This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
freebsd:seafile_with_apache_https [2019/02/22 11:08] tschulz |
freebsd:seafile_with_apache_https [2019/02/22 11:55] (current) tschulz [Apache Setup] |
||
---|---|---|---|
Line 16: | Line 16: | ||
* Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set. | * Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set. | ||
+ | ===== Install Seafile Packges ===== | ||
+ | * This one is pretty easy just run:<file bash> | ||
+ | pkg install seafile-server seahub | ||
+ | </file> | ||
+ | ===== Configure Seafile ===== | ||
+ | - In our case, we are going to use SQLite so we will run the script **"/usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh"**<file bash> | ||
+ | /usr/local/www/haiwen/seafile-server-latest/setup-seafile.sh | ||
+ | </file> | ||
+ | - Next run "/usr/local/www/haiwen/seafile-server-latest/reset-admin.sh" to setup the inital admin user<file bash> | ||
+ | /usr/local/www/haiwen/seafile-server-latest/reset-admin.sh | ||
+ | E-mail address: changeme@change.me | ||
+ | Password: | ||
+ | Password (again): | ||
+ | Superuser created successfully. | ||
+ | </file> | ||
+ | |||
+ | ===== Obtaining LetsEncyrpt Certificates ===== | ||
+ | * Install Certbot<file bash>pkg install py27-certbot | ||
+ | </file> | ||
+ | * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode. Be sure to change "**<FQDN>**" and "**<EMAIL>**"<file>certbot certonly --standalone -d <FQDN> --agree-tos -m <EMAIL> | ||
+ | </file> | ||
+ | * This will install your certificates to **/usr/local/etc/letsencrypt/live/<FQDN>/** | ||
+ | * Be Sure the directory has **fullchain.pem** and **privkey.pem**. | ||
+ | |||
+ | ===== Apache Setup ===== | ||
+ | * Apache install<file> | ||
+ | pkg install apache24 | ||
+ | </file> | ||
+ | * setup Seafile Virtual HTTPS host. Create the file **/usr/local/etc/apache24/Includes/seafile_ssl.conf** and enther the following:<file apache>LoadModule proxy_module libexec/apache24/mod_proxy.so | ||
+ | LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so | ||
+ | LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so | ||
+ | LoadModule rewrite_module libexec/apache24/mod_rewrite.so | ||
+ | |||
+ | ServerName <FQDN> | ||
+ | |||
+ | LoadModule ssl_module libexec/apache24/mod_ssl.so | ||
+ | LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so | ||
+ | |||
+ | Listen 443 | ||
+ | SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES | ||
+ | SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES | ||
+ | SSLHonorCipherOrder on | ||
+ | SSLProtocol all -SSLv3 | ||
+ | SSLProxyProtocol all -SSLv3 | ||
+ | SSLPassPhraseDialog builtin | ||
+ | SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" | ||
+ | SSLSessionCacheTimeout 300 | ||
+ | |||
+ | <VirtualHost _default_:443> | ||
+ | |||
+ | DocumentRoot "/usr/local/www" | ||
+ | Alias /media /usr/local/www/haiwen/seafile-server-latest/seahub/media | ||
+ | RewriteEngine On | ||
+ | <Location /media> | ||
+ | Require all granted | ||
+ | </Location> | ||
+ | ProxyPass /seafhttp http://127.0.0.1:8082 | ||
+ | ProxyPassReverse /seafhttp http://127.0.0.1:8082 | ||
+ | RewriteRule ^/seafhttp - [QSA,L] | ||
+ | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | ||
+ | ProxyPreserveHost On | ||
+ | ProxyPass / http://127.0.0.1:8000/ | ||
+ | ProxyPassReverse / http://127.0.0.1:8000/ | ||
+ | |||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile "/usr/local/etc/letsencrypt/live/<FQDN>/fullchain.pem" | ||
+ | SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/<FQDN>/privkey.pem" | ||
+ | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | </FilesMatch> | ||
+ | BrowserMatch "MSIE [2-5]" \ | ||
+ | nokeepalive ssl-unclean-shutdown \ | ||
+ | downgrade-1.0 force-response-1.0 | ||
+ | </VirtualHost> | ||
+ | |||
+ | |||
+ | </file> | ||
+ | * Be sure to change **<FQDN>** at **ServerName**, **SSLCertificateFile**, and **SSLCertificateKeyFile**. | ||
+ | * Change **"SERVICE_URL"** in **/usr/local/www/haiwen/conf/ccnet.conf**<file bash /usr/local/www/haiwen/conf/ccnet.conf> | ||
+ | ... | ||
+ | SERVICE_URL = https://<FQDN> | ||
+ | ... | ||
+ | </file> | ||
+ | * Add **"FILE_SERVER_ROOT"** to **"/usr/local/www/haiwen/conf/seahub_settings.py"**<file python /usr/local/www/haiwen/conf/seahub_settings.py> | ||
+ | ... | ||
+ | FILE_SERVER_ROOT = 'https://<FQDN>/seafhttp' | ||
+ | ... | ||
+ | </file> | ||
+ | |||
+ | ===== Set Automatic Startup ===== | ||
+ | * We end where we started "/etc/rc.conf". Add the following to enable startup of seafile,seahub, and apache<file bash /etc/rc.conf> | ||
+ | ... | ||
+ | LANG="en_US.UTF-8" | ||
+ | LC_ALL="en_US.UTF-8" | ||
+ | seafile_enable="YES" | ||
+ | seahub_enable="YES" | ||
+ | apache24_enable="YES" | ||
+ | ... | ||
+ | </file> | ||
+ | * Finally either restart or run the following to get everything running:<file bash> | ||
+ | service seafile start | ||
+ | service seahub start | ||
+ | service apache24 start | ||
+ | </file> | ||