Cross Origin Problem with Seafile Nginx
1,113 views
Skip to first unread message
Michael Siebertz
Jul 23, 2014, 11:37:13 AM7/23/14
to sea...@googlegroups.com
Hallo,
i'm using seafile at my private server which is at my home. Luckily i have a static ip address and setup seafile.
My ip adress resolves to 2 DNS Adresses. System is Debian wheezy with nginx and mariadb.
Unfortunately i cant upload files via web browser. It always says, "can not connect" when i click start in the transfer dialog and firefox developers says (message is in german), replaced my domain with *:
Translated it means something with cross-origin-request
Nginx config, with cors actually enabled i think.
seahub_settings.py (replaced some values with dummy ones for security reasons to paste here and domain with *)
and ccnet.conf (replaced some values with dummy ones for security reasons to paste here and domain with *)
Can somebody tell me whats wrong? Seafile Client works without any problems.
Thx in advance
i'm using seafile at my private server which is at my home. Luckily i have a static ip address and setup seafile.
My ip adress resolves to 2 DNS Adresses. System is Debian wheezy with nginx and mariadb.
Unfortunately i cant upload files via web browser. It always says, "can not connect" when i click start in the transfer dialog and firefox developers says (message is in german), replaced my domain with *:
Cross-Origin-Anfrage blockiert: Die Same-Origin-Regel verbietet, die externe Ressource auf https://*.de/seafhttp/upload-aj/b0df2d39 zu lesen. Dies kann gelöst werden, indem die Ressource auf die gleiche Domain geschoben wird oder CORS aktiviert wird.
Translated it means something with cross-origin-request
Nginx config, with cors actually enabled i think.
server {
listen 4443; #IPv4
#listen [::]:443; # IPv6
ssl on;
ssl_certificate /etc/nginx/certs/ssl.crt;
ssl_certificate_key /etc/nginx/certs/ssl.key;
set $cors "true";
server_name 172.16.0.3;
location / {
add_header Access-Control-Allow-Origin *;
if ($cors = "true") {
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
}
if ($request_method = OPTIONS) {
return 204;
}
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
}
location /media {
root /srv/seafile/haiwen/seafile-server-latest/seahub;
}
}
seahub_settings.py (replaced some values with dummy ones for security reasons to paste here and domain with *)
SECRET_KEY = "foobar"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafileusr',
'PASSWORD': 'dummy',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
HTTP_SERVER_ROOT = 'https://*.de/seafhttp'
[General]
USER_NAME = haiwen
ID = foobar
NAME = haiwen
SERVICE_URL = https://*.de:8000
[Network]
PORT = 10001
[Client]
PORT = 13418
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafileusr
PASSWD = dummy
DB = ccnet-db
CONNECTION_CHARSET = utf8
Can somebody tell me whats wrong? Seafile Client works without any problems.
Thx in advance
Shuai Lin
Jul 23, 2014, 11:45:26 AM7/23/14
to sea...@googlegroups.com
So which url are you visiting in your browser? https://*.de or
172.16.0.3? Also you should add "*.de" to server_name of the nginx
config.
> --
> You received this message because you are subscribed to the Google Groups
> "seafile" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to seafile+u...@googlegroups.com.
> To post to this group, send email to sea...@googlegroups.com.
> Visit this group at http://groups.google.com/group/seafile.
> For more options, visit https://groups.google.com/d/optout.
172.16.0.3? Also you should add "*.de" to server_name of the nginx
config.
> You received this message because you are subscribed to the Google Groups
> "seafile" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to seafile+u...@googlegroups.com.
> To post to this group, send email to sea...@googlegroups.com.
> Visit this group at http://groups.google.com/group/seafile.
> For more options, visit https://groups.google.com/d/optout.
Michael Siebertz
Jul 23, 2014, 11:54:42 AM7/23/14
to sea...@googlegroups.com
Hello shuai,
just for information.
The server is behind a router and all ports are natted to the server so they are forwarded without firewall or anything that is blocking.
i'm visiting the https://*.de and also did have this in included in the nginx config but didn't work also either.
The server has internally a 172.16.0.X address and is visible as 212.XXX.XXX.XXX to the world outside.
Not quite sure if i need to add the 212. to /etc/hosts. Tried to solve anything at once, so don't remember all i tried.
What do you need for further information? Nginx doesn't log the upload request, seahub logs the transfer dialog but no error for missed upload.
Regards
just for information.
The server is behind a router and all ports are natted to the server so they are forwarded without firewall or anything that is blocking.
i'm visiting the https://*.de and also did have this in included in the nginx config but didn't work also either.
The server has internally a 172.16.0.X address and is visible as 212.XXX.XXX.XXX to the world outside.
Not quite sure if i need to add the 212. to /etc/hosts. Tried to solve anything at once, so don't remember all i tried.
What do you need for further information? Nginx doesn't log the upload request, seahub logs the transfer dialog but no error for missed upload.
Regards
Michael Siebertz
Jul 24, 2014, 3:58:45 PM7/24/14
to sea...@googlegroups.com
I think i just found a workaround and cause of root.
After analysing traffic with wireshark and chrome i could see, that also nginx serves seafile on port 4443 the upload requests an ressource address of https with port 443 which cant work anyway as there is another website running.
The address looked like https://url.de/seafhttp
That is why the cross origin warning appears as port 443 uses another certificate. I don't see any hint in documentation on this to solve so i will have to change my webserver setup.
Only possible solution seems to run seafile with https and nginx on no other port than 443 as it then worked without problems (tested with another virtual machine).
Shuai Lin
Jul 24, 2014, 8:52:54 PM7/24/14
to sea...@googlegroups.com
Hi Michael,
Just set this in your seahub_settings.py,
And try upload again after restart your seahub.
Just set this in your seahub_settings.py,
HTTP_SERVER_ROOT = 'https://*.de:4443/seafhttp'
And try upload again after restart your seahub.
Michael Siebertz
Jul 25, 2014, 3:34:27 AM7/25/14
to sea...@googlegroups.com
Hello Shuai Lin,
i just overlooked the whole config as i setup a new server with the 3.1beta, having a free day today after much stress and it is obvious that seafhttp must use the same port as the whole application does. *banghead*
Now it works even with another port and i can continue saving my data in my cloud. Thank you very much for your reply.
Regards
Reply all
Reply to author
Forward
0 new messages