15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-26 10:52:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
seafile-admin-docs/12.0/setup_binary/https_with_nginx/index.html

5015 lines
122 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="seafile">
<link rel="canonical" href="https://haiwen.github.io/seafile-admin-docs/12.0/setup_binary/https_with_nginx/">
<link rel="prev" href="../installation_ce/">
<link rel="next" href="../https_with_apache/">
<link rel="icon" href="../../media/favicon.ico">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.47">
<title>HTTPS with Nginx - Seafile Admin Manual</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.6f8fc17f.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#enabling-https-with-nginx" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Seafile Admin Manual" class="md-header__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Seafile Admin Manual
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
<input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg>
</a>
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../.." class="md-tabs__link">
Introduction
</a>
</li>
<li class="md-tabs__item">
<a href="../../setup/overview/" class="md-tabs__link">
Setup
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../outline_ce/" class="md-tabs__link">
Setup (binary)
</a>
</li>
<li class="md-tabs__item">
<a href="../../extension/setup_seadoc/" class="md-tabs__link">
Extensions
</a>
</li>
<li class="md-tabs__item">
<a href="../../config/ldap_in_11.0_ce/" class="md-tabs__link">
Configuration
</a>
</li>
<li class="md-tabs__item">
<a href="../../administration/" class="md-tabs__link">
Administration
</a>
</li>
<li class="md-tabs__item">
<a href="../../upgrade/upgrade/" class="md-tabs__link">
Upgrade
</a>
</li>
<li class="md-tabs__item">
<a href="../../develop/" class="md-tabs__link">
Developing
</a>
</li>
<li class="md-tabs__item">
<a href="../../changelog/server-changelog/" class="md-tabs__link">
ChangeLog
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Seafile Admin Manual" class="md-nav__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
Seafile Admin Manual
</label>
<div class="md-nav__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1" id="__nav_1_label" tabindex="0">
<span class="md-ellipsis">
Introduction
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Introduction
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../introduction/components/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Components
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../introduction/file_permission_management/" class="md-nav__link">
<span class="md-ellipsis">
File permission management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../introduction/roadmap/" class="md-nav__link">
<span class="md-ellipsis">
Roadmap
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../introduction/contribution/" class="md-nav__link">
<span class="md-ellipsis">
Contribution
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Setup
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Setup
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../setup/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/caddy/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS and Caddy
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_3" >
<label class="md-nav__link" for="__nav_2_3" id="__nav_2_3_label" tabindex="0">
<span class="md-ellipsis">
Single node installation
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2_3">
<span class="md-nav__icon md-icon"></span>
Single node installation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../setup/setup_ce_by_docker/" class="md-nav__link">
<span class="md-ellipsis">
Setup community edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/setup_pro_by_docker/" class="md-nav__link">
<span class="md-ellipsis">
Setup pro edition
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4" >
<label class="md-nav__link" for="__nav_2_4" id="__nav_2_4_label" tabindex="0">
<span class="md-ellipsis">
Advanced topics
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2_4">
<span class="md-nav__icon md-icon"></span>
Advanced topics
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_4_1" >
<label class="md-nav__link" for="__nav_2_4_1" id="__nav_2_4_1_label" tabindex="0">
<span class="md-ellipsis">
Storage Backends
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_2_4_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2_4_1">
<span class="md-nav__icon md-icon"></span>
Storage Backends
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../setup/setup_with_s3/" class="md-nav__link">
<span class="md-ellipsis">
S3 Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/setup_with_ceph/" class="md-nav__link">
<span class="md-ellipsis">
Ceph Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/setup_with_swift/" class="md-nav__link">
<span class="md-ellipsis">
OpenStack Swift Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/setup_with_multiple_storage_backends/" class="md-nav__link">
<span class="md-ellipsis">
Multiple Storage Backends
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/migrate_backends_data/" class="md-nav__link">
<span class="md-ellipsis">
Data migration
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../setup/seafile_docker_autostart/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker autostart
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/setup_with_an_existing_mysql_server/" class="md-nav__link">
<span class="md-ellipsis">
Deploy with an existing MySQL server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/use_other_reverse_proxy/" class="md-nav__link">
<span class="md-ellipsis">
Use other reverse proxy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/run_seafile_as_non_root_user_inside_docker/" class="md-nav__link">
<span class="md-ellipsis">
Run Seafile as non root user inside docker
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_5" >
<label class="md-nav__link" for="__nav_2_5" id="__nav_2_5_label" tabindex="0">
<span class="md-ellipsis">
Cluster installation (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2_5">
<span class="md-nav__icon md-icon"></span>
Cluster installation (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../setup/cluster_deploy_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker Cluster Deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/cluster_deploy_with_k8s/" class="md-nav__link">
<span class="md-ellipsis">
Setup with Kubernetes (K8s)
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" >
<label class="md-nav__link" for="__nav_2_6" id="__nav_2_6_label" tabindex="0">
<span class="md-ellipsis">
Migration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2_6">
<span class="md-nav__icon md-icon"></span>
Migration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../setup/migrate_ce_to_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup/migrate_non_docker_to_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migrate from non-docker deployment
