User Tools
freebsd:seafile_with_apache_https
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
freebsd:seafile_with_apache_https [2019/02/22 11:31] tschulz [Obtaining LetsEncyrpt Certificates] |
freebsd:seafile_with_apache_https [2019/02/22 11:49] tschulz |
||
|---|---|---|---|
| Line 41: | Line 41: | ||
| * Be Sure the directory has **fullchain.pem** and **privkey.pem**. | * Be Sure the directory has **fullchain.pem** and **privkey.pem**. | ||
| + | ===== Apache Setup ===== | ||
| + | * Apache install<file> | ||
| + | pkg install apache24 | ||
| + | </file> | ||
| + | * setup Seafile Virtual HTTPS host. Create the file **/usr/local/etc/apache24/Includes/seafile_ssl.conf** and enther the following:<file apache>LoadModule proxy_module libexec/apache24/mod_proxy.so | ||
| + | LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so | ||
| + | LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so | ||
| + | LoadModule rewrite_module libexec/apache24/mod_rewrite.so | ||
| + | ServerName <FQDN> | ||
| + | |||
| + | LoadModule ssl_module libexec/apache24/mod_ssl.so | ||
| + | LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so | ||
| + | |||
| + | Listen 443 | ||
| + | SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES | ||
| + | SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES | ||
| + | SSLHonorCipherOrder on | ||
| + | SSLProtocol all -SSLv3 | ||
| + | SSLProxyProtocol all -SSLv3 | ||
| + | SSLPassPhraseDialog builtin | ||
| + | SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" | ||
| + | SSLSessionCacheTimeout 300 | ||
| + | |||
| + | <VirtualHost _default_:443> | ||
| + | |||
| + | DocumentRoot "/usr/local/www" | ||
| + | Alias /media /usr/local/www/haiwen/seafile-server-latest/seahub/media | ||
| + | RewriteEngine On | ||
| + | <Location /media> | ||
| + | Require all granted | ||
| + | </Location> | ||
| + | ProxyPass /seafhttp http://127.0.0.1:8082 | ||
| + | ProxyPassReverse /seafhttp http://127.0.0.1:8082 | ||
| + | RewriteRule ^/seafhttp - [QSA,L] | ||
| + | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | ||
| + | ProxyPreserveHost On | ||
| + | ProxyPass / http://127.0.0.1:8000/ | ||
| + | ProxyPassReverse / http://127.0.0.1:8000/ | ||
| + | |||
| + | |||
| + | SSLEngine on | ||
| + | SSLCertificateFile "/usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem" | ||
| + | SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem" | ||
| + | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
| + | SSLOptions +StdEnvVars | ||
| + | </FilesMatch> | ||
| + | BrowserMatch "MSIE [2-5]" \ | ||
| + | nokeepalive ssl-unclean-shutdown \ | ||
| + | downgrade-1.0 force-response-1.0 | ||
| + | </VirtualHost> | ||
| + | |||
| + | |||
| + | </file> | ||
| + | * Be sure to change **<FQDN>** at **ServerName**, **SSLCertificateFile**, and **SSLCertificateKeyFile**. | ||
| + | * Change **"SERVICE_URL"** in **/usr/local/www/haiwen/conf/ccnet.conf**<file bash /usr/local/www/haiwen/conf/ccnet.conf> | ||
| + | ... | ||
| + | SERVICE_URL = https://<FQDN> | ||
| + | ... | ||
| + | </file> | ||
| + | * Add **"FILE_SERVER_ROOT"** to **"/usr/local/www/haiwen/conf/seahub_settings.py"**<file python /usr/local/www/haiwen/conf/seahub_settings.py> | ||
| + | ... | ||
| + | FILE_SERVER_ROOT = 'https://<FQDN>/seafhttp' | ||
| + | ... | ||
| + | </file> | ||
freebsd/seafile_with_apache_https.txt · Last modified: 2019/02/22 11:55 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
