I have installed Seafile 12 using the docker approach as described in the manual. The server is a raspberry pi 4 in my local network. For SEAFILE_SERVER_HOSTNAME, I have simply used the ip address of device in my LAN. Everything works fine with http, but when I set SEAFILE_SERVER_PROTOCOL to https, I cannot access the server. Firefox returns a SSL_ERROR_INTERNAL_ERROR_ALERT error, and the Seafile client returns a SSL handshake failed: tlsv1 alert interal error.
I have removed all docker containers and the seafile data folders to get a fresh install, but still the same error message. In the caddy documentation they have advised to install the root certificate of caddy on the client machine, but no effect.
I know that I don’t necessarily need https in my local network, but I feel this could be dangerous when I log in to another WIFI with my laptop or smartphone … any idea how to fix my problem?
Generally speaking, you are correct in that you want HTTPS for external access, and we can use Caddy for that, but we can’t do HTTPS without the proper certificates.
Now I am assuming that to turn on HTTPS, we set the correct settings per the documentation? If so, then I’d say part of the problem is that we used an IP address for your server name. I think we might need an actual public DNS name/record for this if we want external access.
I have a similar setup and it works great: I have a public domain name which resolves to my public address, and when an outside request hits that address from the DNS name, it hits my reverse proxy (like Caddy) which handles HTTPS because the certificates are handled at the Caddy level. Caddy then shunts the request to the proper container and boom
We do not have to use Caddy though. There are other reverse proxies we can use like nginx, and you can grab more details here.
So let’s start there: if we want HTTPS so we can access externally, let’s get a domain name set up so you can access from outside your LAN. For that, you can purchase one from a registrar like GoDaddy or name.com. Just visit those sites and they can walk you through it. The reason I think you’re getting that Firefox error is that Seafile had trouble generating a certificate because you used an IP address for your hostname, not an actual hostname.
I know that was a lot, so if you’d like any clarification feel free to reply here! Cheers!
