I’m running a Docker container with Seafile on my Rasberry Pi.
I can access the login page through my ddns.me hostname. But when I type in the credentials specified in SEAFILE_ADMIN_EMAIL and SEAFILE_ADMIN_PASSWORD specified in the compose YAML, I get a Forbidden (403) redirect.
seahub log says
[WARNING] django.security.csrf:241 log_response Forbidden (Origin checking failed - https: //******** does not match any trusted origins.): /accounts/login/
which makes no sense since it is specified in SEAFILE_SERVER_HOSTNAME. Do I need to add https to the variable?
A little background on the hostname: it is secured, pointing to my router’s IP which directs 443 to the Raspberry Pi’s 443, and then Nginx redirects it to 8081. I had to do this since I already have PiHole running on 80.
Any idea why I can’t log in?
Hello!
You may have to add it to the seahub_settings.py file in the CSRF_TRUSTED_ORIGINS settings (seafile-data/seafile/conf/seahub_settings.py). For instance:
CSRF_TRUSTED_ORIGINS = [“https://my.seafileserver.url”]
Give that a shot and let us know!
Hmmm, I don’t have a seahub_settings.py, but I do have a seahub_settings.cpython-310.pyc, and while the format looks weird (probably compiled or compressed), I do see [“http : //mydomainname”] listed there. I assume this is because of how I wrote the compose.yml
seafile:
image: seafileltd/seafile-mc:11.0-latest
container_name: seafile
ports:
- "8081:80"
The thing is my friend (I’m not good at this, so he helped me) did a set up to get my secured domain to be redirected through a rule in my router to port 8081 in my Raspberry Pi, with the Nginx reverse proxy config.
server {
listen 80;
listen [::]:80;
server_name mydomainname;
location / {
proxy_pass http : //127.0.0.1:8081;
}
}
Is it as simple as changing the Nginx to
server {
listen 443;
listen [::]:443;
server_name mydomainname;
location / {
proxy_pass http : //127.0.0.1:4431;
}
}
and change the composer to
seafile:
image: seafileltd/seafile-mc:11.0-latest
container_name: seafile
ports:
- "4431:443"
?
Hello!
Yes, there should be that Python file present. In the directory where your Compose file is, go back one directory. Do you see a seafile-data directory there? That .pyc file is compiled Python, not human-readable. And usually your reverse proxy would be the one handling your HTTPS certificates, but your original nginx config was listening on port 80 (which is just regular non-secured HTTP). You could make that change but the same issue would be there I think. Your initial error specifically mentioned CSRF so we need to search your system for that Python file if it isn’t in the standard location for some reason, but it specifically deals with CSRF. That file should be present in a standard installation.