Nginx 下启用 Https

在 Seahub 端启用 https

通过 OpenSSL 生成 SSL 数字认证

免费 Self-Signed SSL 数字证书用户请看. 如果你是 SSL 付费证书用户可跳过此步.

openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

修改 Nginx 配置文件

请修改 nginx 配置文件以使用 HTTPS:

server {
    listen       80;
    server_name  seafile.example.com;
    rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
    # Enables or disables emitting nginx version on error pages and in the "Server" response header field.
    server_tokens off;
}
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/cacert.pem;        # path to your cacert.pem
    ssl_certificate_key /etc/ssl/privkey.pem;    # path to your privkey.pem
    server_name seafile.example.com;
    server_tokens off;
    # ......
    proxy_pass         http://127.0.0.1:8000;
    proxy_set_header   Host $http_host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_set_header   X-Forwarded-Proto https;
    proxy_read_timeout  1200s;
}

配置文件示例

这里是配置文件示例:

server {
    listen       80;
    server_name  seafile.example.com;
    rewrite ^ https://$http_host$request_uri? permanent;  #强制将http重定向到https
    server_tokens off;
}
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/cacert.pem;        #cacert.pem 文件路径
    ssl_certificate_key /etc/ssl/privkey.pem; #privkey.pem 文件路径
    server_name seafile.example.com;
    proxy_set_header X-Forwarded-For $remote_addr;
    server_tokens off;
    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;
        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
        proxy_read_timeout  1200s;
        client_max_body_size 0;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }
}

重新加载 Nginx

nginx -s reload

修改 SERVICE_URL 和 FILE_SERVER_ROOT

下面还需要更新 SERVICE_URL 和 FILE_SERVER_ROOT 这两个配置项。否则无法通过 Web 正常的上传和下载文件。

5.0 版本开始,您可以直接通过管理员 Web 界面来设置这两个值 (注意,如果同时在 Web 界面和配置文件中设置了这个值,以 Web 界面的配置为准)

SERVICE_URL: https://www.myseafile.com
FILE_SERVER_ROOT: https://www.myseafile.com/seafhttp

启动 Seafile 和 Seahub

./seafile.sh start
./seahub.sh start # 如果你使用 fastcgi 请使用此命令`./seahub.sh start-fastcgi`

Last modified by Daniel Pan, 2024-03-22

在 Seahub 端启用 https
通过 OpenSSL 生成 SSL 数字认证
修改 Nginx 配置文件
配置文件示例
重新加载 Nginx
修改 SERVICE_URL 和 FILE_SERVER_ROOT
启动 Seafile 和 Seahub