User Tools

Site Tools


Seafile on FreeBSD with Apache HTTPS

DNS/IP Setup

  • Since we will be setting up HTTPS it makes sense to start off with setting the correct hostname, IP address, and DNS. Let's start with /etc/rc.conf
  • Set the hostname
  • Set the IP
    ifconfig_em0="inet X.X.X.X netmask X.X.X.X" #you should replace "em0" with the correct interface name
  • Next edit /etc/hosts
    X.X.X.X     # set to the values you set in /etc/rc.conf
  • Make sure you set your DNS s the LetsEncyrpt can find your server by the hostname you set.

Install Seafile Packges

  • This one is pretty easy just run:
    pkg install seafile-server seahub

Configure Seafile

  1. In our case, we are going to use SQLite so we will run the script “/usr/local/www/haiwen/seafile-server-latest/”
  2. Next run “/usr/local/www/haiwen/seafile-server-latest/” to setup the inital admin user
    E-mail address:
    Password (again): 
    Superuser created successfully.

Obtaining LetsEncyrpt Certificates

  • Install Certbot
    pkg install py27-certbot
  • At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change “<FQDN>” and “<EMAIL>
    certbot certonly --standalone -d <FQDN> --agree-tos -m <EMAIL>
  • This will install your certificates to /usr/local/etc/letsencrypt/live/<FQDN>/
  • Be Sure the directory has fullchain.pem and privkey.pem.

Apache Setup

  • Apache install
    pkg install apache24
  • setup Seafile Virtual HTTPS host. Create the file /usr/local/etc/apache24/Includes/seafile_ssl.conf and enther the following:
    LoadModule proxy_module libexec/apache24/
    LoadModule proxy_http_module libexec/apache24/
    LoadModule proxy_http2_module libexec/apache24/
    LoadModule rewrite_module libexec/apache24/
    ServerName <FQDN>
    LoadModule ssl_module libexec/apache24/
    LoadModule socache_shmcb_module libexec/apache24/
    Listen 443
    SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
    SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
    SSLHonorCipherOrder on
    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLPassPhraseDialog  builtin
    SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
    SSLSessionCacheTimeout  300
    <VirtualHost _default_:443>
    DocumentRoot "/usr/local/www"
    Alias /media  /usr/local/www/haiwen/seafile-server-latest/seahub/media
    RewriteEngine On
    <Location /media>
            Require all granted
    ProxyPass /seafhttp
    ProxyPassReverse /seafhttp
    RewriteRule ^/seafhttp - [QSA,L]
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ProxyPreserveHost On
    ProxyPass /
    ProxyPassReverse /
    SSLEngine on
    SSLCertificateFile "/usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
  • Be sure to change <FQDN> at ServerName, SSLCertificateFile, and SSLCertificateKeyFile.
  • Change “SERVICE_URL in /usr/local/www/haiwen/conf/ccnet.conf
    SERVICE_URL = https://<FQDN>
  • Add “FILE_SERVER_ROOT” to ”/usr/local/www/haiwen/conf/”
    FILE_SERVER_ROOT = 'https://<FQDN>/seafhttp'

Set Automatic Startup

  • We end where we started “/etc/rc.conf”. Add the following to enable startup of seafile,seahub, and apache
  • Finally either restart or run the following to get everything running:
    service seafile start
    service seahub start
    service apache24 start
freebsd/seafile_with_apache_https.txt · Last modified: 2019/02/22 11:55 by tschulz