Seafile on https with valid certificate

Hi Michael.
I want to ask about more support on configure virtualhost. Iam not using virtualhosts. And never used it. A have installed seafile on server, and accesible on http://servername:8000

Hi Miroslav,
I will try to help you, but what do you think about making this topic public, so others can help and perhaps it helps others. If you want to make it public I think I can do it for you.

Hi @Miko10,
at your picture I see, something is missing, please try to install the package at a terminal.

yum install nethserver-httpd-virtualhosts
After that you can do some settings for your virtual hosts.

Hi guys,
I’m reopenig this thread. After setting virtual host with fqdn and setting DNS on my provider to my IP everything starts working well. but only in http, bud without any problem. Now I have problem becouse I realy need migrate seafile to https with valid certificate.
In this time my seafile is running as service on port 8000. So http://seafile.mycompany.sk:8000 is working.

But now when I sent download link to someone with SOPHOS firewall, link is blocked. I think t is because missing https. So how can I change my configuration to use https.
Seafile howto is there: https://download.seafile.com/published/seafile-manual/deploy/https_with_apache.md
But I don’t know where are my files to change.

Thanks,

Can I make this topic public, so others could help also?

Yes of course.
Thanks.

@support_team
Can somebody help here?

Yesterday I find solution. I write whole step-by-step today.

@Miko10
@m.traeumner

Hi Miroslav

As your Seafile is working with http (not with https) on port 8000, I’d suggest using NethServer Reverse Proxy (Get it from Software Center).

Let the NethServer handle SSL/Certificates.

Reverse Proxy can do either Paths or Virtual Hosts, in your case virtual hosts would be the best way.

To get this working:

  1. Adapt the LetsEncrypt request on your NethServer to include the name
    seafile.mycompany.sk

  2. Create a Reverse Proxy as a virtual host
    (Note Screenshots are from the older Dashboard, but in Cockpit things are similiar…)

For the Target URL it might be better to use the IP, instead of hostname…

Target would be http://SEAFILE-IP:8000

One BIG advantage for you:
Externally AND Internally you can just use:
https://seafile.mycompany.sk/ (Without any special ports), meaning this will work almost anywhere, under any hotspot. Most Hotspots do not allow non 443/80 ports.

This should work as expected! (I’m using it to show my home PI-Hole to my clients, with full SSL!

My 2 cents
Andy

1 Like

I would still use the hostname and make sure to add the entry for the service in internal DNS.

@robb

Hi Rob

I do suggest using the internal DNS to make an entry, but that entry points to the NethServer, also the Reverse Proxy in this scenario.

As the target doesn’t directly support https in this scenario, it will NOT WORK for internal clients accessing Seafile directly. One, it needs the Port, second, https isn’t available!

The suggested way always passes through the reverse Proxy, same DNS Name used inside and outside, and no funky Ports! This works almost everywhere!

You’re right in the sense that the screenshot doesn’t show the tick at the bottom, “Create a record under “DNS”…”

My 2 cents
Andy

I wrote howto there

3 Likes