nginx with https: 504 Gateway Time-out (seafile-server-2.0.1_x86)

[Daniel S]

Hi,

i have installed seafile-server-2.0.1 x86 on my linux ubuntu 12.04 (precise) server.
it runs fine.

now i want switch to https over nginx proxy, but i become 504 timeout in the browser.

seafile does not log the request (no logifile entries)

info: only replaced IDs, UIDs and psw's by "12345678" and ma domain by "mydomain"

nginx config:

server {
        listen       80;
        server_name  seafile.mydomain.de;
        rewrite ^/(.*) https://$server_name/$1 permanent;       # force redirect http to https
}

server {
        listen   443; ## listen for ipv4; this line is default and implied

        server_name seafile.mydomain.de;
        client_max_body_size 1G; # set max upload size

        ssl    on;
        ssl_certificate    /crypt/ssl-cert/nginx/seafile.mydomain.de.2013-10.cacert.crt;
        ssl_certificate_key     /crypt/ssl-cert/nginx/seafile.mydomain.de.2013-10.key;

        access_log /crypt/logs/nginx.https.seafile.mydomain.de.access.log;
        error_log /crypt/logs/nginx.https.seafile.mydomain.de.error.log;

   location / {
       fastcgi_pass    127.0.0.1:8000;
       fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
       fastcgi_param   PATH_INFO           $fastcgi_script_name;
       fastcgi_param   SERVER_PROTOCOL $server_protocol;
       fastcgi_param   QUERY_STRING        $query_string;
       fastcgi_param   REQUEST_METHOD      $request_method;
       fastcgi_param   CONTENT_TYPE        $content_type;
       fastcgi_param   CONTENT_LENGTH      $content_length;
       fastcgi_param   SERVER_ADDR         $server_addr;
       fastcgi_param   SERVER_PORT         $server_port;
       fastcgi_param   SERVER_NAME         $server_name;
       fastcgi_param   HTTPS   on;
       fastcgi_param HTTP_SCHEME https;
   }       

   location /seafhttp {
       rewrite ^/seafhttp(.*)$ $1 break;
       proxy_pass http://127.0.0.1:8082;
       client_max_body_size 0;
   }

   location /media {
       root /crypt/seafile/seafile-server/seahub;
   }

}

# >cat seahub_settings.py

SECREC_KEY = "12345678-12345678-12345678-12345678-12345678"

HTTP_SERVER_ROOT = 'https://seafile.mydomain.de/seafhttp'

DATABASES = {

    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'seafile',
        'PASSWORD': '12345678',
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS': {
            'init_command': 'SET storage_engine=INNODB',
        }
    }
}

# >cat ccnet/ccnet.conf 

[General]
USER_NAME = mydomain
ID = 12345678d59b44c8167fe412345678
NAME = mydomain
SERVICE_URL = https://seafile.mydomain.de

[Network]
PORT = 10001

[Client]
PORT = 13418

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = 12345678
DB = seafile-ccnet

# >cat seafile-data/seafile.conf

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = seafile
password = 12345678
db_name = seafile-db

[network]
port = 12001

[httpserver]
port = 8082
#added by my:
max_upload_size=1000
max_download_dir_size=1000

# >wget http://127.0.0.1:8000

--2013-10-29 23:20:59--  http://127.0.0.1:8000/

Connecting to 127.0.0.1:8000... connected.

HTTP request sent, awaiting response... 302 FOUND

Location: http://127.0.0.1:8000/accounts/login [following]

--2013-10-29 23:20:59--  http://127.0.0.1:8000/accounts/login

Reusing existing connection to 127.0.0.1:8000.

HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.

Retrying.

--2013-10-29 23:21:00--  (try: 2)  http://127.0.0.1:8000/accounts/login

Connecting to 127.0.0.1:8000... connected.

HTTP request sent, awaiting response... 301 MOVED PERMANENTLY

Location: http://127.0.0.1:8000/accounts/login/ [following]

--2013-10-29 23:21:01--  http://127.0.0.1:8000/accounts/login/

Reusing existing connection to 127.0.0.1:8000.

HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.

Retrying.

--2013-10-29 23:21:02--  (try: 2)  http://127.0.0.1:8000/accounts/login/

Connecting to 127.0.0.1:8000... connected.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/html]

Saving to: `index.html'

    [ <=>                                                                                                                                                                                                                          ] 11.452      --.-K/s   in 0s      

2013-10-29 23:21:02 (53,8 MB/s) - `index.html' saved [11452]

>>> it returns the indesx page with login form, so: it's ok

# >wget --no-check-certificate https://seafile.mydomain.de/

--2013-10-29 23:22:19--  https://seafile.mydomain.de/

Resolving seafile.mydomain.de (seafile.mydomain.de)... xx.xx.xx.xx

Connecting to seafile.mydomain.de (seafile.mydomain.de)|xx.xx.xx.xx|:443... connected.

WARNING: cannot verify seafile.mydomain.de's certificate, issued by `/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root':

  Unable to locally verify the issuer's authority.

WARNING: no certificate subject alternative name matches

        requested host name `seafile.mydomain.de'.

HTTP request sent, awaiting response... 504 Gateway Time-out

2013-10-29 23:23:19 ERROR 504: Gateway Time-out.

And if i become https working, how can a disable seafile listen on all IP's?

i want seafile only on 127.0.0.1 - all requests over nginx with https.

atm it's still on public ip with port 8000 listening and working :(

best regards,

daniel.

[Lingtao Pan]

Did you start seahub with ./seahub.sh start-fastcgi ?

[Daniel S]

HI,

this was the problem, big thanks!

now it only listens on localhost:8000, but 3 ports are still listening on public IP:

$ >netstat -tlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:12001                 *:*                     LISTEN      4186/seaf-server

tcp        0      0 *:10001                 *:*                     LISTEN      4183/ccnet-server

tcp        0      0 *:8082                  *:*                     LISTEN      4189/httpserver 

tcp        0      0 localhost.localdo:13418 *:*                     LISTEN      4183/ccnet-server

tcp        0      0 localhost.localdom:8000 *:*                     LISTEN      7002/python2.7  

the "./seahub.sh start-fastcgi" is missing here:

https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web-with-nginx

[Lingtao Pan]

Added the missing "./seahub.sh start-fastcgi" to https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web-with-nginx

8082 can be removed from listen on public IP. We will work on this issue.

10001 and 12001 is used for syncing files with clients. They can't be removed.

2013/10/30 Daniel S <phpa...@gmail.com>

--
You received this message because you are subscribed to a topic in the Google Groups "seafile" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/seafile/3F6qlHoBUgU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to seafile+u...@googlegroups.com.
To post to this group, send email to sea...@googlegroups.com.
Visit this group at http://groups.google.com/group/seafile.
For more options, visit https://groups.google.com/groups/opt_out.