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Setup (binary)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Setup (binary)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_1" checked>
<label class="md-nav__link" for="__nav_3_1" id="__nav_3_1_label" tabindex="">
<span class="md-ellipsis">
Seafile Community Setup
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_1_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3_1">
<span class="md-nav__icon md-icon"></span>
Seafile Community Setup
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../outline_ce/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../installation_ce/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#setup" class="md-nav__link">
<span class="md-ellipsis">
Setup
</span>
</a>
<nav class="md-nav" aria-label="Setup">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#installing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Installing Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx
</span>
</a>
<nav class="md-nav" aria-label="Preparing Nginx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#preparing-nginx-on-centos" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx-on-debianubuntu" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on Debian/Ubuntu
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuring-nginx" class="md-nav__link">
<span class="md-ellipsis">
Configuring Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#getting-a-lets-encrypt-certificate" class="md-nav__link">
<span class="md-ellipsis">
Getting a Let's Encrypt certificate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-nginx-configuration-file" class="md-nav__link">
<span class="md-ellipsis">
Modifying Nginx configuration file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#large-file-uploads" class="md-nav__link">
<span class="md-ellipsis">
Large file uploads
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Modifying seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seafileconf-optional" class="md-nav__link">
<span class="md-ellipsis">
Modifying seafile.conf (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#starting-seafile-and-seahub" class="md-nav__link">
<span class="md-ellipsis">
Starting Seafile and Seahub
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#additional-modern-settings-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Additional modern settings for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Additional modern settings for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#activating-ipv6" class="md-nav__link">
<span class="md-ellipsis">
Activating IPv6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activating-http2" class="md-nav__link">
<span class="md-ellipsis">
Activating HTTP2
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-tls-configuration-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Advanced TLS configuration for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Advanced TLS configuration for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enabling-http-strict-transport-security" class="md-nav__link">
<span class="md-ellipsis">
Enabling HTTP Strict Transport Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-perfect-forward-secrecy" class="md-nav__link">
<span class="md-ellipsis">
Using Perfect Forward Secrecy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#restricting-tls-protocols-and-ciphers" class="md-nav__link">
<span class="md-ellipsis">
Restricting TLS protocols and ciphers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../https_with_apache/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Apache
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2" >
<label class="md-nav__link" for="__nav_3_2" id="__nav_3_2_label" tabindex="">
<span class="md-ellipsis">
Seafile Professional Setup
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_2">
<span class="md-nav__icon md-icon"></span>
Seafile Professional Setup
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../outline_pro/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../installation_pro/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_2_3" >
<label class="md-nav__link" for="__nav_3_2_3" id="__nav_3_2_3_label" tabindex="0">
<span class="md-ellipsis">
Cluster deployment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_3_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_2_3">
<span class="md-nav__icon md-icon"></span>
Cluster deployment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../deploy_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Deploy in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../enable_search_and_background_tasks_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Search and background tasks in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../memcached_mariadb_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Memcache and MariaDB Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_seafile_cluster_with_nfs/" class="md-nav__link">
<span class="md-ellipsis">
Setup Seafile cluster with NFS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../seafile_professional_sdition_software_license_agreement/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_3" >
<label class="md-nav__link" for="__nav_3_3" id="__nav_3_3_label" tabindex="">
<span class="md-ellipsis">
Other deployment notes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_3">
<span class="md-nav__icon md-icon"></span>
Other deployment notes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../start_seafile_at_system_bootup/" class="md-nav__link">
<span class="md-ellipsis">
Start Seafile at System Bootup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_logrotate/" class="md-nav__link">
<span class="md-ellipsis">
Logrotate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Config fail2ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate_from_sqlite_to_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Migrate From SQLite to MySQL
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Extensions
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Extensions
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_1" >
<label class="md-nav__link" for="__nav_4_1" id="__nav_4_1_label" tabindex="0">
<span class="md-ellipsis">
Extra Seafile components
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_1">
<span class="md-nav__icon md-icon"></span>
Extra Seafile components
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../extension/setup_seadoc/" class="md-nav__link">
<span class="md-ellipsis">
SeaDoc Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/notification-server/" class="md-nav__link">
<span class="md-ellipsis">
Notification Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/webdav/" class="md-nav__link">
<span class="md-ellipsis">
WebDAV extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/fuse/" class="md-nav__link">
<span class="md-ellipsis">
FUSE extension
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Online Office
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Online Office
