Seafile搭建非标准端口https

前言

就是搭建一个局域网文件共享的服务器而已

安装流程

跟着官方文档走一遍就可以了

数据库MariaDB 或者 MySQL都可以

使用Nginx配置非标准端口https(踩坑)

目前Seafile默认的8000端口已被我自己的其他程序占用,所以我用的8001端口,而我准备https用8003端口

去/etc/nginx/conf.d下创建一个Seafile.conf文件作为https的配置文件

具体配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
server {
listen 8003 ssl; # 重点修改
ssl_certificate /etc/ssl/ssl.crt; #crt 文件路径
ssl_certificate_key /etc/ssl/ssl.key; #key 文件路径
server_name trojanazhen.top;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;

# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;

proxy_set_header X-Forwarded-For $remote_addr;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;

location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host $host:8003; # 重点修改,不然网页端登陆会出现CSRF错误
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;

access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;

proxy_read_timeout 1200s;

client_max_body_size 0;
}

location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /opt/Seafile/seafile-server-latest/seahub; # 重点修改,找到你的seahub路径
}
}

因为配置http端口跳转https端口出了点小问题,所以直接把http毙了

如果提示 dhparam.pem 找不到的问题,我建议你自己解决

再修改seafile的配置文件/opt/Seafile/conf/ccnet.conf

1
2
3
4
5
6
7
[General]
...

SERVICE_URL = https://trojanazhen.top:8003
FILE_SERVER_ROOT = https://trojanazhen.top:8003/seafhttp

...

之后修改/opt/Seafile/conf/seahub_settings.py

1
2
3
...

FILE_SERVER_ROOT = 'https://trojanazhen.top:8003/seafhttp'

之后重新加载nginx nginx -s reload

然后先启动Seafile服务,后启动Seahub服务

1
2
3
bash seafile.sh start

bash seahub.sh start 8001
0%