freeplant
commented
11 years ago See https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-at-Non-root-domain
We deploy at non root domain in our internal Seafile instance.
Closed dominikholler closed 11 years ago
freeplant
commented
11 years ago See https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-at-Non-root-domain
We deploy at non root domain in our internal Seafile instance.
dominikholler
commented
11 years ago Thank you for reply. I have configured like described in https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-with-nginx-apache for https, started seahub in non-fastcgi mode and configured like described in https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-at-Non-root-domain, which leads to the behavior like described in https://github.com/haiwen/seafile/issues/38, see user@thx:/tmp$ wget --no-check-certificate https://xxx.ath.cx/seafile/ --2013-05-26 08:14:24-- https://xxx.ath.cx/seafile/ Resolving xxx.ath.cx (xxx.ath.cx)... 79.196.241.160 Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 302 FOUND Location: http://xxx.ath.cx/seafile/accounts/login?next=/seafile/ [following] --2013-05-26 08:14:24-- http://xxx.ath.cx/seafile/accounts/login?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://xxx.ath.cx/seafile/accounts/login?next=/seafile/ [following] --2013-05-26 08:14:24-- https://xxx.ath.cx/seafile/accounts/login?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 301 MOVED PERMANENTLY Location: http://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ [following] --2013-05-26 08:14:25-- http://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ [following] --2013-05-26 08:14:25-- https://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.html?next=%2Fseafile%2F'
[ <=> ] 8,841 --.-K/s in 0.008s 2013-05-26 08:14:25 (1016 KB/s) - `index.html?next=%2Fseafile%2F' saved [8841]
xiez
commented
11 years ago What's your nginx configuration?
Did you add
fastcgi_param HTTPS on;
in your nginx config file ?
On May 26, 2013, at 2:21 PM, dominikx notifications@github.com wrote:
Thank you for reply. I have configured like described in https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-with-nginx-apache for https, started seahub in non-fastcgi mode and configured like described in https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-at-Non-root-domain, which leads to the behavior like described in #38, see user@thx:/tmp$ wget --no-check-certificate https://xxx.ath.cx/seafile/ --2013-05-26 08:14:24-- https://xxx.ath.cx/seafile/ Resolving xxx.ath.cx (xxx.ath.cx)... 79.196.241.160 Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 302 FOUND Location: http://xxx.ath.cx/seafile/accounts/login?next=/seafile/ [following] --2013-05-26 08:14:24-- http://xxx.ath.cx/seafile/accounts/login?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://xxx.ath.cx/seafile/accounts/login?next=/seafile/ [following] --2013-05-26 08:14:24-- https://xxx.ath.cx/seafile/accounts/login?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 301 MOVED PERMANENTLY Location: http://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ [following] --2013-05-26 08:14:25-- http://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ [following] --2013-05-26 08:14:25-- https://xxx.ath.cx/seafile/accounts/login/?next=/seafile/ Connecting to xxx.ath.cx (xxx.ath.cx)|79.196.241.160|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.html?next=%2Fseafile%2F'
[ <=> ] 8,841 --.-K/s in 0.008s
2013-05-26 08:14:25 (1016 KB/s) - `index.html?next=%2Fseafile%2F' saved [8841]— Reply to this email directly or view it on GitHub.
dominikholler
commented
11 years ago Adding fastcgi_param HTTPS on; does not change the behavior. Also it seems to me like fastcgi is not used, since location /seafile is configured to use only proxy directives and no fastcgi_ ones.
dominikholler
commented
11 years ago Is a fastcgi configuration known to work in non-root mode?
lins05
commented
11 years ago Yes. You'd better all your configuration here for others to help you.
Regards, Lin
On Tue, May 28, 2013 at 4:48 AM, dominikx notifications@github.com wrote:
Is a fastcgi configuration known to work in non-root mode?
— Reply to this email directly or view it on GitHubhttps://github.com/haiwen/seafile/issues/250#issuecomment-18514236 .
dominikholler
commented
11 years ago thx for your replys, I am going to react next week.
dominikholler
commented
11 years ago Hi, I wonder why nobody else get this problem, maybe there is an error in my configuration. I tried to follow the instructions of the wiki exactly.
pi@raspberrypi /mnt/data2/srv/seafile $ sudo cat ccnet/ccnet.conf
[General]
USER_NAME = hollyhome
ID = e7c91ef079bf45572a4beb9cc2e628cb0f0802f7
NAME = hollyhome
SERVICE_URL = https://seafile.mine.nu/
[Network]
PORT = 10001
[Client]
PORT = 13419
pi@raspberrypi /mnt/data2/srv/seafile $ cat seafile-data/seafile.conf
[database]
type=sqlite
[network]
port=12001
[httpserver]
port=8082
pi@raspberrypi /mnt/data2/srv/seafile $ cat seahub_settings.py
SECRET_KEY = "i4FsgYJU7aO4l-sLp8WZnw=="
SERVE_STATIC = False
MEDIA_URL = '/seafmedia/'
SITE_ROOT = '/seafile/'
pi@raspberrypi /mnt/data2/srv/seafile $ cat /etc/nginx/sites-enabled/seafile.mine.nu
# HTTPS server
#
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name seafile.mine.nu;
root /mnt/data2/srv/www/;
ssl on;
ssl_certificate cacert.pem;
ssl_certificate_key privkey.pem;
fastcgi_param HTTPS on;
# default try order
location / {
try_files $uri $uri/;
}
location /seafile {
proxy_pass http://127.0.0.1:8000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafmedia/ {
rewrite ^/seafmedia(.*)$ /media$1 break;
# Change to your path
root /mnt/data2/srv/seafile/seafile-server-1.6.1/seahub;
}
}
results in
user@thx:/tmp$ LC_ALL=C wget --no-check-certificate https://seafile.mine.nu/seafile 2>&1 | grep -v WARN
--2013-06-13 21:52:31-- https://seafile.mine.nu/seafile
Resolving seafile.mine.nu (seafile.mine.nu)... 79.196.225.93
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:443... connected.
