Using Seafile with Tailscale Funnel (MagicDNS)

wahoonie76 · November 20, 2025, 10:42am

Hello everyone,

I’m using Seafile CE 11 as docker-compose Installation on my (own) proxmox server in a lxc for 2 years now.
Is it possible to connect to it via tailscale funnel/MagicDNS, because on my office computers I can’t install tailscale?
I tried a few things with the help of AI (Github Copilot, ChatGPT, Gemini), but I’m only a “hobby”-IT-user: I get it working to reach the WebUI and login, the up- and download won’t work.

thx for our ideas in advance

wahoonie

tomservo · November 21, 2025, 10:42am

I think the answer is no, it can’t work, but I’ve never tried tailscale funnel so let me explain why I think that.

If I understand it correctly, tailscale funnel gives you some public endpoint outside of you home network that anyone can connect to, and that connection gets forwarded over your tailscale link to the service on your local network. And that’s all good, but the part that I think breaks it is that I think tailscale funnel gives you some generated URL to use to access your server on a domain you don’t own, right?

The problem here is that you can get into the web interface, but when you try to do more complicated interactions, like download or upload a file, the server creates a URL to tell your browser to connect to so it can talk to the seafile API. The seafile web interface doesn’t know about the different URL from tailscale funnel, it only knows the name it was told to use in it’s config. So it tells your browser to talk to the whatever the address would be without the tailscale funnel, and it sounds like that doesn’t work on your work network.

There is a similar thing from cloudflare called cloudflare tunnel that can work, but that’s because it lets you point your own domain name to them. This way you own the name and can make sure it is using the same one every time, so you can put that name in the seafile config and make it work.

wahoonie76 · December 6, 2025, 11:09am

I was able to solve it for myself:

in my docker-compose.yml:

[..]
  ports:
    - “8080:80”
[..]
  environment:
    - SEAFILE_SERVER_LETSENCRYPT=false
    - FORCE_HTTPS_IN_CONF=false
[..]

setted necessary URLs to the tailscale-MagicDNS-URL, because this it’s fix, not rotating:

nano /opt/seafile-data/seafile/conf/seahub_settings.py

SERVICE_URL =  "https://myseafilename.tailabcdefg.ts.net/"
FILE_SERVER_ROOT =  'https://myseafilename.tailabcdefg.ts.net/seafhttp'
ALLOWED_HOSTS = ['myseafilename.duckdns.org','myseafilename.tailabcdefg.ts.net','localhost','127.0.0.1']
CSRF_TRUSTED_ORIGINS = ['https://myseafilename.duckdns.org','https://myseafilename.tailabcdefg.ts.net','http://localhost','http://127.0.0.1']
SERVICE_URL = 'https://myseafilename.tailabcdefg.ts.net:8000'
LOGOUT_REDIRECT_URL = 'https://myseafilename.tailabcdefg.ts.net'

If I turn the Funnel (in my seafile lxc) on:

tailscale funnel --bg 8080

I can reach my Seahub from outside my LAN and Tailscale is handling the SSL-Certificates.

In my own LAN I use AdGuard to rewrite the tailscale-URL and point it to my nginxproxymanager who proxies it to the LAN-IP:8080.