Seafile服务端启用https

发表于 更新于 分类于

安装Nginx

1
2
sudo apt install nginx -y
sudo systemctl enable nginx

Certbot

1
2
3
sudo apt-get install certbot python3-certbot-nginx
#sudo certbot --nginx
sudo certbot certonly --manual --preferred-challenges dns -d file.pzbox.cn

缺点:手工续期。

配置 /etc/nginx/sites-available/seafile.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';

server {
    server_name file.pzbox.cn;

    proxy_set_header X-Forwarded-For $remote_addr;
    client_max_body_size 100m;

    root /opt/pzbox/www/seahub;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $http_host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;

        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root /opt/pzbox/seafile/seafile-server/seahub;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/file.pzbox.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/file.pzbox.cn/privkey.pem;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}
server {
    if ($host = file.pzbox.cn) {
        return 301 https://$host$request_uri;
    } #

    listen 80;
    server_name file.pzbox.cn;
    return 404;
}

启用配置

1
2
sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
sudo systemctl start nginx

/opt/pzbox/seafile/conf/seahub_settings.py

1
2
SERVICE_URL = "https://file.pzbox.cn"
CSRF_TRUSTED_ORIGINS = ["https://file.pzbox.cn"]

重启服务

1
2
./seafile.sh restart
./seahub.sh restart

参考资料
https://manual.seafile.com/12.0/setup_binary/https_with_nginx/
https://www.jianshu.com/p/5f88b8e7ee71