Enabling Https with Apache
Generate SSL digital certificate with OpenSSL
Here we use self-signed SSL digital certificate for free. If you use a paid ssl certificate from some authority, just skip the this step.
openssl genrsa -out privkey.pem 2048 openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See this thread for more information.
Enable https on Seahub
Assume you have configured Apache as Deploy Seafile with Apache. To use https, you need to enable mod_ssl
sudo a2enmod ssl
On Windows, you have to add ssl module to httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Then modify your Apache configuration file. Here is a sample:
<VirtualHost *:443> ServerName www.myseafile.com DocumentRoot /var/www SSLEngine On SSLCertificateFile /path/to/cacert.pem SSLCertificateKeyFile /path/to/privkey.pem Alias /media /home/user/haiwen/seafile-server-latest/seahub/media <Location /media> Require all granted </Location> RewriteEngine On # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - # # seahub # SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ProxyPass / fcgi://127.0.0.1:8000/ </VirtualHost>
Modify settings to use https
Since you change from http to https, you need to modify the value of "SERVICE_URL" in ccnet.conf. You can also modify SERVICE_URL via web UI in "System Admin->Settings". (Warning: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
SERVICE_URL = https://www.myseafile.com
You need to add a line in seahub_settings.py to set the value of
FILE_SERVER_ROOT. You can also modify
FILE_SERVER_ROOT via web UI in "System Admin->Settings". (Warning: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)
FILE_SERVER_ROOT = 'https://www.myseafile.com/seafhttp'
Start Seafile and Seahub
./seafile.sh start ./seahub.sh start-fastcgi