Seafile Remote Access via Cloudflare (Behind NAT)

I’m new to Seafile and looking for some guidance on configuring remote access. I’ve successfully installed Seafile using Docker on a Debian machine, following the official guide and everything run great.
My ultimate goal is to replace onedrive with that so i can share files with externals client

I can access SF from my lan just typing 192.168.88.36

I’m looking for someone who can guide me step by syep granting remote access

NGNIX scares me a bit but i’m open to any solution (did not set up anything yet)

I’m aware of Cloudflare tunnel since I already use a Cloudflare domain to tunnel my Home Assistant instance (same LAN, different machine).

I’d like to know if it’s possible (and recommended) to use a subdomain of my existing Cloudflare domain to tunnel Seafile. I’m also open to purchasing a separate domain if that’s a better approach.

Any step-by-step advice or links to relevant resources would be greatly appreciated.

Thanks!

I looked into doing this, but never actually set it up because it would make local access to the server so much slower (I had slow internet then). So I have some answers, but only somewhat generic answers.

There should be no problem using a new subdomain of your existing domain.

A working Seafile server uses at least 2 ports (more for some optional parts, like webdav), so you will need a reverse proxy anyway to forward the different stuff to the right port. I use nginx with a config I copied from the seafile admin manual and modified for my setup, but you can use whatever works for you.

First, set it up to work with only HTTP in your reverse proxy. You want to get this working with your domain name (seafile.domain.com) so you can test it. Once it is working so you can log into the web interface, upload and download large files (test with at least 1 GB), and you can connect the agent, then you know this part work ok, and can move on.

Log into Cloudflare and I think you need to remove the subdomain entry from your DNS so the tunnel can add one for itself. Then go to “zero trust” > Networks > Tunnels, and add a tunnel. Set the public name to the same you tested above (seafile.domain.com), and the service address to http://localhost:80

Follow their instructions there to download and install the cloudflare connector, and give it the connection token. I would install this on the same machine as the reverse proxy. If you install it somewhere else, you will need to change that “localhost” above to the reverse proxy’s IP. This connector will connect out to cloudflare to make the tunnel, so now when you go to seafile.domain.com you are connecting to cloudflare instead of your local server.

They will also apply SSL (TLS) to the connection, so now it is https instead of http. You need to modify your seafile config to use https, and restart. I think that just means changing SEAFILE_SERVER_PROTOCOL= to https, and restarting, but if you see http in any other config change it to https, just to be sure.

Now test it all again, but with the https address. Again you should be able to upload and download files, connect with the agent, etc. When doing that testing you will probably notice one big change, even though you are (I am assuming) on the same network as your server, it will now be slower. The uploads and downloads are now going out through your ISP to cloudflare, and then back in to your local network again. And that should be it, it should work from anywhere on the internet now.

Hi,
I just wanted to add my experience here : I didn’t think it through much when I setup the cloudflare tunnel to my seafile server and just configured-it like any other website/service and it worked almost first time. I had to edit seahub_setting.py and seafile.nginx.conf to replace the default domains value with mine.
I still can acces the server locally with the IP address and didn’t really observed slow speeds, but I can be mistaken, I never really cared about the speed as It is fine for my needs.

However, not everything is perfect, the distant client have issue uploading large files and the client is often in warning states, but eventually the file get to the finish line and everything turn green again.

Other than that, the experience is great. Note that not much data is going through cloudflare per month in my case, so I think I’m under their radar and will continue to get away with the free tier cloudflare account, if data ceiling it’s still a thing.