Since I only have one IP. I use VHOST to server up some of my web pages

Seafile from a browser works but my seafile pro on iphone is getting lost I’m sure its because I’m not forwarding enough

Has anyone used forwards from apache for seafiile PRO on iphone ?

Here’s what I have so far

 RewriteEngine On

 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined

 SSLProxyEngine on
 SSLProxyVerify none
 SSLProxyCheckPeerCN off
 SSLProxyCheckPeerName off
 SSLProxyCheckPeerExpire off

 SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
 SSLCertificateKeyFile   /etc/letsencrypt/live/mydomain.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem

 Include /etc/letsencrypt/options-ssl-apache.conf

ProxyPass / https://192.168.#.###/
ProxyPassReverse / https://192.168.#.###/
ProxyPassReverse / https://cloud.mydomain.com/

I modified my apache VHOST with and I think this works

Eventually I’ll have to figure out SSL

<VirtualHost *:80>
   ServerName myseafile.mydomain.com
# THIS line BREAKS IT #    ProxyPreserveHost On
   ProxyRequests Off
   ProxyPass / http://192.168.{my IP}.[my IP}:80/
   ProxyPassReverse / http://192.168.my IP}.[my IP}:80/
#   ErrorLog ${APACHE_LOG_DIR}/error.log
#   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>



<VirtualHost *:8000>
   ServerName myseafile.mydomain.com
#  THIS line BREAKS IT #  ProxyPreserveHost On
   ProxyRequests Off
   ProxyPass / http://192.168.my IP}.[my IP}:8000/
   ProxyPassReverse / http://192.168.my IP}.[my IP}:8000/
#   ErrorLog ${APACHE_LOG_DIR}/error.log
#   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Nope not yet

I now see a CSRF verification failed. Request aborted. and seafile pro on iphone just aborts

The CSRF is a little different and probably not directly related to your reverse proxy. You need to set ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS. There’s documentation for these settings here:

https://manual.seafile.com/12.0/config/seahub_settings_py/#cache

Thank you for pointing me in the right direction, Now I just have to figure out where these files are inside the dock or how to modify them

I think they are in /opt/seafile-data/seafile/conf

I changed it to (BUT its still doesn’t work)

Add the following configuration to seahub_settings.py.

CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
}

@tomservo not sure what to do with the mentioned Security settings and User management options ,

I also vi /opt/seafile-data/seafile/conf/seahub_settings.py and added

CSRF_TRUSTED_ORIGINS = [‘http://192.168.{ip}.{ip}’, ‘http://myserver.mydomain.com’]

I might be getting closer

NOP not working and have added this too

CSRF_TRUSTED_ORIGINS = [‘http://192.168{ip}.{ip}’, ‘http://myserver.mydomain.com’]
FILE_SERVER_ROOT = ‘http://mydomain.com/seafhttp’
SERVICE_URL = ‘http://mydomain.com’
ALLOWED_HOSTS = [‘.mydomain.com’]
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = ‘Strict’

man I don;t want to give Seagile up but I just can;t get it

Maybe I’ll put and run an old version - how do I download reviuos versions?

I don’t know how to get an old version, but I think you are very close to getting this version working. First, it is easier to edit these files from outside of the container.

The container config has this option that sets where it keeps file outside of the container. Mine is SEAFILE_VOLUME=/seafile-data/persistent-data , so my config file is at /seafile-data/persistent-data/seafile/conf/seahub_settings.py

In that file I have:

### CSRF stuff
# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['.mydomain.com','192.168.66.12','127.0.0.1']

# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = ['https://seafile.mydomain.com']

# Whether to use a secure cookie for the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = True

# The value of the SameSite flag on the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = 'Strict'

The CSRF thing does some sort of security check to make sure that you can only load the seafile UI from the right address. So it will only let you load if the address in the address bar of your browser matches this setting. I put the IP of the server in there because I was going straight to the IP for a while for troubleshooting. I could take it out, but things are working, and the IP can’t be reached by anyone, so I didn’t bother.

The . on the front of the domain in ALLOWED_HOSTS is basically a wildcard, so seafile.mydomain.com and file.mydomain.com will both work.

After editing that file you do need to stop and restart seafile. It’s probably easiest to do that just by restarting the container.

I’m not sure where to find that “Outside the container”. Following the directions I thought its in /opt/seafile but the only things there are

drwxr-xr-x 2 root root 4096 Jul 7 20:32 ./
drwxr-xr-x 8 root root 4096 Jul 2 20:55 …/
-rw-r–r-- 1 root root 647 Jul 2 13:43 caddy.yml
-rw-r–r-- 1 root root 970 Jul 2 20:53 .env
-rw-r–r-- 1 root root 970 Jul 7 20:04 .env.BAK
-rw-r–r-- 1 root root 1512 Jul 2 21:56 seadoc.yml
-rw-r–r-- 1 root root 2737 Jul 2 22:19 seafile-server.yml

I do have all this in /opt/ and I assume that the container is in /opt/seafile-data/seafile/

drwxr-xr-x 8 root root 4096 Jul 2 20:55 ./
drwxr-xr-x 23 root root 4096 Jul 2 16:40 …/
drwx–x–x 4 root root 4096 Jul 2 20:40 containerd/
drwxr-xr-x 3 root root 4096 Jul 2 20:55 seadoc-data/
drwxr-xr-x 2 root root 4096 Jul 7 20:32 seafile/
drwxr-xr-x 3 root root 4096 Jul 7 22:35 seafile-caddy/
drwxr-xr-x 5 root root 4096 Jul 2 20:56 seafile-data/
drwxr-xr-x 3 root root 4096 Jul 2 20:55 seafile-mysql/

I have been making changes to and that seems to take some affect but its not there yet

/opt/seafile-data/seafile/conf/seahub_settings.py

The last stuff I added made it so I couldn’t even http to the private IP address

To clarify

I have an apache VHOST server (Sybil). All port 80 and 8000 is directed to that server. Sybil host multiple websites and i figured I need to redirect seafile on that server so … I’m not even sure I did the apache redirect corectly but I’m somewhat getting there so it can’t be all FUBARed.

