Mar 212013
 

seafilelogoSeafile is a cool project about building a private “Dropbox-like” system.

Although young, it looks VERY promising and it is well documented.

The only shadow part is that if you follow the manual step by step you end up in having an HTTP web server frontend which is definitely not perfect if you’re looking for security.

Info about how to decently configure Apache2 are a bit dispersed on multiple sites, hence I’ve decided to detail in this post the few simple steps you need to achieve a Seafile based private cloud where even the  web frontend works in HTTPS.

Let’s pick up from where you end up if you follow the instructions published by Seafile Team.

First of all, we need to setup our Apache Virtual Host to talk HTTPS. And to do this, we need digital certificates to encrypt the communication.

If you don’t want to spend money on an official one, you can create a self-signed digital certificate running two simple commands to be run on a system with openssl installed.

Generate the private key, which you need to keep secret:

openssl genrsa -out mykey.pem 2048

Then you’ll create a self signed certificate:

openssl req -new -x509 -key mykey.pem -out my-cert.pem -days 1095

Copy these files (mykey.pem and my-cert.pem) into a path you know, like /etc/apache2/ssl/

Once you’re done with these, create a new file in /etc/apache2/sites-available directory called

<myseafilesite>.conf     (yeah, replace <myseafilesite> with a name of your choice, like www.mysite.com)

Edit it and paste there the following lines:

<VirtualHost *:443>
ServerAdmin mymail@mydomain.com

Servername www.myseafile.com     (this must match your seafile directory)
ServerAlias www.myseafile.com     (this must match your seafile directory)
DocumentRoot /var/www/seafile     (this must match your seafile directory)
Alias /media /var/www/seafile/seahub/media
SSLEngine On

SSLCertificateFile /etc/apache2/ssl/my-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/mykey.pem

</VirtualHost>

Then we need to enable Apache with Fastcgi module. If you’re on a Debian or Ubuntu box, open a terminal and type the command:

apt-get install libapache2-mod-fastcgi

Then you re-edit the file /etc/apache2/sites-available/<myseafilesite>.conf and add before the final </VirtualHost> tag the following lines:

RewriteEngine On
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Once you’re done with this modification, edit the file ccnet.conf within the ccnet directory created at installation (in my case it is in /var/www/ccnet).

Change the line:
SERVICE_URL = http://www.myseafilesite.com
into
SERVICE_URL = https://www.myseasilesite.com

Finally, we need to add a way to handle all connections attempted to http://www.myseafilesite.com to be redirected to the https instance so you’re always communicating on an encrypted channel.

To do this, open again the famous /etc/apache2/sites-available/<myseafilesite>.conf and add another VirtualHost session for the port 80 as follows:

<VirtualHost *:80>
ServerAdmin mymail@yourdomain.com

Servername www.myseafilesite.com
ServerAlias www.myseafilesite.com
RedirectMatch permanent (/.*) https://www.myseafilesite.com$1
</VirtualHost>

Then, we need to enable the Fastcgi module editing /etc/apache2/apache2.conf and inserting the following line:

FastCGIExternalServer /var/www/seafile/seahub.fcgi -host 127.0.0.1:8000

We’re good to go, let’s test.

First, we enable the site with the command:

a2ensite <myseafilesite>.conf

and then by restarting apache with the command:

service apache2 restart

Point your browser to http://www.myseafile.com and you should sea a screen like the one reported below:

Seafile Login Page

Seafile Login Page

Check that connection type is encrypted using the tools and menu options of your browser.

Enjoy!

  5 Responses to “Seafile – Configuring with Apache in https”

  1. Yes, the seafile directory is where you install Seafile. I recommend to move it from your homedir to a more widely available directory for the Web Server, and configure the webserver accordingly.
    Hope this helps.

  2. 1

    same problem here
    Servername http://www.myseafile.com     (this must match your seafile directory)
    ServerAlias http://www.myseafile.com     (this must match your seafile directory)
    DocumentRoot /var/www/seafile     (this must match your seafile directory) – See more at: http://techiezone.rottigni.net/2013/03/seafile-configuring-with-apache-in-https/#sthash.KdtXixDX.dpuf

  3. 1

    Hi ,

    nice Tutorial! But I couldn’t follow you in the step
    Servername http://www.myseafile.com     (this must match your seafile directory)
    ServerAlias http://www.myseafile.com     (this must match your seafile directory)
    DocumentRoot /var/www/seafile     (this must match your seafile directory)
    Alias /media /var/www/seafile/seahub/media

    what is the seafile directory? I follow the instructions of the “seafile-installation guide”. I installed it under /home/<user>/haiwen. Is it the DocumentRoot? Same at the Alias? I couldn’t find the media directory.

    Thanks a lot!

  4. 1

    Hi,

    I tried it on Centos 6 64bit with Apache but I am not able to get it run.

    Everything I tried I got File does not exist: /var/www/seahub.fcgi/

    Google say nothing about this error. I read the file is only a placeholder ?!?

    Any Ideas?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)