Seafile on FreeBSD with Apache HTTPS

Since we will be setting up HTTPS it makes sense to start off with setting the correct hostname, IP address, and DNS. Let's start with /etc/rc.conf

Set the hostname

/etc/rc.conf

...
hostname="..."
...

Set the IP

/etc/rc.conf

...
ifconfig_em0="inet X.X.X.X netmask X.X.X.X" #you should replace "em0" with the correct interface name
...

Next edit /etc/hosts

/etc/hosts

X.X.X.X              seabsd.change.me # set to the values you set in /etc/rc.conf

Make sure you set your DNS s the LetsEncyrpt can find your server by the hostname you set.

This one is pretty easy just run:

pkg install seafile-server seahub

Install Certbot

pkg install py27-certbot

At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change “<FQDN>” and “<EMAIL>”

certbot certonly --standalone -d <FQDN> --agree-tos -m <EMAIL>

This will install your certificates to /usr/local/etc/letsencrypt/live/<FQDN>/

Be Sure the directory has fullchain.pem and privkey.pem.

Apache install

pkg install apache24

setup Seafile Virtual HTTPS host. Create the file /usr/local/etc/apache24/Includes/seafile_ssl.conf and enther the following:

LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
 
ServerName <FQDN>
 
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
 
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
 
<VirtualHost _default_:443>
 
DocumentRoot "/usr/local/www"
Alias /media  /usr/local/www/haiwen/seafile-server-latest/seahub/media
RewriteEngine On
<Location /media>
        Require all granted
</Location>
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
 
 
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

Be sure to change <FQDN> at ServerName, SSLCertificateFile, and SSLCertificateKeyFile.

Change “SERVICE_URL“ in /usr/local/www/haiwen/conf/ccnet.conf

/usr/local/www/haiwen/conf/ccnet.conf

...
SERVICE_URL = https://<FQDN>
...

Add “FILE_SERVER_ROOT” to ”/usr/local/www/haiwen/conf/seahub_settings.py”

/usr/local/www/haiwen/conf/seahub_settings.py

...
FILE_SERVER_ROOT = 'https://<FQDN>/seafhttp'
...

We end where we started “/etc/rc.conf”. Add the following to enable startup of seafile,seahub, and apache

/etc/rc.conf

...
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
seafile_enable="YES"
seahub_enable="YES"
apache24_enable="YES"
...

Finally either restart or run the following to get everything running:

service seafile start
service seahub start
service apache24 start