Hi all!
I have set up Seafile Server 7.0.4 on my BananaPi (running Armbian Buster) with HTTPS using Nginx. I can reach the server from outside of my LAN via https://my.server.com
(not the real URL).
The problem is that the shared links are not properly generated, they still point with HTTP to the internal IP, e.g. http://192.168.178.33:8000/d/c1a8c0cd39b14508b0b8/
. Other side effects (might be related to the shared link problem): Once I’m past the login page, Firefox also shows me that the page contains mixed HTTPS and HTTP content. And I also cannot download files.
I guess I have some stupid/obvious config error somewhere, but I’m not able to find it. Here me Seafile, Seahub and Nginx configs:
ccnet.conf:
[General]
USER_NAME = Seafile
ID = <redacted>
NAME = Seafile
SERVICE_URL = https://my.server.com
[Client]
PORT = 13419
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = <redacted>
DB = ccnet-db
CONNECTION_CHARSET = utf8
gunicorn.conf:
import os
daemon = True
workers = 5
# default localhost:8000
bind = "127.0.0.1:8000"
#bind = "0.0.0.0:8000"
# Pid
pids_dir = '/home/seafile/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')
# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200
limit_request_line = 8190
seafile.conf:
[fileserver]
host = 127.0.0.1
port = 8082
[database]
type = mysql
host = 127.0.0.1
port = 3306
user = seafile
password = <redacted>
db_name = seafile-db
connection_charset = utf8
seahub_settings.py:
# -*- coding: utf-8 -*-
SECRET_KEY = "<redacted>"
FILE_SERVER_ROOT = 'https://my.server.com/seafhttp'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '<redacted>',
'HOST': '127.0.0.1',
'PORT': '3306'
}
}
/etc/nginx/sites-available/default:
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
server {
server_name my.server.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /media {
root /home/seafile/seafile-server-latest/seahub;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.server.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.server.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.server.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name my.server.com;
return 404; # managed by Certbot
}
Thanks in advance for your help!