User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
freebsd:seafile_with_apache_https [2019/02/22 11:22]
freebsd:seafile_with_apache_https [2019/02/22 11:55] (current)
tschulz [Apache Setup]
Line 35: Line 35:
 ===== Obtaining LetsEncyrpt Certificates ​ ===== ===== Obtaining LetsEncyrpt Certificates ​ =====
   * Install Certbot<​file bash>pkg install py27-certbot   * Install Certbot<​file bash>pkg install py27-certbot
 +  * At the time of writing this article the certbot apache module was not working so, we will be using certonly mode.  Be sure to change "​**<​FQDN>​**"​ and "​**<​EMAIL>​**"<​file>​certbot certonly --standalone -d <​FQDN>​ --agree-tos -m <​EMAIL>​
 +  * This will install your certificates to **/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​**
 +  * Be Sure the directory has **fullchain.pem** and **privkey.pem**.
 +===== Apache Setup =====
 +  * Apache install<​file>​
 +pkg install apache24
 </​file>​ </​file>​
 +  * setup Seafile Virtual HTTPS host. Create the file **/​usr/​local/​etc/​apache24/​Includes/​seafile_ssl.conf** and enther the following:<​file apache>​LoadModule proxy_module libexec/​apache24/​
 +LoadModule proxy_http_module libexec/​apache24/​
 +LoadModule proxy_http2_module libexec/​apache24/​
 +LoadModule rewrite_module libexec/​apache24/​
 +ServerName <​FQDN>​
 +LoadModule ssl_module libexec/​apache24/​
 +LoadModule socache_shmcb_module libexec/​apache24/​
 +Listen 443
 +SSLCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLProxyCipherSuite HIGH:​MEDIUM:​!MD5:​!RC4:​!3DES
 +SSLHonorCipherOrder on
 +SSLProtocol all -SSLv3
 +SSLProxyProtocol all -SSLv3
 +SSLPassPhraseDialog ​ builtin
 +SSLSessionCache ​       "​shmcb:/​var/​run/​ssl_scache(512000)"​
 +SSLSessionCacheTimeout ​ 300
 +<​VirtualHost _default_:​443>​
 +DocumentRoot "/​usr/​local/​www"​
 +Alias /​media ​ /​usr/​local/​www/​haiwen/​seafile-server-latest/​seahub/​media
 +RewriteEngine On
 +<​Location /media>
 +        Require all granted
 +ProxyPass /seafhttp http://​​8082
 +ProxyPassReverse /seafhttp http://​​8082
 +RewriteRule ^/seafhttp - [QSA,L]
 +SetEnvIf Authorization "​(.*)"​ HTTP_AUTHORIZATION=$1
 +ProxyPreserveHost On
 +ProxyPass / http://​​8000/​
 +ProxyPassReverse / http://​​8000/​
 +SSLEngine on
 +SSLCertificateFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​fullchain.pem"​
 +SSLCertificateKeyFile "/​usr/​local/​etc/​letsencrypt/​live/<​FQDN>/​privkey.pem"​
 +<​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +    SSLOptions +StdEnvVars
 +BrowserMatch "MSIE [2-5]" \
 +         ​nokeepalive ssl-unclean-shutdown \
 +         ​downgrade-1.0 force-response-1.0
 +  * Be sure to change **<​FQDN>​** at **ServerName**,​ **SSLCertificateFile**,​ and **SSLCertificateKeyFile**.
 +  * Change **"​SERVICE_URL"​** in **/​usr/​local/​www/​haiwen/​conf/​ccnet.conf**<​file bash /​usr/​local/​www/​haiwen/​conf/​ccnet.conf>​
 +SERVICE_URL = https://<​FQDN>​
 +  * Add **"​FILE_SERVER_ROOT"​** to **"/​usr/​local/​www/​haiwen/​conf/​"​**<​file python /​usr/​local/​www/​haiwen/​conf/​>​
 +FILE_SERVER_ROOT = '​https://<​FQDN>/​seafhttp'​
 +===== Set Automatic Startup =====
 +  * We end where we started "/​etc/​rc.conf"​. ​ Add the following to enable startup of seafile,​seahub,​ and apache<​file bash /​etc/​rc.conf>​
 +  * Finally either restart or run the following to get everything running:<​file bash>
 +service seafile start
 +service seahub start
 +service apache24 start
freebsd/seafile_with_apache_https.1550856138.txt.gz · Last modified: 2019/02/22 11:22 by tschulz