====== Seafile on FreeBSD with Apache HTTPS ======
===== DNS/IP Setup =====
* Since we will be setting up HTTPS it makes sense to start off with setting the correct hostname, IP address, and DNS. Let's start with **/etc/rc.conf**
* Set the hostname...
hostname="..."
...
* Set the IP...
ifconfig_em0="inet X.X.X.X netmask X.X.X.X" #you should replace "em0" with the correct interface name
...
* Next edit **/etc/hosts**X.X.X.X seabsd.change.me # set to the values you set in /etc/rc.conf
* Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set.
===== Install Seafile Packges =====
* This one is pretty easy just run:
pkg install seafile-server seahub
===== Configure Seafile =====
- In our case, we are going to use SQLite so we will run the script **"/usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh"**
/usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh
- Next run "/usr/local/www/haiwen/seafile-server-latest/reset-admin.sh" to setup the inital admin user
/usr/local/www/haiwen/seafile-server-latest/reset-admin.sh
E-mail address: changeme@change.me
Password:
Password (again):
Superuser created successfully.
===== Obtaining LetsEncyrpt Certificates =====
* Install Certbotpkg install py27-certbot
* At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change "****" and "****"certbot certonly --standalone -d --agree-tos -m
* This will install your certificates to **/usr/local/etc/letsencrypt/live//**
* Be Sure the directory has **fullchain.pem** and **privkey.pem**.
===== Apache Setup =====
* Apache install
pkg install apache24
* setup Seafile Virtual HTTPS host. Create the file **/usr/local/etc/apache24/Includes/seafile_ssl.conf** and enther the following:LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
ServerName
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
DocumentRoot "/usr/local/www"
Alias /media /usr/local/www/haiwen/seafile-server-latest/seahub/media
RewriteEngine On
Require all granted
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live//fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live//privkey.pem"
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
* Be sure to change **** at **ServerName**, **SSLCertificateFile**, and **SSLCertificateKeyFile**.
* Change **"SERVICE_URL"** in **/usr/local/www/haiwen/conf/ccnet.conf**
...
SERVICE_URL = https://
...
* Add **"FILE_SERVER_ROOT"** to **"/usr/local/www/haiwen/conf/seahub_settings.py"**
...
FILE_SERVER_ROOT = 'https:///seafhttp'
...
===== Set Automatic Startup =====
* We end where we started "/etc/rc.conf". Add the following to enable startup of seafile,seahub, and apache
...
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
seafile_enable="YES"
seahub_enable="YES"
apache24_enable="YES"
...
* Finally either restart or run the following to get everything running:
service seafile start
service seahub start
service apache24 start