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../extension/libreoffice_online/" class="md-nav__link">
<span class="md-ellipsis">
Collabora Online Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/only_office/" class="md-nav__link">
<span class="md-ellipsis">
OnlyOffice Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/office_web_app/" class="md-nav__link">
<span class="md-ellipsis">
Office Online Server Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" >
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">
<span class="md-ellipsis">
Cluster (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Cluster (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../extension/distributed_indexing/" class="md-nav__link">
<span class="md-ellipsis">
Distributed indexing
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="0">
<span class="md-ellipsis">
Virus Scan (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Virus Scan (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../extension/virus_scan/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/virus_scan_with_clamav/" class="md-nav__link">
<span class="md-ellipsis">
Virus scan with ClamAV
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/virus_scan_with_kav4fs/" class="md-nav__link">
<span class="md-ellipsis">
Virus scan with Kav4fs
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
Authentication & Users
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
Authentication & Users
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1_1" >
<label class="md-nav__link" for="__nav_5_1_1" id="__nav_5_1_1_label" tabindex="0">
<span class="md-ellipsis">
LDAP/AD Integration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_5_1_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1_1">
<span class="md-nav__icon md-icon"></span>
LDAP/AD Integration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/ldap_in_11.0_ce/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ldap_in_11.0_pro/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1_2" >
<label class="md-nav__link" for="__nav_5_1_2" id="__nav_5_1_2_label" tabindex="0">
<span class="md-ellipsis">
Single Sign On
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_5_1_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1_2">
<span class="md-nav__icon md-icon"></span>
Single Sign On
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/single_sign_on/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/oauth/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/remote_user/" class="md-nav__link">
<span class="md-ellipsis">
Remote User Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/shibboleth_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/auto_login_seadrive/" class="md-nav__link">
<span class="md-ellipsis">
Auto Login to SeaDrive on Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/saml2_in_10.0/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/auth_switch/" class="md-nav__link">
<span class="md-ellipsis">
Switch authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1_3" >
<label class="md-nav__link" for="__nav_5_1_3" id="__nav_5_1_3_label" tabindex="0">
<span class="md-ellipsis">
Advanced User Management (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_5_1_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1_3">
<span class="md-nav__icon md-icon"></span>
Advanced User Management (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/multi_institutions/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Institutions Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/admin_roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Administrator Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/multi_tenancy/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Tenancy Support
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../config/details_about_file_search/" class="md-nav__link">
<span class="md-ellipsis">
Advanced File Search configuration (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ocm/" class="md-nav__link">
<span class="md-ellipsis">
Open Cloud Mesh
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_4" >
<label class="md-nav__link" for="__nav_5_4" id="__nav_5_4_label" tabindex="0">
<span class="md-ellipsis">
Available configuration options
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_4">
<span class="md-nav__icon md-icon"></span>
Available configuration options
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/env/" class="md-nav__link">
<span class="md-ellipsis">
Environment variables
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ccnet-conf/" class="md-nav__link">
<span class="md-ellipsis">
ccnet.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafile-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafile.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_settings_py/" class="md-nav__link">
<span class="md-ellipsis">
seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafevents-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafevents.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_customization/" class="md-nav__link">
<span class="md-ellipsis">
Seahub customization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/sending_email/" class="md-nav__link">
<span class="md-ellipsis">
Email Sending
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Administration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Administration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../administration/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/account/" class="md-nav__link">
<span class="md-ellipsis">
Account management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/two_factor_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Two-factor Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/security_features/" class="md-nav__link">
<span class="md-ellipsis">
Security features
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/auditing/" class="md-nav__link">
<span class="md-ellipsis">
Access logs and auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/export_report/" class="md-nav__link">
<span class="md-ellipsis">
Export report
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/logs/" class="md-nav__link">
<span class="md-ellipsis">
Logs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/backup_recovery/" class="md-nav__link">
<span class="md-ellipsis">
Backup and Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/seafile_fsck/" class="md-nav__link">
<span class="md-ellipsis">
Seafile FSCK
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/seafile_gc/" class="md-nav__link">
<span class="md-ellipsis">
Seafile GC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../administration/clean_database/" class="md-nav__link">
<span class="md-ellipsis">
Clean database
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Upgrade
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Upgrade
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../upgrade/upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster (Docker)
</span>
<span class="md-status md-status--new" title="Work in progress">
