[Partially solved...] Seafile server redirects to http, despite config set to 'https://...'

Seafile Server
1

Important edits below!

I have an up-to-date Seafile server instance running on my server. It’s working with only minor troubles. I have configured Seafile to run via an Apache proxy (for SSL). I don’t have problems with that.

Currently runs on sub.example.com:8975, but I want it to move to seafile.example.org (note the other TLD).

I’ve done the following steps (I’ve skipped the DNS and certificate things, as that seems to be working).

  1. Copied the existing Seafile configuration and changed the ServerName
  2. Stopped both seafile and seahub
  3. Changed the service url in ccnet.conf to SERVICE_URL = https://seafile.example.org/
  4. Changed the file server root in seahub_settings.py to FILE_SERVER_ROOT = 'https://seafile.example.org/seafhttp'
  5. Cleared the Seahub (Django) cache: rm -rf /tmp/seahub_cache
  6. Restarted the server

When I visit https://seafile.example.org/, I get redirected to http://seafile.example.org/accounts/login?next=/, which is the http location.

I looked a bit online, and found that in the server settings, the service url and file server root can also be set in web interface itself (maybe not a good idea). However, something I did found weird is that when I went back (without changing my configuration files) to https://sub.example.com:8975/, I was still able to access the web interface, and there were no redirects to https://sub.example.com:8975/ at all. Even not after I changed these two settings in that interface. But alas, changing the service url and file server root didn’t solved the problem on the new location.

However, the server seems to work fine (at least the web interface, I didn’t test anything else yet). The page renders fine if I go to a correct URL that doesn’t redirect. But if I try to login, it redirects me to an http link again…

My Apache configuration (for the new host):

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	ServerName seafile.example.org
	DocumentRoot /var/www/seafile-example-org/
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	<Directory /var/www/seafile-example-org>
		AllowOverride All
	</Directory>
</VirtualHost>

<VirtualHost *:443>
	ServerName seafile.example.org
	SSLEngine on
	# ... SSL related settings ... #

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www

	Alias /media  /home/bjarno/seafile/seafile-server-latest/seahub/media
	CustomLog ${APACHE_LOG_DIR}/access_seafile.log combined

	RewriteEngine On
	<Location /media>
		Order allow,deny
		Allow from all
	</Location>

	# seafile fileserver
	ProxyPass /seafhttp http://127.0.0.1:8082
	ProxyPassReverse /seafhttp http://127.0.0.1:8082
	RewriteRule ^/seafhttp - [QSA,L]

	<Location /seafhttp>
		Order allow,deny
		Allow from all
	</Location>

	# seafile webdav
	RewriteCond %{HTTP:Authorization} (.+)
	RewriteRule ^(/seafdav.*)$ /seafdav.fcgi$1 [QSA,L,e=HTTP_AUTHORIZATION:%1]
	RewriteRule ^(/seafdav.*)$ /seafdav.fcgi$1 [QSA,L]

	# seahub
	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
	ProxyPreserveHost On
	ProxyPass / http://127.0.0.1:8000/
	ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>

I have made a directory for when you access the root of http://seafile.example.org/, it redirects to the https host (and then Seafile should take over the redirect to the accounts page).

The raw header I get back when accessing https://seafile.example.org/

HTTP/1.1 302 FOUND
Date: Sun, 12 Nov 2017 14:04:51 GMT
Server: gunicorn/19.4.5
Vary: Accept-Language,Cookie
Content-Type: text/html; charset=utf-8
Location: http://seafile.example.org/accounts/login?next=/
Content-Language: en
Transfer-Encoding: chunked

Is there something I’m missing? Or something I didn’t configure correctly? I’m also using the Apache server for other things then Seafile. So moving to nginx isn’t an option.

I did rollback all changes that I made (both in the GUI, Apache configuration, and Seafile configuration). But I’m going to try it later.

Edit:
Suddenly, some of my users are complaining about bad request headers

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

on the original domain. So I did something wrong, somewhere. But I do not know where… The configuration (both the service url and the file server root) seems to be okay, and I have removed the seahub cache again. So probably it’s not related to the new domain, as the problem persists.

Edit 2:
I seem to have found the issue… And like I expected, it’s unrelated with moving to the new domain.

In an attempt to solve this bug, I added ProxyPreserveHost On to the config file in Apache (see above). However, this resulted in the redirect to the http. I don’t know where the bug really is, it might be a bug in Apache.

I never had any troubles after adding it. So probably Firefox knew to fix these redirects in one way or another. I’m not sure. But now I need to decide between a working web interface, or an exclamation symbol in my notification area as Seafile can’t connect to localhost…

Edit 3:

Bug report of the original issue…