Seafile webdav how to

Enabling Https with Nginx¶

Here we suggest you use Let's Encrypt to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step.

Generate SSL certificate¶

For users who use Let's Encrypt, you can obtain a valid certificate via Certbot ACME client

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

To learn more about how to use Certbot you can read threir documentation.

If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See this thread for more information.

Enable SSL module of Nginx (optional) ¶

If your Nginx does not support SSL, you need to recompile it, the commands are as follows:

Modify Nginx configuration file¶

Assume you have configured nginx as Deploy-Seafile-with-nginx. To use https, you need to modify your nginx configuration file.

Sample configuration file¶

Generate DH params¶

(this takes some time)

Here is the sample configuration file:

Large file uploads¶

Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf server in our case). But it seems when the file size is very large, the buffering mechanism doesn't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version> = 1.8.0 and add the following options to Nginx config file:

If you have WebDAV enabled it is recommended to add the same:

Reload Nginx¶

Modify settings to use https¶

ccnet conf¶

Since you changed from http to https, you need to modify the value of in ccnet.conf. You can also modify via the web UI in "System Admin-> Settings". (Warning: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)

seahub_settings.py¶

You need to add a line in seahub_settings.py to set the value of. You can also modify via the web UI in "System Admin-> Settings". (Warning: If you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)

Change Seafile config¶

Update the configuration of the seafile fileserver is in the section of the file to local ip

Start Seafile and Seahub¶

Additional modern settings for nginx (optional) ¶

Activate IPv6¶

Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.

Activate HTTP2¶

Activate HTTP2 for more performance. Only available for SSL and nginx version> = 1.9.5. Simply add.

Additional security settings for nginx (optional) ¶

Force https on next visit¶

Add the HSTS header. If you already visited the https version the next time your browser will directly visit the https site and not the http one. Prevent man-in-the-middle-attacks:

Obfuscate nginx version¶

Disable exact server version in header. Prevent scans for vulnerable servers. This should be added to every server block, as it shall obfuscate the version of nginx.

Test your server¶

To check your configuration you can use the service from ssllabs: https://www.ssllabs.com/ssltest/index.html.