I probably had a problem while updating my Seafile Pro 11.0.18 server to Pro 12.0.12. Everything seems fine, my files are there, the tree structure doesn’t seem to have any problems, I can read my videos, images, and txt files, but no PDFs. In fact, I can’t download anything.
In my fileserver.log file, I have a strange thing:
[ERROR] path /repos/xxx…xxx/files/my files.pdf/ internal server error: failed to get access token info: Post “http://127.0.0.1:8000/api/v2.1/internal/repos/xxx...xxx/check-access/”: dial tcp 127.0.0.1:8000: connect: connection refused
while Seahub is running in 8081 and I have nothing in 8000
Thank you for your help
Since version 12.0, the seaf-server component need to send internal requests to seahub component to check permissions.
The issue can be caused by a few different reasons:
- ALLOWED_HOSTS configuration in seahub_settings.py does not include 127.0.0.1. You can either remove ALLOWED_HOSTS configuration or add 127.0.0.1 to ALLOWED_HOSTS.
- JWT_PRIVATE_KEY not correctly set
- You reverse proxy does not set correctly
You can find more information at: [BUG] No permission to access file - when downloading any file · Issue #2877 · haiwen/seafile · GitHub
Thank you for your reply. Yes, I also think it’s a problem with my reverse_proxy configuration because of this new security. I use Caddy (Seafile binary). If anyone has a correct setting, I’d be interested.
For point #2, how can you misconfigure JWT_PRIVATE_KEY? It’s not just specifying a token in //conf/.env.
I used to have a jwt_private_key in seafile.conf, but I deleted it. Should I put it back to the same value?
Set JWT_PRIVATE_KEY in .env is enough.
After carefully checking my configuration files (ALLOWED_HOSTS, JWT_PRIVATE_KEY), I can say that no, this isn’t the cause. My Seafile client and my DAV clients upload and download without any problems; only the Seafile web server isn’t working because of this new security.
Does this new security require any changes to the proxy configuration, which was working perfectly before?
Thank you for your help.
As the error indicated, the seaf-server component cannot talk to the local seahub component with the the address “http://127.0.0.1:8000”.
Do you use a docker based installation? Normally with a docker based one, there should be such a network problem, because it is hidden inside the docker image.
No, I’m not using Docker, but a “binary” installation, and my proxy server is Caddy.
The ports I’m using are Seahub 8081, Seafile 8082, and Seafdav 8083. I’m not using port 8000.
The log extract is from the fileserver.log file.
It seems I’m not the only one having this problem!
You can try to change the port from 8081 to 8000.
Yes, it is possible, but only for a trial run, as it involves several chain changes.
Yes, after migrating Seahub to port 8000 it works perfectly. I think I updated correctly, there may be a bug there.