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.1.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.1.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_8.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 8.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_9.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 9.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_10.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 10.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_11.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 11.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_12.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 12.0.x
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Developing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Developing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_2" >
<label class="md-nav__link" for="__nav_8_2" id="__nav_8_2_label" tabindex="0">
<span class="md-ellipsis">
How to Build Seafile
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8_2">
<span class="md-nav__icon md-icon"></span>
How to Build Seafile
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/build_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/linux/" class="md-nav__link">
<span class="md-ellipsis">
Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/osx/" class="md-nav__link">
<span class="md-ellipsis">
macOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/windows/" class="md-nav__link">
<span class="md-ellipsis">
Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/server/" class="md-nav__link">
<span class="md-ellipsis">
Server development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/rpi/" class="md-nav__link">
<span class="md-ellipsis">
Server binary package
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../develop/translation/" class="md-nav__link">
<span class="md-ellipsis">
Translation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/web_api_v2.1/" class="md-nav__link">
<span class="md-ellipsis">
Web API V2.1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/rene-s/Seafile-PHP-SDK" class="md-nav__link">
<span class="md-ellipsis">
PHP API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/data_model/" class="md-nav__link">
<span class="md-ellipsis">
Data Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
ChangeLog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
ChangeLog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/server-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/changelog-for-seafile-professional-server/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Client
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/drive-client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Drive Client
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#setup" class="md-nav__link">
<span class="md-ellipsis">
Setup
</span>
</a>
<nav class="md-nav" aria-label="Setup">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#installing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Installing Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx
</span>
</a>
<nav class="md-nav" aria-label="Preparing Nginx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#preparing-nginx-on-centos" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx-on-debianubuntu" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on Debian/Ubuntu
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuring-nginx" class="md-nav__link">
<span class="md-ellipsis">
Configuring Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#getting-a-lets-encrypt-certificate" class="md-nav__link">
<span class="md-ellipsis">
Getting a Let's Encrypt certificate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-nginx-configuration-file" class="md-nav__link">
<span class="md-ellipsis">
Modifying Nginx configuration file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#large-file-uploads" class="md-nav__link">
<span class="md-ellipsis">
Large file uploads
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Modifying seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seafileconf-optional" class="md-nav__link">
<span class="md-ellipsis">
Modifying seafile.conf (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#starting-seafile-and-seahub" class="md-nav__link">
<span class="md-ellipsis">
Starting Seafile and Seahub
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#additional-modern-settings-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Additional modern settings for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Additional modern settings for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#activating-ipv6" class="md-nav__link">
<span class="md-ellipsis">
Activating IPv6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activating-http2" class="md-nav__link">
<span class="md-ellipsis">
Activating HTTP2
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-tls-configuration-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Advanced TLS configuration for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Advanced TLS configuration for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enabling-http-strict-transport-security" class="md-nav__link">
<span class="md-ellipsis">
Enabling HTTP Strict Transport Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-perfect-forward-secrecy" class="md-nav__link">
<span class="md-ellipsis">
Using Perfect Forward Secrecy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#restricting-tls-protocols-and-ciphers" class="md-nav__link">
<span class="md-ellipsis">
Restricting TLS protocols and ciphers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="enabling-https-with-nginx">Enabling HTTPS with Nginx<a class="headerlink" href="#enabling-https-with-nginx" title="Permanent link">&para;</a></h1>
<p>After completing the installation of <a href="../installation_ce/">Seafile Server Community Edition</a> and <a href="../installation_pro/">Seafile Server Professional Edition</a>, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.</p>
<p>HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from <a href="https://letsencrypt.org/">Lets Encrypt</a> using Certbot. If you have a SSL certificate from another CA, skip the section "Getting a Let's Encrypt certificate".</p>
<p>A second requirement is a reverse proxy supporting SSL. <a href="http://nginx.org/">Nginx</a>, a popular and resource-friendly web server and reverse proxy, is a good option. Nginx's documentation is available at http://nginx.org/en/docs/.</p>
<p>If you prefer Apache, you find instructions for <a href="../https_with_apache/">enabling HTTPS with Apache here</a>.</p>
<h2 id="setup">Setup<a class="headerlink" href="#setup" title="Permanent link">&para;</a></h2>
<p>The setup of Seafile using Nginx as a reverse proxy with HTTPS is demonstrated using the sample host name <code>seafile.example.com</code>. </p>
<p>This manual assumes the following requirements:</p>
<ul>
<li>Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual</li>
