ISD 820 Knowledge Base

User Tools

Site Tools

You are here: start » freebsd » seafile_with_apache_https
freebsd:seafile_with_apache_https

Table of Contents

Seafile on FreeBSD with Apache HTTPS

DNS/IP Setup

  • Since we will be setting up HTTPS it makes sense to start off with setting the correct hostname, IP address, and DNS. Let's start with /etc/rc.conf
  • Set the hostname
    /etc/rc.conf
    ...
hostname="..."
...
  • Set the IP
    /etc/rc.conf
    ...
ifconfig_em0="inet X.X.X.X netmask X.X.X.X" #you should replace "em0" with the correct interface name
...
  • Next edit /etc/hosts
    /etc/hosts
    X.X.X.X              seabsd.change.me # set to the values you set in /etc/rc.conf
  • Make sure you set your DNS s the LetsEncyrpt can find your server by the hostname you set.

Install Seafile Packges

  • This one is pretty easy just run:
    pkg install seafile-server seahub

Configure Seafile

  1. In our case, we are going to use SQLite so we will run the script “/usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh”
    /usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh
  2. Next run “/usr/local/www/haiwen/seafile-server-latest/reset-admin.sh” to setup the inital admin user
    /usr/local/www/haiwen/seafile-server-latest/reset-admin.sh
E-mail address: changeme@change.me
Password: 
Password (again): 
Superuser created successfully.

Obtaining LetsEncyrpt Certificates

  • Install Certbot
    pkg install py27-certbot
  • At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change “<FQDN>” and “<EMAIL>
    certbot certonly --standalone -d <FQDN> --agree-tos -m <EMAIL>
  • This will install your certificates to /usr/local/etc/letsencrypt/live/<FQDN>/
  • Be Sure the directory has fullchain.pem and privkey.pem.

Apache Setup

  • Apache install
    pkg install apache24
  • setup Seafile Virtual HTTPS host. Create the file /usr/local/etc/apache24/Includes/seafile_ssl.conf and enther the following:
    LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
 
ServerName <FQDN>
 
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
 
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
 
<VirtualHost _default_:443>
 
DocumentRoot "/usr/local/www"
Alias /media  /usr/local/www/haiwen/seafile-server-latest/seahub/media
RewriteEngine On
<Location /media>
        Require all granted
</Location>
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
 
 
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>
  • Be sure to change <FQDN> at ServerName, SSLCertificateFile, and SSLCertificateKeyFile.
  • Change “SERVICE_URL in /usr/local/www/haiwen/conf/ccnet.conf
    /usr/local/www/haiwen/conf/ccnet.conf
    ...
SERVICE_URL = https://<FQDN>
...
  • Add “FILE_SERVER_ROOT” to ”/usr/local/www/haiwen/conf/seahub_settings.py”
    /usr/local/www/haiwen/conf/seahub_settings.py
    ...
FILE_SERVER_ROOT = 'https://<FQDN>/seafhttp'
...

Set Automatic Startup

  • We end where we started “/etc/rc.conf”. Add the following to enable startup of seafile,seahub, and apache
    /etc/rc.conf
    ...
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
seafile_enable="YES"
seahub_enable="YES"
apache24_enable="YES"
...
  • Finally either restart or run the following to get everything running:
    service seafile start
service seahub start
service apache24 start
freebsd/seafile_with_apache_https.txt · Last modified: 2019/02/22 11:55 by tschulz

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki