====== Seafile on FreeBSD with Apache HTTPS ====== ===== DNS/IP Setup ===== * Since we will be setting up HTTPS it makes sense to start off with setting the correct hostname, IP address, and DNS. Let's start with **/etc/rc.conf** * Set the hostname... hostname="..." ... * Set the IP... ifconfig_em0="inet X.X.X.X netmask X.X.X.X" #you should replace "em0" with the correct interface name ... * Next edit **/etc/hosts**X.X.X.X seabsd.change.me # set to the values you set in /etc/rc.conf * Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set. ===== Install Seafile Packges ===== * This one is pretty easy just run: pkg install seafile-server seahub ===== Configure Seafile ===== - In our case, we are going to use SQLite so we will run the script **"/usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh"** /usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh - Next run "/usr/local/www/haiwen/seafile-server-latest/reset-admin.sh" to setup the inital admin user /usr/local/www/haiwen/seafile-server-latest/reset-admin.sh E-mail address: changeme@change.me Password: Password (again): Superuser created successfully. ===== Obtaining LetsEncyrpt Certificates ===== * Install Certbotpkg install py27-certbot * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change "****" and "****"certbot certonly --standalone -d --agree-tos -m * This will install your certificates to **/usr/local/etc/letsencrypt/live//** * Be Sure the directory has **fullchain.pem** and **privkey.pem**. ===== Apache Setup ===== * Apache install pkg install apache24 * setup Seafile Virtual HTTPS host. Create the file **/usr/local/etc/apache24/Includes/seafile_ssl.conf** and enther the following:LoadModule proxy_module libexec/apache24/mod_proxy.so LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so ServerName LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so Listen 443 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" SSLSessionCacheTimeout 300 DocumentRoot "/usr/local/www" Alias /media /usr/local/www/haiwen/seafile-server-latest/seahub/media RewriteEngine On Require all granted ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ProxyPreserveHost On ProxyPass / http://127.0.0.1:8000/ ProxyPassReverse / http://127.0.0.1:8000/ SSLEngine on SSLCertificateFile "/usr/local/etc/letsencrypt/live//fullchain.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live//privkey.pem" SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 * Be sure to change **** at **ServerName**, **SSLCertificateFile**, and **SSLCertificateKeyFile**. * Change **"SERVICE_URL"** in **/usr/local/www/haiwen/conf/ccnet.conf** ... SERVICE_URL = https:// ... * Add **"FILE_SERVER_ROOT"** to **"/usr/local/www/haiwen/conf/seahub_settings.py"** ... FILE_SERVER_ROOT = 'https:///seafhttp' ... ===== Set Automatic Startup ===== * We end where we started "/etc/rc.conf". Add the following to enable startup of seafile,seahub, and apache ... LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" seafile_enable="YES" seahub_enable="YES" apache24_enable="YES" ... * Finally either restart or run the following to get everything running: service seafile start service seahub start service apache24 start