<li>A host name points at the IP address of the server and the server is available on port 80 and 443</li>
</ul>
<p>If your setup differs from thes requirements, adjust the following instructions accordingly.</p>
<p>The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certificate is integrated in the Nginx configuration.</p>
<h3 id="installing-nginx">Installing Nginx<a class="headerlink" href="#installing-nginx" title="Permanent link">&para;</a></h3>
<p>Install Nginx using the package repositories:</p>
<div class="tabbed-set tabbed-alternate" data-tabs="1:2"><input checked="checked" id="__tabbed_1_1" name="__tabbed_1" type="radio" /><input id="__tabbed_1_2" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="__tabbed_1_1">CentOS</label><label for="__tabbed_1_2">Debian</label></div>
<div class="tabbed-content">
<div class="tabbed-block">
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>nginx<span class="w"> </span>-y
</code></pre></div>
</div>
<div class="tabbed-block">
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>apt<span class="w"> </span>install<span class="w"> </span>nginx<span class="w"> </span>-y
</code></pre></div>
</div>
</div>
</div>
<p>After the installation, start the server and enable it so that Nginx starts at system boot:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>nginx
$<span class="w"> </span>sudo<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>nginx
</code></pre></div>
<h3 id="preparing-nginx">Preparing Nginx<a class="headerlink" href="#preparing-nginx" title="Permanent link">&para;</a></h3>
<p>The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification.</p>
<h4 id="preparing-nginx-on-centos">Preparing Nginx on CentOS<a class="headerlink" href="#preparing-nginx-on-centos" title="Permanent link">&para;</a></h4>
<p>Switch SELinux into permissive mode and perpetuate the setting:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>setenforce<span class="w"> </span>permissive
$<span class="w"> </span>sed<span class="w"> </span>-i<span class="w"> </span><span class="s1">&#39;s/^SELINUX=.*/SELINUX=permissive/&#39;</span><span class="w"> </span>/etc/selinux/config
</code></pre></div>
<p>Create a configuration file for seafile in <code>/etc/nginx/conf.d</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>touch<span class="w"> </span>/etc/nginx/conf.d/seafile.conf
</code></pre></div>
<h4 id="preparing-nginx-on-debianubuntu">Preparing Nginx on Debian/Ubuntu<a class="headerlink" href="#preparing-nginx-on-debianubuntu" title="Permanent link">&para;</a></h4>
<p>Create a configuration file for seafile in <code>/etc/nginx/sites-available/</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>touch<span class="w"> </span>/etc/nginx/sites-available/seafile.conf
</code></pre></div>
<p>Delete the default files in <code>/etc/nginx/sites-enabled/</code> and <code>/etc/nginx/sites-available</code>: </p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>rm<span class="w"> </span>/etc/nginx/sites-enabled/default
$<span class="w"> </span>rm<span class="w"> </span>/etc/nginx/sites-available/default
</code></pre></div>
<p>Create a symbolic link: </p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ln<span class="w"> </span>-s<span class="w"> </span>/etc/nginx/sites-available/seafile.conf<span class="w"> </span>/etc/nginx/sites-enabled/seafile.conf
</code></pre></div>
<h3 id="configuring-nginx">Configuring Nginx<a class="headerlink" href="#configuring-nginx" title="Permanent link">&para;</a></h3>
<p>Copy the following sample Nginx config file into the just created <code>seafile.conf</code> and modify the content to fit your needs:</p>
<div class="highlight"><pre><span></span><code><span class="k">log_format</span><span class="w"> </span><span class="s">seafileformat</span><span class="w"> </span><span class="s">&#39;</span><span class="nv">$http_x_forwarded_for</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="w"> </span><span class="s">[</span><span class="nv">$time_local]</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$request&quot;</span><span class="w"> </span><span class="nv">$status</span><span class="w"> </span><span class="nv">$body_bytes_sent</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_referer&quot;</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_user_agent&quot;</span><span class="w"> </span><span class="nv">$upstream_response_time&#39;</span><span class="p">;</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># used for view/edit office file via Office Online Server</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.access.log</span><span class="w"> </span><span class="s">seafileformat</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^/seafhttp(.*)</span>$<span class="w"> </span><span class="nv">$1</span><span class="w"> </span><span class="s">break</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8082</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_connect_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seafhttp.access.log</span><span class="w"> </span><span class="s">seafileformat</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seafhttp.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/media</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">root</span><span class="w"> </span><span class="s">/opt/seafile/seafile-server-latest/seahub</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</code></pre></div>
<p>The following options must be modified in the CONF file:</p>
<ul>
<li>Server name (server_name)</li>
</ul>
<p>Optional customizable options in the seafile.conf are:</p>
<ul>
<li>Server listening port (<code>listen</code>) - if Seafile server should be available on a non-standard port</li>
<li>Proxy pass for location <code>/</code> - if Seahub is configured to start on a different port than 8000</li>
<li>Proxy pass for location <code>/seafhttp</code> - if seaf-server is configured to start on a different port than 8082</li>
<li>Maximum allowed size of the client request body (<code>client_max_body_size</code>)</li>
</ul>
<p>The default value for <code>client_max_body_size</code> is 1M. Uploading larger files will result in an error message HTTP error code 413 ("Request Entity Too Large"). It is recommended to syncronize the value of client_max_body_size with the parameter <code>max_upload_size</code> in section <code>[fileserver]</code> of <a href="../../config/seafile-conf/">seafile.conf</a>. Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.</p>
<p>Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nginx<span class="w"> </span>-t
$<span class="w"> </span>nginx<span class="w"> </span>-s<span class="w"> </span>reload
</code></pre></div>
<h3 id="getting-a-lets-encrypt-certificate">Getting a Let's Encrypt certificate<a class="headerlink" href="#getting-a-lets-encrypt-certificate" title="Permanent link">&para;</a></h3>
<p>Getting a Let's Encrypt certificate is straightforward thanks to <a href="https://certbot.eff.org/">Certbot</a>. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.</p>
<p>First, go to the <a href="https://certbot.eff.org/">Certbot</a> website and choose your webserver and OS.
