ISD 820 Knowledge Base

User Tools

Site Tools

You are here: start » freebsd » seafile_with_apache_https
freebsd:seafile_with_apache_https

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
freebsd:seafile_with_apache_https [2019/02/22 11:22]
tschulz 		freebsd:seafile_with_apache_https [2019/02/22 11:49]
tschulz
Line 35: Line 35:
 ===== Obtaining LetsEncyrpt Certificates ​ ===== ===== Obtaining LetsEncyrpt Certificates ​ =====
   * Install Certbot<​file bash>pkg install py27-certbot   * Install Certbot<​file bash>pkg install py27-certbot
 +</​file>​
 +  * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode.  Be sure to change "​**<​FQDN>​**"​ and "​**<​EMAIL>​**"<​file>​certbot certonly --standalone -d <​FQDN>​ --agree-tos -m <​EMAIL>​
 +</​file>​
 +  * This will install your certificates to **/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​**
 +  * Be Sure the directory has **fullchain.pem** and **privkey.pem**.
  
 +===== Apache Setup =====
 +  * Apache install<​file>​
 +pkg install apache24
 </​file>​ </​file>​
 +  * setup Seafile Virtual HTTPS host. Create the file **/​usr/​local/​etc/​apache24/​Includes/​seafile_ssl.conf** and enther the following:<​file apache>​LoadModule proxy_module libexec/​apache24/​mod_proxy.so
 +LoadModule proxy_http_module libexec/​apache24/​mod_proxy_http.so
 +LoadModule proxy_http2_module libexec/​apache24/​mod_proxy_http2.so
 +LoadModule rewrite_module libexec/​apache24/​mod_rewrite.so
  
 +ServerName <​FQDN>​
  
 +LoadModule ssl_module libexec/​apache24/​mod_ssl.so
 +LoadModule socache_shmcb_module libexec/​apache24/​mod_socache_shmcb.so
 +
 +Listen 443
 +SSLCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLHonorCipherOrder on
 +SSLProtocol all -SSLv3
 +SSLProxyProtocol all -SSLv3
 +SSLPassPhraseDialog ​ builtin
 +SSLSessionCache ​       "​shmcb:/​var/​run/​ssl_scache(512000)"​
 +SSLSessionCacheTimeout ​ 300
 +
 +<​VirtualHost _default_:​443>​
 +
 +DocumentRoot "/​usr/​local/​www"​
 +Alias /​media ​ /​usr/​local/​www/​haiwen/​seafile-server-latest/​seahub/​media
 +RewriteEngine On
 +<​Location /media>
 +        Require all granted
 +</​Location>​
 +ProxyPass /seafhttp http://​127.0.0.1:​8082
 +ProxyPassReverse /seafhttp http://​127.0.0.1:​8082
 +RewriteRule ^/seafhttp - [QSA,L]
 +SetEnvIf Authorization "​(.*)"​ HTTP_AUTHORIZATION=$1
 +ProxyPreserveHost On
 +ProxyPass / http://​127.0.0.1:​8000/​
 +ProxyPassReverse / http://​127.0.0.1:​8000/​
 +
 +
 +SSLEngine on
 +SSLCertificateFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​fullchain.pem"​
 +SSLCertificateKeyFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​privkey.pem"​
 +<​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +    SSLOptions +StdEnvVars
 +</​FilesMatch>​
 +BrowserMatch "MSIE [2-5]" \
 +         ​nokeepalive ssl-unclean-shutdown \
 +         ​downgrade-1.0 force-response-1.0
 +</​VirtualHost>​
 +
 +
 +</​file>​
 +  * Be sure to change **<​FQDN>​** at **ServerName**,​ **SSLCertificateFile**,​ and **SSLCertificateKeyFile**.
 +  * Change **"​SERVICE_URL"​** in **/​usr/​local/​www/​haiwen/​conf/​ccnet.conf**<​file bash /​usr/​local/​www/​haiwen/​conf/​ccnet.conf>​
 +...
 +SERVICE_URL = https://<​FQDN>​
 +...
 +</​file>​
 +  * Add **"​FILE_SERVER_ROOT"​** to **"/​usr/​local/​www/​haiwen/​conf/​seahub_settings.py"​**<​file python /​usr/​local/​www/​haiwen/​conf/​seahub_settings.py>​
 +...
 +FILE_SERVER_ROOT = '​https://<​FQDN>/​seafhttp'​
 +...
 +</​file>​
  
  
  
freebsd/seafile_with_apache_https.txt · Last modified: 2019/02/22 11:55 by tschulz

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki