Here we use self-signed SSL digital certificate for free. If you use a paid ssl certificate from some authority, just skip the this step.
openssl genrsa -out privkey.pem 2048 openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
Assume you have configured Apache as Deploy Seafile with Apache. To use https, you need to enable mod_ssl
[sudo] a2enmod ssl
On Windows, you have to add ssl module to httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Then modify your Apache configuration file. Here is a sample:
ServerName www.myseafile.com DocumentRoot /var/www Alias /media /home/user/haiwen/seafile-server-latest/seahub/media SSLEngine On SSLCertificateFile /path/to/cacert.pem SSLCertificateKeyFile /path/to/privkey.pem RewriteEngine On # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # # seahub # RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /seahub.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Since you change from http to https, you need to modify the value of "SERVICE_URL" in ccnet/ccnet.conf
:
SERVICE_URL = https://www.myseafile.com
You need to add a line in seahub_settings.py to set the value of FILE_SERVER_ROOT
(Or HTTP_SERVER_ROOT
before version 3.1.0)
FILE_SERVER_ROOT = 'https://www.myseafile.com/seafhttp'
./seafile.sh start ./seahub.sh start-fastcgi
The picture at the end of this document may help you understand seafile server better
There are two components in Seafile server, Seahub and FileServer. FileServer only servers for raw file uploading/downloading, it listens on 8082. Seahub, that serving all the other pages, is still listen on 8000. But under https, Seahub should listen as in fastcgi mode on 8000 (run as ./seahub.sh start-fastcgi). And as in fastcgi mode, when you visit http://domain:8000 directly, it should return an error page.
When a user visit https://domain.com/home/my/, Apache receives this request and sends it to Seahub via fastcgi. This is controlled by the following config items:
#
# seahub
#
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/(seahub.*)$ /seahub.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
and
FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000
When a user click a file download link in Seahub, Seahub reads the value of FILE_SERVER_ROOT
and redirects the user to address https://domain.com/seafhttp/xxxxx/
. https://domain.com/seafhttp
is the value of FILE_SERVER_ROOT. Here, the FILE_SERVER
means the FileServer component of Seafile, which only serves for raw file downloading/uploading.
When Apache receives the request at 'https://domain.com/seafhttp/xxxxx/', it proxies the request to FileServer, which is listening at 127.0.0.1:8082. This is controlled by the following config items:
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]