Bring Seafile Online and create SSL certificate

Switching to HTTPS – signed SSL certificate

This is only necessary if you want to reach the Seafile server on the go. To do this, you have to create a DynDNS address in advance, for example in the case of or You’ll have to include this in your router and release ports to the Raspberry Pi. The following port is required:

The Raspberry Pi, as a standard user, will continue:

sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo sudo certbot --authenticator standalone --installer nginx -d <domain>--pre-hook "service nginx stop" --post-hook "service nginx start"</domain>
sudo systemctl restart seafile seahub

Next, adjust the configuration of nginx. So let’s open the seafile.conf and replace the content with below content. Alternatively, you can simply delete the file in advance with sudo rm /etc/nginx/sites-available/seafile.conf, as it would be reloaded with nano:

sudo nano /etc/nginx/sites-available/seafile.conf
server {
    listen       80;
    server_name  _;
    rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https

    # Enables or disables emitting nginx version on error pages and in the "Server" response header field.
    server_tokens off;

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/yourdyndnsname/fullchain.pem;  # path to your cacert.pem
    ssl_certificate_key /etc/letsencrypt/live/yourdyndnsname/privkey.pem;    # path to your privkey.pem
    server_name _;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;
         proxy_set_header   X-Forwarded-Proto https;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;

        location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;
        location /media {
        root /home/seafile/seafile-server-latest/seahub;
sudo nginx -t
sudo nginx -s reload

I have already adapted the file contents of to our needs. The certificate is even signed and you have a green lock in the address bar.

Last but not least, change the ccnet.conf and

sudo su seafile
cd conf
nano ccnet.conf

Change the Service_URL:

SERVICE_URL = https://euredomain

In, customize the File Server Root:

FILE_SERVER_ROOT = 'https://euredomain/seafhttp'

Of course, save and close each. Leave user Seafile and restart Seafile once. That’s it.

Have fun with your own private cloud.

If you have any questions or suggestions, please leave a comment.

Book to give away

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.