Comments (12)
I have the same issue with version 1.5. After login i'm redirected to http://example.org/home/my/.
Assuming you are using nginx, add the following entry in nginx.conf:
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
Every HTTP request will be rewritten to HTTPS!
(Similar to xiez solution for apache.)
from seafile.
We just tested with nginx proxy, https redirects works fine.
Can you give us more details like how you configure apache proxy?
from seafile.
Hi, this is my virtual server config for the proxy:
<VirtualHost *:443>
ServerAdmin [email protected]
Servername seafile.domain.com
ServerAlias seafile.domain.com
SSLProxyEngine On
SSLEngine On
ProxyPreserveHost On
SSLCertificateFile /etc/apache2/ssl/seafile.cert
SSLCertificateKeyFile /etc/apache2/ssl/seafile.key
ProxyPass / http://192.168.0.13:8000/
ProxyPassReverse / http://192.168.0.13:8000/
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
Servername seafile.domain.com
ServerAlias seafile.domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.0.13:8000/
ProxyPassReverse / http://192.168.0.13:8000/
</VirtualHost>
And a capture of the headers:
https://seafile.domain.com/
GET / HTTP/1.1
Host: seafile.domain.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: csrftoken=df73966d1b296127c108e233050e68de; sessionid=7b8579212731db99efd89015afb1b74b
HTTP/1.1 302 FOUND
Date: Thu, 13 Dec 2012 14:13:06 GMT
Server: gunicorn/0.16.1
Vary: Accept-Language,Cookie
Content-Type: text/html; charset=utf-8
Location: http://seafile.domain.com/accounts/login?next=/
Content-Language: en
Set-Cookie: csrftoken=d73966d1b296127c108e233050e68de; expires=Thu, 12-Dec-2013 14:13:06 GMT; Max-Age=31449600; Path=/
Via: 1.1 seafile.domain.com
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
My CCnet config
[General]
USER_NAME = domain
ID = 9be68e5ba095d39a0c31c6fe0ec3649c9447b607
NAME = domain
SERVICE_URL = https://seafile.domain.com
[Network]
PORT = 10001
[Client]
PORT = 13419
from seafile.
This should work using mod_rewrite.
<VirtualHost *:80>
ServerAdmin [email protected]
Servername seafile.domain.com
ServerAlias seafile.domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.0.13:8000/
ProxyPassReverse / http://192.168.0.13:8000/
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
Apache proxy will rewrite all http request to https. But in this way, you can only use https. Hope this fits your scene.
BTW, using apach as proxy server will not gain best performance. We recommend using Apach with fcgi. This will also solve the https redirect issue. Check out here, https://github.com/haiwen/seafile/wiki/Deploy-Seafile-Web-with-nginx-apache
from seafile.
Thank for your reply and for writing the apache-fastcgi howto. But I dont know if fastcgi suites my setup. I would have to maintain two parts of seafile on two different virtual machines. /media on the apache server and the rest on the seafile server.
I already had a "fix" for the http problem by using
RedirectMatch permanent (/.*) https://seafile.domain.com$1
but there is still the problem that the client sends one unencrypted http request including its session-id cookie to the server, before it gets redirected to https.
Looks like there is no easy way to fix this single redirect to http in the seahub code? Another option is to add a HSTS information into the apache response headers, but this is not supported by all browsers.
from seafile.
According to https://docs.djangoproject.com/en/dev/topics/security/, you need to set SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True in seahub_settings.py, this will secure your session id, and csrf token id.
from seafile.
Thanks, im happy with this solution.
But i have also found the root cause of my problem. In Line 86 of views.py
@login_required
def root(request):
return HttpResponseRedirect(reverse(myhome))
the user gets redirected. The django framework redirects to http because is_secure() returns false (https://code.djangoproject.com/ticket/12043), due to the fact that the apache proxy talks to the application in http. Sadly the proposed solution (https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header) is not available in django 1.3.
from seafile.
The following setting in the nginx conf fixes the problem if you don't want to open port 80 for rewrite purpose. Add the following line to the fastcgi_param settings:
fastcgi_param HTTPS $https;
from seafile.
@hostirosti Is there also a solution without fastcgi?
$ curl -v https://myhost
> GET / HTTP/1.1
> Host: myhost
>
< HTTP/1.1 302 FOUND
< Location: http://myhost/accounts/login?next=/
from seafile.
@daald Have you tried any of the solutions mentioned above? I haven't worked with seafile for years so not sure what they currently support.
from seafile.
@hostirosti I didn't see J4nsen's comment so far, which looks very helpful. The other options didn't apply to my setup (don't have fastcgi and don't have port 80). I listed all possible options in a comment of another issue: #250 (comment)
from seafile.
@hostirosti Yes, the trick with the Django config works. #250 (comment). I highly recommend adding a paragraph with this solution to https://manual.seafile.com/deploy/https_with_nginx.html. Without this setting, seafile breaks all the security you can get using https
from seafile.
Related Issues (20)
- Seafile 10 & 11 docker + OnlyOffice docker - error save files if the server is deployed in a local environment, seafile 9 - good
- seaf-fuse Input/output error , some users not shown and files corrupted HOT 6
- seafdav.conf workers parameters does not seem to be used HOT 2
- Ubuntu 23.04 (Lunar Lobster) not supported in APT release repository HOT 2
- ERROR : PUT: byte copy failed -- Upload of MOV files via WebDAV not possible. HOT 15
- Seafile V 11.0.2 "sluggish" HOT 1
- How to get repo token for websocket notifications HOT 5
- Web api sometimes returns file or folder id as 0000000000000000000000000000000000000000 HOT 3
- ./seafile.sh start boot failed HOT 1
- (feature request) SeaDrive explorer share option
- 11.0.2 pro docker missing boto3 module, fails to import seafevents package HOT 2
- Seafile Drive GUI continues uploading a file that was deleted. HOT 1
- MariaDB programming error after upgrading to 11.0.3 HOT 6
- RuntimeError: Failed to generate ssl certificate for domain HOT 6
- Setting fixed_block_size is invalid, it will always be 8M upload blocks. HOT 1
- ldap sync for ad domain group and organizationalUnit HOT 1
- LDAP issue with upgrade to 11.0.4 HOT 1
- LDAP 用户登录之后,获取邮箱异常 HOT 1
- 服务没做任何调整,突然访问不了了,查看upgrade_2.0_2.1失败 HOT 2
- Table 'seahub_db.FileHistory' doesn't exist & Table 'seahub_db.Activity' doesn't exist HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from seafile.