<img alt="grafik" src="../../images/certbot.png" /></p>
<p>Second, follow the detailed instructions then shown.</p>
<p><img alt="grafik" src="../../images/certbot-step2.png" /></p>
<p>We recommend that you get just a certificate and that you modify the Nginx configuration yourself:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>certbot<span class="w"> </span>certonly<span class="w"> </span>--nginx
</code></pre></div>
<p>Follow the instructions on the screen.</p>
<p>Upon successful verification, Certbot saves the certificate files in a directory named after the host name in <code>/etc/letsencrypt/live</code>. For the host name seafile.example.com, the files are stored in <code>/etc/letsencrypt/live/seafile.example.com</code>. </p>
<h3 id="modifying-nginx-configuration-file">Modifying Nginx configuration file<a class="headerlink" href="#modifying-nginx-configuration-file" title="Permanent link">&para;</a></h3>
<p>Add an server block for port 443 and a http-to-https redirect to the <code>seafile.conf</code> configuration file in <code>/etc/nginx</code>. </p>
<p>This is a (shortened) sample configuration for the host name seafile.example.com:</p>
<div class="highlight"><pre><span></span><code><span class="k">log_format</span><span class="w"> </span><span class="s">seafileformat</span><span class="w"> </span><span class="s">&#39;</span><span class="nv">$http_x_forwarded_for</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="w"> </span><span class="s">[</span><span class="nv">$time_local]</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$request&quot;</span><span class="w"> </span><span class="nv">$status</span><span class="w"> </span><span class="nv">$body_bytes_sent</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_referer&quot;</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_user_agent&quot;</span><span class="w"> </span><span class="nv">$upstream_response_time&#39;</span><span class="p">;</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^</span><span class="w"> </span><span class="s">https://</span><span class="nv">$http_host$request_uri?</span><span class="w"> </span><span class="s">permanent</span><span class="p">;</span><span class="w"> </span><span class="c1"># Forced redirect from HTTP to HTTPS</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span><span class="w"> </span><span class="c1"># Prevents the Nginx version from being displayed in the HTTP response header</span>
<span class="p">}</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/letsencrypt/live/seafile.example.com/fullchain.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your fullchain.pem</span>
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/letsencrypt/live/seafile.example.com/privkey.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your privkey.pem</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="s">https</span><span class="p">;</span>
<span class="kn">...</span><span class="w"> </span><span class="c1"># No changes beyond this point compared to the Nginx configuration without HTTPS</span>
</code></pre></div>
<p>Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:</p>
<div class="highlight"><pre><span></span><code>nginx -t
nginx -s reload
</code></pre></div>
<h3 id="large-file-uploads">Large file uploads<a class="headerlink" href="#large-file-uploads" title="Permanent link">&para;</a></h3>
<p>Tip for uploading very large files (&gt; 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version &gt;= 1.8.0 and add the following options to Nginx config file:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="k">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">...</span><span class="w"> </span><span class="s">...</span>
<span class="w"> </span><span class="s">proxy_request_buffering</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<p>If you have WebDAV enabled it is recommended to add the same:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="k">location</span><span class="w"> </span><span class="s">/seafdav</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">...</span><span class="w"> </span><span class="s">...</span>
