Skip to content

Latest commit

 

History

History
117 lines (96 loc) · 3.63 KB

https_with_nginx.md

File metadata and controls

117 lines (96 loc) · 3.63 KB
Raw

Enabling Https with Nginx

Here we use self-signed SSL digital certificate for free. If you use a paid ssl certificate from some authority, just skip the first step.

Generate SSL digital certificate with OpenSSL

    openssl genrsa -out privkey.pem 2048
    openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Enable SSL module of Nginx (optional)

If your Nginx does not support SSL, you need to recompile it, the commands are as follows:

    ./configure --with-http_stub_status_module --with-http_ssl_module
    make && make install

Modify Nginx configuration file

Assume you have configured nginx as Deploy-Seafile-with-nginx. To use https, you need to modify your nginx configuration file.

    server {
        listen       80;
        server_name  www.yourdoamin.com;
        rewrite ^ https://$http_host$request_uri? permanent;	# force redirect http to https
    }

    server {
        listen 443;
        ssl on;
        ssl_certificate /etc/ssl/cacert.pem;	# path to your cacert.pem
        ssl_certificate_key /etc/ssl/privkey.pem;	# path to your privkey.pem
        server_name www.yourdoamin.com;
        # ......
        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;
    }

Sample configuration file

Here is the sample configuration file:

    server {
        listen       80;
        server_name  www.yourdoamin.com;
        rewrite ^ https://$http_host$request_uri? permanent;	# force redirect http to https
    }
    server {
        listen 443;
        ssl on;
        ssl_certificate /etc/ssl/cacert.pem;            # path to your cacert.pem
        ssl_certificate_key /etc/ssl/privkey.pem;	# path to your privkey.pem
        server_name www.yourdoamin.com;
        location / {
            fastcgi_pass    127.0.0.1:8000;
            fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
            fastcgi_param   PATH_INFO           $fastcgi_script_name;

            fastcgi_param   SERVER_PROTOCOL	$server_protocol;
            fastcgi_param   QUERY_STRING        $query_string;
            fastcgi_param   REQUEST_METHOD      $request_method;
            fastcgi_param   CONTENT_TYPE        $content_type;
            fastcgi_param   CONTENT_LENGTH      $content_length;
            fastcgi_param   SERVER_ADDR         $server_addr;
            fastcgi_param   SERVER_PORT         $server_port;
            fastcgi_param   SERVER_NAME         $server_name;
            fastcgi_param   HTTPS               on;
            fastcgi_param   HTTP_SCHEME         https;

            access_log      /var/log/nginx/seahub.access.log;
    	    error_log       /var/log/nginx/seahub.error.log;
        }
        location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://127.0.0.1:8082;
            client_max_body_size 0;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
        }
        location /media {
            root /home/user/haiwen/seafile-server-latest/seahub;
        }
    }

Reload Nginx

    nginx -s reload

Modify settings to use https

ccnet conf

Since you change from http to https, you need to modify the value of "SERVICE_URL" in ccnet/ccnet.conf:

SERVICE_URL = https://www.example.com

seahub_settings.py

You need to add a line in seahub_settings.py to set the value of FILE_SERVER_ROOT (Or HTTP_SERVER_ROOT before version 3.1.0)

FILE_SERVER_ROOT = 'https://www.example.com/seafhttp'

Start Seafile and Seahub

./seafile.sh start
./seahub.sh start-fastcgi