the communication should be a “common” http communication. You can refer to the configurations of your web server on which your seafile installation (apache or nginx) is based

We don’t have a Seafile installation yet. We are evaluating purchasing it. However, first I need to know if all communication (web UI plus actual file transfers) can be conducted over our non-public network. Currently that network consists of SSH tunnels. We can run HTTP in an SSH tunnel, but I assume the actual file transfers don’t happen via the HTTP protocol.

I don’t know where to find the needed documentation on Seafile protocols and ports. Thank you.

See: https://manual.seafile.com/overview/components/

“All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS.”

In this setup you need only one port (443 or 80) for the client-to-server communication.