<span class="w"> </span><span class="s">proxy_request_buffering</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<h3 id="modifying-seahub_settingspy">Modifying seahub_settings.py<a class="headerlink" href="#modifying-seahub_settingspy" title="Permanent link">&para;</a></h3>
<p>The <code>SERVICE_URL</code> in <a href="../../config/seahub_settings_py/">seahub_settings.py</a> informs Seafile about the chosen domain, protocol and port. Change the <code>SERVICE_URL</code>so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the <code>http://</code> must not be removed):</p>
<div class="highlight"><pre><span></span><code><span class="n">SERVICE_URL</span> <span class="o">=</span> <span class="s1">&#39;https://seafile.example.com&#39;</span>
</code></pre></div>
<p>The <code>FILE_SERVER_ROOT</code> in <a href="../../config/seahub_settings_py/">seahub_settings.py</a> informs Seafile about the location of and the protocol used by the file server. Change the <code>FILE_SERVER_ROOT</code> so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing <code>/seafhttp</code> must not be removed):</p>
<div class="highlight"><pre><span></span><code><span class="n">FILE_SERVER_ROOT</span> <span class="o">=</span> <span class="s1">&#39;https://seafile.example.com/seafhttp&#39;</span>
</code></pre></div>
<p>Note: The <code>SERVICE_URL</code> and <code>FILE_SERVER_ROOT</code> can also be modified in Seahub via System Admininstration &gt; Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.</p>
<h3 id="modifying-seafileconf-optional">Modifying seafile.conf (optional)<a class="headerlink" href="#modifying-seafileconf-optional" title="Permanent link">&para;</a></h3>
<p>To improve security, the file server should only be accessible via Nginx.</p>
<p>Add the following line in the <code>[fileserver]</code> block on <code>seafile.conf</code> in <code>/opt/seafile/conf</code>:</p>
<div class="highlight"><pre><span></span><code><span class="na">host</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1</span><span class="w"> </span><span class="c1">## default port 0.0.0.0</span>
</code></pre></div>
<p>After his change, the file server only accepts requests from Nginx.</p>
<h3 id="starting-seafile-and-seahub">Starting Seafile and Seahub<a class="headerlink" href="#starting-seafile-and-seahub" title="Permanent link">&para;</a></h3>
<p>Restart the seaf-server and Seahub for the config changes to take effect:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>su<span class="w"> </span>seafile
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>/opt/seafile/seafile-server-latest
$<span class="w"> </span>./seafile.sh<span class="w"> </span>restart
$<span class="w"> </span>./seahub.sh<span class="w"> </span>restart<span class="w"> </span><span class="c1"># or &quot;./seahub.sh start-fastcgi&quot; if you&#39;re using fastcgi</span>
</code></pre></div>
<h2 id="additional-modern-settings-for-nginx-optional">Additional modern settings for Nginx (optional)<a class="headerlink" href="#additional-modern-settings-for-nginx-optional" title="Permanent link">&para;</a></h2>
<h3 id="activating-ipv6">Activating IPv6<a class="headerlink" href="#activating-ipv6" title="Permanent link">&para;</a></h3>
<p>Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.</p>
<div class="highlight"><pre><span></span><code><span class="k">listen</span><span class="w"> </span><span class="mi">443</span><span class="p">;</span>
<span class="k">listen</span><span class="w"> </span><span class="s">[::]:443</span><span class="p">;</span>
</code></pre></div>
<h3 id="activating-http2">Activating HTTP2<a class="headerlink" href="#activating-http2" title="Permanent link">&para;</a></h3>
<p>Activate HTTP2 for more performance. Only available for SSL and nginx version&gt;=1.9.5. Simply add <code>http2</code>.
