Bring Seafile Online and create SSL certificate

Switching to HTTPS – signed SSL certificate

This is only necessary if you want to reach the Seafile server on the go. To do this, you have to create a DynDNS address in advance, for example in the case of noip.com or spdyn.de. You’ll have to include this in your router and release ports to the Raspberry Pi. The following port is required:
443

The Raspberry Pi, as a standard user, will continue:


sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo sudo certbot --authenticator standalone --installer nginx -d <domain>--pre-hook "service nginx stop" --post-hook "service nginx start"</domain>
sudo systemctl restart seafile seahub

Next, adjust the configuration of nginx. So let’s open the seafile.conf and replace the content with below content. Alternatively, you can simply delete the file in advance with sudo rm /etc/nginx/sites-available/seafile.conf, as it would be reloaded with nano:

sudo nano /etc/nginx/sites-available/seafile.conf
server {
    listen       80;
    server_name  _;
    rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https

    # Enables or disables emitting nginx version on error pages and in the "Server" response header field.
    server_tokens off;
}


server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/yourdyndnsname/fullchain.pem;  # path to your cacert.pem
    ssl_certificate_key /etc/letsencrypt/live/yourdyndnsname/privkey.pem;    # path to your privkey.pem
    server_name _;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;
         proxy_set_header   X-Forwarded-Proto https;


         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

        location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;
    }
        location /media {
        root /home/seafile/seafile-server-latest/seahub;
    }
}
sudo nginx -t
sudo nginx -s reload

I have already adapted the file contents of manual.seafile.com to our needs. The certificate is even signed and you have a green lock in the address bar.

Last but not least, change the ccnet.conf and seahub_settings.py:

sudo su seafile
Cd
cd conf
nano ccnet.conf

Change the Service_URL:

SERVICE_URL = https://euredomain

In seahub_settings.py, customize the File Server Root:

nano seahub_settings.py
FILE_SERVER_ROOT = 'https://euredomain/seafhttp'

Of course, save and close each. Leave user Seafile and restart Seafile once. That’s it.

Have fun with your own private cloud.

If you have any questions or suggestions, please leave a comment.

Book to give away
:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.