Self-signed certificate encountered.
HTTP request sent, awaiting response... 301 MOVED PERMANENTLY
Location: http://seafile.mine.nu/seafile/ [following]
--2013-06-13 21:52:31-- http://seafile.mine.nu/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://seafile.mine.nu/seafile/ [following]
--2013-06-13 21:52:31-- https://seafile.mine.nu/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:443... connected.
Self-signed certificate encountered.
HTTP request sent, awaiting response... 302 FOUND
Location: http://seafile.mine.nu/seafile/accounts/login?next=/seafile/ [following]
--2013-06-13 21:52:31-- http://seafile.mine.nu/seafile/accounts/login?next=/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://seafile.mine.nu/seafile/accounts/login?next=/seafile/ [following]
--2013-06-13 21:52:31-- https://seafile.mine.nu/seafile/accounts/login?next=/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:443... connected.
Self-signed certificate encountered.
HTTP request sent, awaiting response... 301 MOVED PERMANENTLY
Location: http://seafile.mine.nu/seafile/accounts/login/?next=/seafile/ [following]
--2013-06-13 21:52:31-- http://seafile.mine.nu/seafile/accounts/login/?next=/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://seafile.mine.nu/seafile/accounts/login/?next=/seafile/ [following]
--2013-06-13 21:52:31-- https://seafile.mine.nu/seafile/accounts/login/?next=/seafile/
Connecting to seafile.mine.nu (seafile.mine.nu)|79.196.225.93|:443... connected.
Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html?next=%2Fseafile%2F.8'
0K ........ 1.07M=0.008s
2013-06-13 21:52:32 (1.07 MB/s) - `index.html?next=%2Fseafile%2F.8' saved [8841]
berturion
commented
11 years ago I have a raspberry pi and I experiencing trouble too in getting my seafile in a non root https domain to work. My best result is that I can access to my seafile site, I can log in and do all stuff but I can't see no static file at all (css, js, images). I don't understand why. I have a dynamic dns and my rooter forward port 80, 443 and 8082 to my raspberry pi. The test of the blank page is ok (https://mydomain.com:8082). My config is the same as yours.
dominikholler
commented
11 years ago hi berturion, did you note issue #38 and define a http to https forwarding like
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}Hello. Yes I have this rewrite rule. I realized that my seafile site works when I start seahub with the simple "start" option and not with the "start-fastcgi" one.
In start-fastgi mode, I have this response from my server :
504 Gateway Time-out nginx/1.2.1
dominikholler
commented
11 years ago Looks like this issue is solved in the meanwhile released version 1.7.0, iff the line 'fastcgi_param HTTPS on;' is added to the location /seafile of the nginx configuration. I will try to update the wiki.
lins05
commented
11 years ago Have you read https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web ?
Regards, Lin
On Tue, Jul 9, 2013 at 4:55 AM, dominikx notifications@github.com wrote:
Looks like this issue is solved in the meanwhile released version 1.7.0, iff the line 'fastcgi_param HTTPS on;' is added to the location /seafile of the nginx configuration. I will try to update the wiki.
— Reply to this email directly or view it on GitHubhttps://github.com/haiwen/seafile/issues/250#issuecomment-20635323 .
dominikholler
commented
11 years ago Of course I did. But this issue is about non root domain, too. This is documented in https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-at-Non-root-domain . I extended the sample ngnix configuration with the needed fastcgi_param HTTPS on; insied the nginx location. It is important, that the HTTPS on is inside the location, else the HTTPS request is redirected to HTTP. In the https://github.com/haiwen/seafile/wiki/Enable-Https-on-Seafile-web are no nginx locations used, because for an root domain setup they are not neccesary,
daald
commented
6 years ago I wonder why nobody else get this problem, maybe there is an error in my configuration. I tried to follow the instructions of the wiki exactly.
It seems that the problem is still here, 4 years later.
There seem to be workarounds:
fastcgi_param HTTPS on;, but the manual states: "If you are using FastCGI which is not recommended [...]"rewrite ^ https://$http_host$request_uri? permanent; on your port 80 server. unfortunately, I don't have oneadd_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; which is a security option but works as a very dirty workaround for this bug. it helps because the browser "fixes" the wrong url on-the-fly for security reasonsBut the first three don't solve the origin problem:
$ curl -v https://myhost
> GET / HTTP/1.1
> Host: myhost
>
< HTTP/1.1 302 FOUND
< Location: http://myhost/accounts/login?next=/
$ curl http://myhost/accounts/login?next=/
curl: (7) Failed to connect to myhost port 80: Connection refusedFinally, modifying Django config works:
Add to conf/seahub_settings.py:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')"or something which is more safe:
SECURE_PROXY_SSL_HEADER = ("http_x_safety_token", "whateveryoulikesh0liM4ahdo6ShethoC4she7")'and set the header in your webserver config, in my case nginx:
proxy_set_header X-Forwarded-Proto https;or
proxy_set_header X-Safety-Token whateveryoulikesh0liM4ahdo6ShethoC4she7;Should be pasted to https://manual.seafile.com/deploy/https_with_nginx.html ...
shoeper
commented
6 years ago Does it also work when setting it in conf/seahub_settings.py?
daald
commented
6 years ago @shoeper Indeed, conf/seahub_settings.py also works and is the file to use :-)
shoeper
commented
6 years ago @daald Maybe you could submit a PR at https://github.com/haiwen/seafile-docs
Is it possible to deploy seafile web at non root domain using https? Looks like issues 38 is still forcing a redirect over http.