User Tools

Site Tools


freebsd:seafile_with_apache_https

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
freebsd:seafile_with_apache_https [2019/02/22 11:08]
tschulz
freebsd:seafile_with_apache_https [2019/02/22 11:55] (current)
tschulz [Apache Setup]
Line 16: Line 16:
   * Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set.   * Make sure you set your DNS s the **LetsEncyrpt** can find your server by the hostname you set.
  
 +===== Install Seafile Packges =====
 +  * This one is pretty easy just run:<​file bash>
 +pkg install seafile-server seahub
 +</​file>​
  
 +===== Configure Seafile =====
 +  - In our case, we are going to use SQLite so we will run the script **"/​usr/​local/​www/​haiwen/​seafile-server-latest/​setup-seafile.sh"​**<​file bash>
 +/​usr/​local/​www/​haiwen/​seafile-server-latest/​setup-seafile.sh
 +</​file>​
 +  - Next run "/​usr/​local/​www/​haiwen/​seafile-server-latest/​reset-admin.sh"​ to setup the inital admin user<​file bash>
 +/​usr/​local/​www/​haiwen/​seafile-server-latest/​reset-admin.sh
 +E-mail address: changeme@change.me
 +Password: ​
 +Password (again): ​
 +Superuser created successfully.
 +</​file>​
 +
 +===== Obtaining LetsEncyrpt Certificates ​ =====
 +  * Install Certbot<​file bash>pkg install py27-certbot
 +</​file>​
 +  * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode.  Be sure to change "​**<​FQDN>​**"​ and "​**<​EMAIL>​**"<​file>​certbot certonly --standalone -d <​FQDN>​ --agree-tos -m <​EMAIL>​
 +</​file>​
 +  * This will install your certificates to **/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​**
 +  * Be Sure the directory has **fullchain.pem** and **privkey.pem**.
 +
 +===== Apache Setup =====
 +  * Apache install<​file>​
 +pkg install apache24
 +</​file>​
 +  * setup Seafile Virtual HTTPS host. Create the file **/​usr/​local/​etc/​apache24/​Includes/​seafile_ssl.conf** and enther the following:<​file apache>​LoadModule proxy_module libexec/​apache24/​mod_proxy.so
 +LoadModule proxy_http_module libexec/​apache24/​mod_proxy_http.so
 +LoadModule proxy_http2_module libexec/​apache24/​mod_proxy_http2.so
 +LoadModule rewrite_module libexec/​apache24/​mod_rewrite.so
 +
 +ServerName <​FQDN>​
 +
 +LoadModule ssl_module libexec/​apache24/​mod_ssl.so
 +LoadModule socache_shmcb_module libexec/​apache24/​mod_socache_shmcb.so
 +
 +Listen 443
 +SSLCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLHonorCipherOrder on
 +SSLProtocol all -SSLv3
 +SSLProxyProtocol all -SSLv3
 +SSLPassPhraseDialog ​ builtin
 +SSLSessionCache ​       "​shmcb:/​var/​run/​ssl_scache(512000)"​
 +SSLSessionCacheTimeout ​ 300
 +
 +<​VirtualHost _default_:​443>​
 +
 +DocumentRoot "/​usr/​local/​www"​
 +Alias /​media ​ /​usr/​local/​www/​haiwen/​seafile-server-latest/​seahub/​media
 +RewriteEngine On
 +<​Location /media>
 +        Require all granted
 +</​Location>​
 +ProxyPass /seafhttp http://​127.0.0.1:​8082
 +ProxyPassReverse /seafhttp http://​127.0.0.1:​8082
 +RewriteRule ^/seafhttp - [QSA,L]
 +SetEnvIf Authorization "​(.*)"​ HTTP_AUTHORIZATION=$1
 +ProxyPreserveHost On
 +ProxyPass / http://​127.0.0.1:​8000/​
 +ProxyPassReverse / http://​127.0.0.1:​8000/​
 +
 +
 +SSLEngine on
 +SSLCertificateFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​fullchain.pem"​
 +SSLCertificateKeyFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​privkey.pem"​
 +<​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +    SSLOptions +StdEnvVars
 +</​FilesMatch>​
 +BrowserMatch "MSIE [2-5]" \
 +         ​nokeepalive ssl-unclean-shutdown \
 +         ​downgrade-1.0 force-response-1.0
 +</​VirtualHost>​
 +
 +
 +</​file>​
 +  * Be sure to change **<​FQDN>​** at **ServerName**,​ **SSLCertificateFile**,​ and **SSLCertificateKeyFile**.
 +  * Change **"​SERVICE_URL"​** in **/​usr/​local/​www/​haiwen/​conf/​ccnet.conf**<​file bash /​usr/​local/​www/​haiwen/​conf/​ccnet.conf>​
 +...
 +SERVICE_URL = https://<​FQDN>​
 +...
 +</​file>​
 +  * Add **"​FILE_SERVER_ROOT"​** to **"/​usr/​local/​www/​haiwen/​conf/​seahub_settings.py"​**<​file python /​usr/​local/​www/​haiwen/​conf/​seahub_settings.py>​
 +...
 +FILE_SERVER_ROOT = '​https://<​FQDN>/​seafhttp'​
 +...
 +</​file>​
 +
 +===== Set Automatic Startup =====
 +  * We end where we started "/​etc/​rc.conf"​. ​ Add the following to enable startup of seafile,​seahub,​ and apache<​file bash /​etc/​rc.conf>​
 +...
 +LANG="​en_US.UTF-8"​
 +LC_ALL="​en_US.UTF-8"​
 +seafile_enable="​YES"​
 +seahub_enable="​YES"​
 +apache24_enable="​YES"​
 +...
 +</​file>​
 +  * Finally either restart or run the following to get everything running:<​file bash>
 +service seafile start
 +service seahub start
 +service apache24 start
 +</​file>​
  
  
freebsd/seafile_with_apache_https.1550855292.txt.gz · Last modified: 2019/02/22 11:08 by tschulz