I don’t remember the last change I mage to nginx but I do remember changing something there (I hope I don;t have to reinstall).

I’ll remove everything I added in /opt/seafile-data/seafile/conf/seahub_settings.py and try again

ALLOWED_HOSTS = [‘.mydomain.com’,‘192.168.{my ip scheme}’,‘127.0.0.1’]

After editing that file you do need to stop and restart seafile. It’s probably easiest to do that just by restarting the container.

Since I really don’t know much about docker I just reboot the whole server

NOPE

so in /opt/seafile-data/seafile/logs/seahub/log I see
During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.12/dist-packages/django_pylibmc/memcached.py”, line 130, in get
return super(PyLibMCCache, self).get(key, default, version)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/seafile/seafile-server-12.0.14/seahub/thirdpart/django/core/cache/backends/memcached.py”, line 75, in get
return self._cache.get(key, default)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pylibmc.ServerDown: error 47 from memcached_get(:1:ENABLE_TERMS_AND_CONDITIONS): (0x234f0790) SERVER HAS FAILED AND IS DISABLEDTIL TIMED RETRY, host: 127.0.0.1:11211 → ./src/libmemcached/get.cc:233
[2025-07-09 00:15:30] [WARNING] django.request:241 log_response Not Found: /favicon.ico

Not sure where to go from here - That’s too bad I really liked this app

The container itself is somewhere in /var if I remember about how docker works correctly, but the directory that is both inside and outside of the container is /opt/seafile-data/seafile/.

It looks to me like you have the CSRF config stuff set up correctly, so I am now suspecting that maybe apache isn’t passing some headers correctly, so seafile isn’t getting the right request hostname. Unfortunately I don’t know much about apache. Are you also using the caddy container that the sefile docs talk about?

I would recommend not using caddy. Having 2 reverse proxies is a good way to make it hard to troubleshoot things. I had a look at these directions for an older version of seafile with apache. HTTPS with Apache - Seafile Admin Manual

What I see there looks like your apache config. There’s some extra stuff that I know the docker version doesn’t need, like the /meda, and the forwarding to separate ports for /seafhttp, and everything else (that’s handled inside the container now).

So the only difference I see that seems suspect to me is that your config has 2 “ProxyPassReverse” lines. Maybe try removing the one with the domain name in it?

Sorry. I wish I knew more about apache. If that doesn’t work for you, I will try creating another seafile server and an apache server to test it with. It will be a few days before I will have time to try that though.

I turned on Debug - now to see if i can make head or tails of this. (I swear since cancer and treatment I have a hard time connecting the dost BUT THANK YOU @tomservo for all your input)

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.

Help

Reason given for failure:

CSRF cookie not set.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cookies.
• The view function passes a request to the template’s render method.
• In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
• If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
• The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

I thought I replied to this via email but I guess it didn’t make it

Since I had made many trial and error changes I decided to reinstall seafile from scratch. I now have it installed and I think it is working from a browser with the Apache redirects. I had to delete the seafile pro app and reinstall it on the iphone and I think that is working too

I used the following

/opt/seafile-data/seafile/conf/seahub_settings.py
added

#CSFR Stuff
DEBUG=True

CSRF_TRUSTED_ORIGINS = [‘https://.mydomin.com’,'https://.127.0.0.1’,‘http://.mydomin.com’,'http://.127.0.0.1’,‘http://*.192.168.#.###’]

in my Apache vhost file on the other server I used

<VirtualHost *:80 *:8000>
ServerName servername.mydomain.com
ProxyPass / http://192.168.#.###/
ProxyPassReverse / http://192.168.#.###/

I did notice that the links I generate use the internal IP address instead of the server name and domain. I’ll have to look into how to adjust that

Again @tomservo thank you for all your input!!!

I am very glad to hear you got that working, because life got in the way so I haven’t found the time yet to do the test deploy with apache in spite of my plans. As far as the links generating with with the IP instead of the name, I think that comes from the SEAFILE_SERVER_HOSTNAME= option in the .env.

When I was initially installing I had issues using a server and domain name that’s why I put the ip in there

I just tried changing SEAFILE_SERVER_HOSTNAME to the FQDN but it doesn’t resolve when I do that, (Probably more Apache redirect issues)

I see in the admin settings you can define a name (see image) but that did t seem to do it so I’ll keep looking. I know had this working before the reinstall but …

image708×155 4.71 KB

Oh Geeze I can’t download files I created a text file and they tried to download it and i get Both token and cookie are not set

I’ve installed a few of these before all this docker change stuff - The DOCs were always on point and they worked

I’m having nothing but problems

Yeah, the uploads and downloads internally use generated URLs like the share URL does. So that sounds like it could either be that link, or maybe that seahub is working but seaf-server isn’t. I do still plan to get that test setup done.

I hate to make you waste time. I’ll keep plugging at it and hope I get it to work.

I may punt and just do a cloud on my synology.nas. I think they have an app and from what I’m reading it works well - Seafile has become too problemmatic