problem with seafile via nginx and https

[Veron leets]

Hello,

I have some real trouble with configuring seafile in total. My goal is to run a seafile server with https on my raspberry pi. I'm using a dyndns service and becouse every wiki entry based on a domain I'm having trouble getting it done.

These are the entrys in my config-files.

seafile.conf:

[network]

port=12001

[httpserver]

port = 8082

https=true

pemfile=/path/cacert.pem;

privkey=/path/privkey.pem;

ccnet.conf

[General]

USER_NAME = srv-sea

ID = myID

NAME = srv-sea

SERVICE_URL = https://mydyndns:8000

[Network]

PORT = 10001

[Client]

PORT = 13418

seahub_settings.py

SERVE_STATIC = False

MEDIA_URL = '/seafmedia/'

SITE_ROOT = '/seafile/'

HTTP_SERVER_ROOT = 'https://mydyndns/seafhttp'

nginx.conf

user www-data;

worker_processes 4;

pid /var/run/nginx.pid;

events {

        worker_connections 768;

        # multi_accept on;

}

http {

        ##

        # Basic Settings

        ##

        sendfile on;

        tcp_nopush on;

        tcp_nodelay on;

        keepalive_timeout 65;

        types_hash_max_size 2048;

        # server_tokens off;

         server_names_hash_bucket_size 64;

        # server_name_in_redirect off;

        include /etc/nginx/mime.types;

        default_type application/octet-stream;

        ##

        # Logging Settings

        ##

        access_log /var/log/nginx/access.log;

        error_log /var/log/nginx/error.log;

        ##

        # Gzip Settings

        ##

        gzip on;

        gzip_disable "msie6";

        # gzip_vary on;

        # gzip_proxied any;

        # gzip_comp_level 6;

        # gzip_buffers 16 8k;

        # gzip_http_version 1.1;

        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##

        # nginx-passenger config

        ##

        # Uncomment it if you installed nginx-passenger

        ##

        #passenger_root /usr;

        #passenger_ruby /usr/bin/ruby;

        ##

        # Virtual Host Configs

        ##

        include /etc/nginx/conf.d/*.conf;

        include /etc/nginx/sites-enabled/*;

server {

        listen       80;

        server_name  mydyndns:8000;

        rewrite ^/(.*) https://$server_name/$1 permanent;       # force redirect http to https

    }

    server {

        listen 443;

        ssl on;

        ssl_certificate path/cacert.pem;            # path to your cacert.pem

        ssl_certificate_key /path/privkey.pem;     # path to your privkey.pem

        server_name mydyndns:8000;

        location / {

            fastcgi_pass    127.0.0.1:8000;

            fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;

            fastcgi_param   PATH_INFO           $fastcgi_script_name;

            fastcgi_param   SERVER_PROTOCOL     $server_protocol;

            fastcgi_param   QUERY_STRING        $query_string;

            fastcgi_param   REQUEST_METHOD      $request_method;

            fastcgi_param   CONTENT_TYPE        $content_type;

            fastcgi_param   CONTENT_LENGTH      $content_length;

            fastcgi_param   SERVER_ADDR         $server_addr;

            fastcgi_param   SERVER_PORT         $server_port;

            fastcgi_param   SERVER_NAME         $server_name;

            fastcgi_param   HTTPS   on;

            fastcgi_param HTTP_SCHEME https;

            access_log      /var/log/nginx/seahub.access.log;

            error_log       /var/log/nginx/seahub.error.log;

        }

        location /seafhttp {

            rewrite ^/seafhttp(.*)$ $1 break;

            proxy_pass http://127.0.0.1:8082;

            client_max_body_size 0;

        }

        location /media {

            root /home/seafile/seafile/seafile-server-2.0.3;

            include /etc/nginx/mime.types;

        }

    }

}

With these entrys I can only access seafile via browser with https://mydyndns     ... With port 8000 (https://mydyndns:8000) every browser tells me that it can't load the site

Also if i go to https://mydyndns then I only get HTML-code but no css at all (indepent from where I go on the website. It just doesn't load anywhere). This is why I added include /etc/nginx/mime.types; but it doesn't seem to do anything.

So the big confusion for me comes from the fact that I don't know in which of these files I need to put https://mydyndns and in which I need to put https://mydyndns:8000 

Btw: If I try to login with the client software with https://mydyndns and the correct credentials then I get the warning if I want to trust the ssl certificate but if I click yes then I get the 404 error. 

Thanks for the help. 

