User Tools

Site Tools


freebsd:seafile_with_apache_https

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
freebsd:seafile_with_apache_https [2019/02/22 11:22]
tschulz
freebsd:seafile_with_apache_https [2019/02/22 11:55]
tschulz [Apache Setup]
Line 35: Line 35:
 ===== Obtaining LetsEncyrpt Certificates ​ ===== ===== Obtaining LetsEncyrpt Certificates ​ =====
   * Install Certbot<​file bash>pkg install py27-certbot   * Install Certbot<​file bash>pkg install py27-certbot
 +</​file>​
 +  * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode.  Be sure to change "​**<​FQDN>​**"​ and "​**<​EMAIL>​**"<​file>​certbot certonly --standalone -d <​FQDN>​ --agree-tos -m <​EMAIL>​
 +</​file>​
 +  * This will install your certificates to **/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​**
 +  * Be Sure the directory has **fullchain.pem** and **privkey.pem**.
  
 +===== Apache Setup =====
 +  * Apache install<​file>​
 +pkg install apache24
 </​file>​ </​file>​
 +  * setup Seafile Virtual HTTPS host. Create the file **/​usr/​local/​etc/​apache24/​Includes/​seafile_ssl.conf** and enther the following:<​file apache>​LoadModule proxy_module libexec/​apache24/​mod_proxy.so
 +LoadModule proxy_http_module libexec/​apache24/​mod_proxy_http.so
 +LoadModule proxy_http2_module libexec/​apache24/​mod_proxy_http2.so
 +LoadModule rewrite_module libexec/​apache24/​mod_rewrite.so
  
 +ServerName <​FQDN>​
  
 +LoadModule ssl_module libexec/​apache24/​mod_ssl.so
 +LoadModule socache_shmcb_module libexec/​apache24/​mod_socache_shmcb.so
  
 +Listen 443
 +SSLCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLHonorCipherOrder on
 +SSLProtocol all -SSLv3
 +SSLProxyProtocol all -SSLv3
 +SSLPassPhraseDialog ​ builtin
 +SSLSessionCache ​       "​shmcb:/​var/​run/​ssl_scache(512000)"​
 +SSLSessionCacheTimeout ​ 300
 +
 +<​VirtualHost _default_:​443>​
 +
 +DocumentRoot "/​usr/​local/​www"​
 +Alias /​media ​ /​usr/​local/​www/​haiwen/​seafile-server-latest/​seahub/​media
 +RewriteEngine On
 +<​Location /media>
 +        Require all granted
 +</​Location>​
 +ProxyPass /seafhttp http://​127.0.0.1:​8082
 +ProxyPassReverse /seafhttp http://​127.0.0.1:​8082
 +RewriteRule ^/seafhttp - [QSA,L]
 +SetEnvIf Authorization "​(.*)"​ HTTP_AUTHORIZATION=$1
 +ProxyPreserveHost On
 +ProxyPass / http://​127.0.0.1:​8000/​
 +ProxyPassReverse / http://​127.0.0.1:​8000/​
 +
 +
 +SSLEngine on
 +SSLCertificateFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​fullchain.pem"​
 +SSLCertificateKeyFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​privkey.pem"​
 +<​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +    SSLOptions +StdEnvVars
 +</​FilesMatch>​
 +BrowserMatch "MSIE [2-5]" \
 +         ​nokeepalive ssl-unclean-shutdown \
 +         ​downgrade-1.0 force-response-1.0
 +</​VirtualHost>​
 +
 +
 +</​file>​
 +  * Be sure to change **<​FQDN>​** at **ServerName**,​ **SSLCertificateFile**,​ and **SSLCertificateKeyFile**.
 +  * Change **"​SERVICE_URL"​** in **/​usr/​local/​www/​haiwen/​conf/​ccnet.conf**<​file bash /​usr/​local/​www/​haiwen/​conf/​ccnet.conf>​
 +...
 +SERVICE_URL = https://<​FQDN>​
 +...
 +</​file>​
 +  * Add **"​FILE_SERVER_ROOT"​** to **"/​usr/​local/​www/​haiwen/​conf/​seahub_settings.py"​**<​file python /​usr/​local/​www/​haiwen/​conf/​seahub_settings.py>​
 +...
 +FILE_SERVER_ROOT = '​https://<​FQDN>/​seafhttp'​
 +...
 +</​file>​
 +
 +===== Set Automatic Startup =====
 +  * We end where we started "/​etc/​rc.conf"​. ​ Add the following to enable startup of seafile,​seahub,​ and apache<​file bash /​etc/​rc.conf>​
 +...
 +LANG="​en_US.UTF-8"​
 +LC_ALL="​en_US.UTF-8"​
 +seafile_enable="​YES"​
 +seahub_enable="​YES"​
 +apache24_enable="​YES"​
 +...
 +</​file>​
 +  * Finally either restart or run the following to get everything running:<​file bash>
 +service seafile start
 +service seahub start
 +service apache24 start
 +</​file>​
  
  
freebsd/seafile_with_apache_https.txt · Last modified: 2019/02/22 11:55 by tschulz