[Solved] Shared Link shows wrong URL

Hi all!

I have set up Seafile Server 7.0.4 on my BananaPi (running Armbian Buster) with HTTPS using Nginx. I can reach the server from outside of my LAN via https://my.server.com (not the real URL).

The problem is that the shared links are not properly generated, they still point with HTTP to the internal IP, e.g. http://192.168.178.33:8000/d/c1a8c0cd39b14508b0b8/. Other side effects (might be related to the shared link problem): Once I’m past the login page, Firefox also shows me that the page contains mixed HTTPS and HTTP content. And I also cannot download files.

I guess I have some stupid/obvious config error somewhere, but I’m not able to find it. Here me Seafile, Seahub and Nginx configs:

ccnet.conf:

[General]
USER_NAME = Seafile
ID = <redacted>
NAME = Seafile
SERVICE_URL = https://my.server.com

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = <redacted>
DB = ccnet-db
CONNECTION_CHARSET = utf8

gunicorn.conf:

import os

daemon = True
workers = 5

# default localhost:8000
bind = "127.0.0.1:8000"
#bind = "0.0.0.0:8000"

# Pid
pids_dir = '/home/seafile/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')

# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200

limit_request_line = 8190

seafile.conf:

[fileserver]
host = 127.0.0.1
port = 8082

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = seafile
password = <redacted>
db_name = seafile-db
connection_charset = utf8

seahub_settings.py:

# -*- coding: utf-8 -*-
SECRET_KEY = "<redacted>"
FILE_SERVER_ROOT = 'https://my.server.com/seafhttp'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'seafile',
        'PASSWORD': '<redacted>',
        'HOST': '127.0.0.1',
        'PORT': '3306'
    }
}

/etc/nginx/sites-available/default:

log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';

server {
    server_name my.server.com;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }


    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;

        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root /home/seafile/seafile-server-latest/seahub;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.server.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.server.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = my.server.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name my.server.com;
    return 404; # managed by Certbot


}

Thanks in advance for your help! :slight_smile:

Just came one step closer to the solution of my problem: I found out that in the Web GUI of Seafile in “System Admin” > “Settings” there are also two fields where I can set the SERVICE_URL and the “FILE_SERVER_ROOT”. I changed those to https://cloud9.dedyn.io and https://cloud9.dedyn.io/seafhttp. Now the shared link URL is correct and also the file download is working. :slight_smile:

What is strange still is that on some pages “default.png” is still loaded via HTTP. Web console says:
Loading mixed (insecure) display content “http://192.168.178.33:8000/media/avatars/default.png” on a secure page[Learn More] 2 bundle.common.2897a2bdf8ec.js:1:1293641

Any hint on how to fix this?

Forgot to delete the seahub cache:

rm /tmp/seahub_cache/*

Now everything works through HTTPS. :slight_smile: