Problems with ufw (firewall)

Hello,
I have a new installation of seafile server version 7.0.5 on Ubuntu 18.0.4.4 LTS behind nginx.
Without a firewall, it works perfectly.

When I enable ufw and close port 8082, then I cannot download any files. According to the docs this is incorrect, it should work with 8082 (as well as port 8000) closed.

I wonder if I made a mistake with nginx config - maybe I am not routing correctly here?

Can anyone tell whether he/she could get it running with ports 8000 as well as 8082 closed?
(Maybe I interpret the server manual incorrectly).

Yours
Raspy

Welcome to the Seafile Community Forum!

You can run Seafile behind UFW with only the port 443 (and 80 - for certbot) open.

Please post your NGINX and Seafile conf files here.

Thx for confirming.

This is nginx file:

log_format seafileformat ‘$http_x_forwarded_for $remote_addr [$time_local] “$request” $status $body_bytes_sent “$http_referer” “$http_user_agent” $upstream_response_time’;

server {
server_name ********* www.s*********;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security “max-age=31536000” always;

location / {
     proxy_pass         http://127.0.0.1:8000;
     proxy_set_header   Host $host;
     proxy_set_header   X-Real-IP $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header   X-Forwarded-Host $server_name;
     proxy_read_timeout  1200s;

     # used for view/edit office file via Office Online Server
     client_max_body_size 0;

     access_log      /var/log/nginx/seahub.access.log seafileformat;
     error_log       /var/log/nginx/seahub.error.log;

}



location /seafhttp {

    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://127.0.0.1:8082;
    client_max_body_size 0;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;

    access_log      /var/log/nginx/seafhttp.access.log seafileformat;
    error_log       /var/log/nginx/seafhttp.error.log;

}

location /media {

    root /opt/seafile/seafile-server-latest/seahub;

}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/************/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/*************/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = **********) {
return 301 //$host$request_uri;
} # managed by Certbot

listen 80;
server_name *****************;
return 404; # managed by Certbot

This is the seafile.conf:

[fileserver]
port = 8082

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = ******
password = *********
db_name = seafile-db
connection_charset = utf8

This is ccnet.conf:

[General]
USER_NAME = ********
ID = *********
NAME = seafile
SERVICE_URL = FQDN-without-port

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = *******
PASSWD = ******
DB = ccnet-db
CONNECTION_CHARSET = utf8

Any ideas? Appreciate your thoughts.

On more remark:
When I try to (1) upload via seahub or (2) try to create a download link, I see in the address that the browser requests an address on port 8082:

FQDN:8082/files/2b13d85a-a38b-448b-9d14-c6c4431f6871/DSC_0001.JPG

This seems strange.

Yours
RaspyVotan