[SOLVED] Seafile + Apache + HTTPS without Port 8000

thausmann · September 13, 2018, 8:57am

Hi, I’m trying to setup Seahub (the Seafile Web Interface) …

with https/SSL (Let’s Encrypt)
directly on a domain (I wanna get rid of the Port 8000)

I followed the steps in this tutorial, my config files look very alike: https://manual.seafile.com/deploy/https_with_apache.html

I want Seahub to show up under this domain: https://seafile.timohausmann.de/
As you can see, the SSL Cert is valid, but Seahub gives me a “Bad Request (400)”.

And it’s still working on http and :8000.

seahub_settings.py:

FILE_SERVER_ROOT = 'https :// seafile .timohausmann .de /seafhttp'

ccnet.conf:

SERVICE_URL = https :// seafile .timohausmann .de

The seafile and seahub parts in my apache site conf are directly copied from the tutorial mentioned above.

What am I missing? Is it even possible to run Seahub directly on a domain without additional port?

(I am a new user so URLs are malformed )

shoeper · September 13, 2018, 12:16pm

Check the logs. Most likely there is some duplicate header or something similiar letting seahubs webserver reject the requests.

thausmann · September 13, 2018, 4:24pm

Hm, which logs did you think of? Nothing gets written to Seafile logs upon the Bad Request (400). Only in seahub_django_request.log I find these errors, but I think they are unrelated:

2018-09-13 00:35:25,262 [WARNING] django.request:170 get_response Not Found: /manager/html
2018-09-13 09:44:28,100 [WARNING] django.request:170 get_response Not Found: /seafhttp/protocol-version

In the apache2 logs I only see the GET request inside access.log, nothing else.

Also, it makes zero sense to me that Seahub is still reachable under http and Port 8000.

shoeper · September 13, 2018, 10:23pm

Unless you forbid it using a firewall it will be reachable.

Looking at the log there seem to be multiple issues. 1. Your webserver redirects Seafile server requests to seahub and 2. It redirects requests from another application to seahub

fakuivan · September 14, 2018, 1:54am

If you want to only process request on port 8000 sent by the local machine (the apache proxy), on conf/gunicorn.conf edit the line that starts with bind = to:

import os

daemon = True
workers = 5

# default localhost:8000
bind = "0.0.0.0:8000" # !Edit this to "localhost:8000"!

# Pid
pids_dir = '/home/fakui/seafile-server-tests/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')

# Logging
logs_dir = '/home/fakui/seafile-server-tests/logs'
errorlog = os.path.join(logs_dir, 'gunicorn_error.log')
accesslog = os.path.join(logs_dir, 'gunicorn_access.log')

# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200

limit_request_line = 8190

thausmann · September 15, 2018, 1:10pm

Hey, thanks for your replies.

I didn’t even had a gunicorn.conf so first I upgraded from 6.1.1 to current release. Then django said:

[ERROR] django.security.DisallowedHost:80 response_for_exception Invalid HTTP_HOST header: '127.0.0.1:8000'. You may need to add u'127.0.0.1' to ALLOWED_HOSTS.

I did that in seahub_settings.py and now it works! Also closed public port 8000.

I tried both bind = “0.0.0.0:8000” and “localhost:8000”, both seem to work