Regards Veron

P.s.: Seafile is great so far and it did really work fine (for me) without before I tried to enable https. The only thing I would like to have added is the option to change the password of a library ... but first I need to get the libraries online again :)

[Lingtao Pan]

[httpserver]

port = 8082

https=true

pemfile=/path/cacert.pem;

privkey=/path/privkey.pem;

Remove 

https=true

pemfile=/path/cacert.pem;

privkey=/path/privkey.pem;

[Veron leets]

Thanks for your answer. I did make the changes.

The seafile.conf file now has only two entrys:

[network]

port=12001

[httpserver]

port 8082

After restarting the server (yes, I restarted seahub with restart-fastcgi). Nothing changed much. 

When I go to https://mydyndns the browser replies with "Welcome to nginx!"

Is there anything else I need to change?

[Lingtao Pan]

When you use Nginx, the port 8000 is already hidden from outside. You should check our manual carefully, and the correct config files should be like:

SERVICE_URL = https://mydyndns

server {

        listen       80;

        server_name  mydyndns;

        rewrite ^/(.*) https://$server_name/$1 permanent;       # force redirect http to https

    }

    server {

        listen 443;

        ssl on;

        ssl_certificate path/cacert.pem;            # path to your cacert.pem

        ssl_certificate_key /path/privkey.pem;     # path to your privkey.pem

        server_name mydyndns;

[Veron leets]

Hallo Lingtao and thanks again!

I did make the changes, but the only thing that changes is that my browser is no running in an endless loop (without going 404 oder something like that). 

I also did make the installation along with your manuels ( https://github.com/haiwen/seafile/wiki/Download-and-setup-seafile-server, https://github.com/haiwen/seafile/wiki/Deploy-Seafile-with-nginx and https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web-with-nginx). The only thing that is no working with these instructions is the part of https-manuel where it says:

./configure --with-http_stub_status_module --with-http_ssl_module
    make && make install

It says no file or directory (I'm in /etc/nginx/), but becouse the manuel says "optional" I'd skiped it. Do  I have to make this change and if so how? 

Also I'm using no-ip to forward to my pi, but I think I set up everything right there (no-ip states the following: http://www.noip.com/support/knowledgebase/can-you-add-an-ssl-to-a-hostname-attached-to-no-ips-domain/ )

Thanks in advance! :)

[Lingtao Pan]

Can you first try to set Seafile up without https? And if it does not work, please post your config files again. Our wiki page should be OK, since it already works for so many people.

2013/12/19 Veron leets <rene...@googlemail.com>

--
You received this message because you are subscribed to a topic in the Google Groups "seafile" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/seafile/GckFJ_5VAe0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to seafile+u...@googlegroups.com.
To post to this group, send email to sea...@googlegroups.com.
Visit this group at http://groups.google.com/group/seafile.
For more options, visit https://groups.google.com/groups/opt_out.

[Veron leets]

Ok, I'll try that. I'll post my results here.

[Veron leets]

The guide (https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web) now only refers to the two others guides with apache and nginx ...

[Veron leets]

Seahub seems to be working again (I don't know why and I didn't change anything besides the no-ip client on my pi to refresh in shortet intervals). 

I load for about 10 seconds and then displays only html code. I can navigate, but everywhere I go it's just html.

Now I have two problems again:

1.) how do I get seafile to load the correct data besides the html? I tried to add   include /etc/nginx/mime.types; in nginx.conf (becouse it solved this issue in an other post in this group), but it doesn't seem to work for me.

2.) The client software still goes as far as the warning for the certificate, but the response with the error "Failed to login: error code 404" ...

Thanks again :)

Veron

[Lingtao Pan]

This is an old and wrong document. It should not be visible from the home page of our Wiki. I found you follow this wrong document, so I deleted the contents yesterday  to prevent others reading this old document. 

I suggest you delete the current folders and re-install seafile server cleanly. And make sure Seafile firstly work with HTTP, then add HTTPS support.

[Veron leets]

Ok, I have hoped to avoid a complete new installation, but I'll do that... I'll post results / erros here.

[Veron leets]

So got seafile to work for me. The problem was that nginx did not install correctly via apt-get! 

I did have to make some changes on the sourcelist to get in right.

For everybody how has this problem aswell pls check if nginx is correctly installed by using the following:

dpkg -l | grep nginx 

If this replies something like "ii  nginx (...)" then its correctly installed. If anything else then ii, then you have to check / install it again.

One last note: please add the "nginx -s reload" line to https://github.com/haiwen/seafile/wiki/Deploy-Seafile-with-nginx as well as a quickview on how to start/stop it (service nginx start).

Anyway thanks again for the great software and help!! Can't wait for more great features from you guys! :)

Best regards

Veron