<div class="highlight"><pre><span></span><code><span class="k">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
<span class="k">listen</span><span class="w"> </span><span class="s">[::]:443</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
</code></pre></div></p>
<h2 id="advanced-tls-configuration-for-nginx-optional">Advanced TLS configuration for Nginx (optional)<a class="headerlink" href="#advanced-tls-configuration-for-nginx-optional" title="Permanent link">&para;</a></h2>
<p>The TLS configuration in the sample Nginx configuration file above receives a B overall rating on <a href="https://www.ssllabs.com/ssltest/">SSL Labs</a>. By modifying the TLS configuration in <code>seafile.conf</code>, this rating can be significantly improved. </p>
<p>The following sample Nginx configuration file for the host name seafile.example.com contains additional security-related directives. (Note that this sample file uses a generic path for the SSL certificate files.) Some of the directives require further steps as explained below.</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^</span><span class="w"> </span><span class="s">https://</span><span class="nv">$http_host$request_uri?</span><span class="w"> </span><span class="s">permanent</span><span class="p">;</span><span class="w"> </span><span class="c1"># Forced redirect from HTTP to HTTPS</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/ssl/cacert.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your cacert.pem</span>
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/ssl/privkey.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your privkey.pem</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># HSTS for protection against man-in-the-middle-attacks</span>
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">Strict-Transport-Security</span><span class="w"> </span><span class="s">&quot;max-age=31536000</span><span class="p">;</span><span class="w"> </span><span class="kn">includeSubDomains&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># DH parameters for Diffie-Hellman key exchange</span>
<span class="w"> </span><span class="kn">ssl_dhparam</span><span class="w"> </span><span class="s">/etc/nginx/dhparam.pem</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># Supported protocols and ciphers for general purpose server with good security and compatability with most clients</span>
<span class="w"> </span><span class="kn">ssl_protocols</span><span class="w"> </span><span class="s">TLSv1.2</span><span class="w"> </span><span class="s">TLSv1.3</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_ciphers</span><span class="w"> </span><span class="s">ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># Supported protocols and ciphers for server when clients &gt; 5years (i.e., Windows Explorer) must be supported</span>
<span class="w"> </span><span class="c1">#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;</span>
<span class="w"> </span><span class="c1">#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;</span>
<span class="w"> </span><span class="c1">#ssl_prefer_server_ciphers on;</span>
<span class="w"> </span><span class="kn">ssl_session_timeout</span><span class="w"> </span><span class="mi">5m</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_session_cache</span><span class="w"> </span><span class="s">shared:SSL:5m</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="s">https</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.access.log</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^/seafhttp(.*)</span>$<span class="w"> </span><span class="nv">$1</span><span class="w"> </span><span class="s">break</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8082</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_connect_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/media</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">root</span><span class="w"> </span><span class="s">/home/user/haiwen/seafile-server-latest/seahub</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<h3 id="enabling-http-strict-transport-security">Enabling HTTP Strict Transport Security<a class="headerlink" href="#enabling-http-strict-transport-security" title="Permanent link">&para;</a></h3>
<p>Enable HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle-attacks by adding this directive:</p>
<div class="highlight"><pre><span></span><code><span class="k">add_header</span><span class="w"> </span><span class="s">Strict-Transport-Security</span><span class="w"> </span><span class="s">&quot;max-age=31536000</span><span class="p">;</span><span class="w"> </span><span class="k">includeSubDomains&quot;</span><span class="w"> </span><span class="s">always</span><span class="p">;</span>
</code></pre></div>
<p>HSTS instructs web browsers to automatically use HTTPS. That means, after the first visit of the HTTPS version of Seahub, the browser will only use https to access the site.</p>
<h3 id="using-perfect-forward-secrecy">Using Perfect Forward Secrecy<a class="headerlink" href="#using-perfect-forward-secrecy" title="Permanent link">&para;</a></h3>
<p>Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openssl<span class="w"> </span>dhparam<span class="w"> </span><span class="m">2048</span><span class="w"> </span>&gt;<span class="w"> </span>/etc/nginx/dhparam.pem<span class="w"> </span><span class="c1"># Generates DH parameter of length 2048 bits</span>
</code></pre></div>
<p>The generation of the the DH parameters may take some time depending on the server's processing power.</p>
<p>Add the following directive in the HTTPS server block:</p>
<div class="highlight"><pre><span></span><code><span class="k">ssl_dhparam</span><span class="w"> </span><span class="s">/etc/nginx/dhparam.pem</span><span class="p">;</span>
</code></pre></div>
<h3 id="restricting-tls-protocols-and-ciphers">Restricting TLS protocols and ciphers<a class="headerlink" href="#restricting-tls-protocols-and-ciphers" title="Permanent link">&para;</a></h3>
<p>Disallow the use of old TLS protocols and cipher. Mozilla provides a configuration generator for optimizing the conflicting objectives of security and compabitility. Visit https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx for more Information.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer" >
<a href="../installation_ce/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Installation">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</div>
<div class="md-footer__title">
<span class="md-footer__direction">
Previous
</span>
<div class="md-ellipsis">
Installation
</div>
</div>
</a>
<a href="../https_with_apache/" class="md-footer__link md-footer__link--next" aria-label="Next: HTTPS with Apache">
<div class="md-footer__title">
<span class="md-footer__direction">
Next
</span>
<div class="md-ellipsis">
HTTPS with Apache
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2024 Seafile Ltd.
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/haiwen/seafile-admin-docs/" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.footer", "navigation.tracking", "navigation.sections", "navigation.tabs", "navigation.top", "search.suggest", "search.highlight", "search.share"], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../assets/javascripts/bundle.83f73b43.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink