15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-26 02:32:50 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
seafile-admin-docs/11.0/deploy/https_with_nginx/index.html

4531 lines
108 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="seafile">
<link rel="canonical" href="https://haiwen.github.io/seafile-admin-docs/11.0/deploy/https_with_nginx/">
<link rel="prev" href="../using_mysql/">
<link rel="next" href="../https_with_apache/">
<link rel="icon" href="../../media/favicon.ico">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.22">
<title>HTTPS with Nginx - Seafile Admin Manual</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.84d31ad4.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#enabling-https-with-nginx" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Seafile Admin Manual" class="md-header__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Seafile Admin Manual
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Seafile Admin Manual" class="md-nav__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
Seafile Admin Manual
</label>
<div class="md-nav__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1" id="__nav_1_label" tabindex="0">
<span class="md-ellipsis">
Overview
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Overview
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/components/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Components
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../overview/file_permission_management/" class="md-nav__link">
<span class="md-ellipsis">
File permission management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../roadmap/" class="md-nav__link">
<span class="md-ellipsis">
Roadmap
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contribution/" class="md-nav__link">
<span class="md-ellipsis">
Contribution
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/" class="md-nav__link">
<span class="md-ellipsis">
Changelog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Seafile Community Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Seafile Community Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Installation with MySQL
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#setup" class="md-nav__link">
<span class="md-ellipsis">
Setup
</span>
</a>
<nav class="md-nav" aria-label="Setup">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#installing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Installing Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx
</span>
</a>
<nav class="md-nav" aria-label="Preparing Nginx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#preparing-nginx-on-centos" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx-on-debianubuntu" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on Debian/Ubuntu
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuring-nginx" class="md-nav__link">
<span class="md-ellipsis">
Configuring Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#getting-a-lets-encrypt-certificate" class="md-nav__link">
<span class="md-ellipsis">
Getting a Let's Encrypt certificate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-nginx-configuration-file" class="md-nav__link">
<span class="md-ellipsis">
Modifying Nginx configuration file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#large-file-uploads" class="md-nav__link">
<span class="md-ellipsis">
Large file uploads
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Modifying seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seafileconf-optional" class="md-nav__link">
<span class="md-ellipsis">
Modifying seafile.conf (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#starting-seafile-and-seahub" class="md-nav__link">
<span class="md-ellipsis">
Starting Seafile and Seahub
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#additional-modern-settings-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Additional modern settings for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Additional modern settings for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#activating-ipv6" class="md-nav__link">
<span class="md-ellipsis">
Activating IPv6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activating-http2" class="md-nav__link">
<span class="md-ellipsis">
Activating HTTP2
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-tls-configuration-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Advanced TLS configuration for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Advanced TLS configuration for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enabling-http-strict-transport-security" class="md-nav__link">
<span class="md-ellipsis">
Enabling HTTP Strict Transport Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-perfect-forward-secrecy" class="md-nav__link">
<span class="md-ellipsis">
Using Perfect Forward Secrecy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#restricting-tls-protocols-and-ciphers" class="md-nav__link">
<span class="md-ellipsis">
Restricting TLS protocols and ciphers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../https_with_apache/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Apache
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Seafile Professional Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Seafile Professional Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/download_and_setup_seafile_professional_server/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/migrate_from_seafile_community_server/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Storage Backends
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Storage Backends
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_amazon_s3/" class="md-nav__link">
<span class="md-ellipsis">
Amazon S3 Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_ceph/" class="md-nav__link">
<span class="md-ellipsis">
Ceph Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_swift/" class="md-nav__link">
<span class="md-ellipsis">
OpenStack Swift Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_with_oss/" class="md-nav__link">
<span class="md-ellipsis">
Alibaba OSS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/multiple_storage_backends/" class="md-nav__link">
<span class="md-ellipsis">
Multiple Storage Backends
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/migrate/" class="md-nav__link">
<span class="md-ellipsis">
Data migration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Cluster Deployment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Cluster Deployment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/deploy_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Deploy in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/enable_search_and_background_tasks_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Search and background tasks in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/memcached_mariadb_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Memcache and MariaDB Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/setup_seafile_cluster_with_nfs/" class="md-nav__link">
<span class="md-ellipsis">
Setup Seafile cluster with NFS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/seafile_professional_sdition_software_license_agreement/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Seafile Setup with Docker
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Seafile Setup with Docker
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../docker/deploy_seafile_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/deploy_seafile_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/cluster/deploy_seafile_cluster_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker Cluster Deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_with_k8s/" class="md-nav__link">
<span class="md-ellipsis">
Setup with Kubernetes (K8s)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/migrate_ce_to_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/non_docker_to_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migrate from non-docker deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/seafile_docker_autostart/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker autostart
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Advanced Setup Options
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Advanced Setup Options
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
LDAP/AD Integration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
LDAP/AD Integration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../using_ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/using_ldap_pro/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_group_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_role_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Roles from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0 (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Single Sign On
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Single Sign On
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../single_sign_on/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../oauth/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../remote_user/" class="md-nav__link">
<span class="md-ellipsis">
Remote User Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../shibboleth_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../auto_login_seadrive/" class="md-nav__link">
<span class="md-ellipsis">
Auto Login to SeaDrive on Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/saml2_in_10.0/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 in version 10.0+ (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/adfs/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 (old) (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/cas/" class="md-nav__link">
<span class="md-ellipsis">
CAS Authentication (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../auth_switch/" class="md-nav__link">
<span class="md-ellipsis">
Switch authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0">
<span class="md-ellipsis">
Online Office
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Online Office
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../libreoffice_online/" class="md-nav__link">
<span class="md-ellipsis">
LibreOffice Online Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../only_office/" class="md-nav__link">
<span class="md-ellipsis">
OnlyOffice Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/office_web_app/" class="md-nav__link">
<span class="md-ellipsis">
Office Online Server Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../extra_setup/setup_seadoc/" class="md-nav__link">
<span class="md-ellipsis">
SeaDoc Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../notification-server/" class="md-nav__link">
<span class="md-ellipsis">
Notification Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/webdav/" class="md-nav__link">
<span class="md-ellipsis">
WebDAV extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/fuse/" class="md-nav__link">
<span class="md-ellipsis">
FUSE extension
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_8" >
<label class="md-nav__link" for="__nav_5_8" id="__nav_5_8_label" tabindex="0">
<span class="md-ellipsis">
Virus Scan (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_8">
<span class="md-nav__icon md-icon"></span>
Virus Scan (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/virus_scan/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/deploy_clamav_with_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Deploy ClamAV with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/virus_scan_with_kav4fs/" class="md-nav__link">
<span class="md-ellipsis">
Virus Scan With Kav4fs
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_9" >
<label class="md-nav__link" for="__nav_5_9" id="__nav_5_9_label" tabindex="0">
<span class="md-ellipsis">
Advanced User Management (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_9">
<span class="md-nav__icon md-icon"></span>
Advanced User Management (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy_pro/multi_institutions/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Institutions Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/admin_roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Administrator Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/multi_tenancy/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Tenancy Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/details_about_file_search/" class="md-nav__link">
<span class="md-ellipsis">
Advanced File Search configuration (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate_from_sqlite_to_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Migrate From SQLite to MySQL
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_12" >
<label class="md-nav__link" for="__nav_5_12" id="__nav_5_12_label" tabindex="0">
<span class="md-ellipsis">
Others Deployment Notes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_12">
<span class="md-nav__icon md-icon"></span>
Others Deployment Notes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../start_seafile_at_system_bootup/" class="md-nav__link">
<span class="md-ellipsis">
Start Seafile at System Bootup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_logrotate/" class="md-nav__link">
<span class="md-ellipsis">
Logrotate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ocm/" class="md-nav__link">
<span class="md-ellipsis">
Open Cloud Mesh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_seafile_behind_nat/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seafile behind NAT
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_seahub_at_non-root_domain/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seahub at Non-root domain or on custom port
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Config fail2ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/real_time_backup/" class="md-nav__link">
<span class="md-ellipsis">
Real-time Backup Server
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Configuration and Customization
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Configuration and Customization
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ccnet-conf/" class="md-nav__link">
<span class="md-ellipsis">
ccnet.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafile-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafile.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_settings_py/" class="md-nav__link">
<span class="md-ellipsis">
seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafevents-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafevents.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_customization/" class="md-nav__link">
<span class="md-ellipsis">
Seahub customization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/sending_email/" class="md-nav__link">
<span class="md-ellipsis">
Email Sending
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Administration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Administration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../maintain/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/account/" class="md-nav__link">
<span class="md-ellipsis">
Account management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/two_factor_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Two-factor Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/security_features/" class="md-nav__link">
<span class="md-ellipsis">
Security features
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/auditing/" class="md-nav__link">
<span class="md-ellipsis">
Access logs and auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/export_report/" class="md-nav__link">
<span class="md-ellipsis">
Export report
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/logs/" class="md-nav__link">
<span class="md-ellipsis">
Logs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/backup_recovery/" class="md-nav__link">
<span class="md-ellipsis">
Backup and Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_fsck/" class="md-nav__link">
<span class="md-ellipsis">
Seafile FSCK
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_gc/" class="md-nav__link">
<span class="md-ellipsis">
Seafile GC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/clean_database/" class="md-nav__link">
<span class="md-ellipsis">
Clean database
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy_pro/seaf_import/" class="md-nav__link">
<span class="md-ellipsis">
Import Directory To Seafile (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Upgrade Seafile Server
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Upgrade Seafile Server
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../upgrade/upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster (Docker)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.1.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.1.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_8.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 8.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_9.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 9.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_10.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 10.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_11.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 11.0.x
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
Developing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Developing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9_2" >
<label class="md-nav__link" for="__nav_9_2" id="__nav_9_2_label" tabindex="0">
<span class="md-ellipsis">
How to Build Seafile
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_9_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9_2">
<span class="md-nav__icon md-icon"></span>
How to Build Seafile
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/linux/" class="md-nav__link">
<span class="md-ellipsis">
Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/osx/" class="md-nav__link">
<span class="md-ellipsis">
macOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/windows/" class="md-nav__link">
<span class="md-ellipsis">
Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/server/" class="md-nav__link">
<span class="md-ellipsis">
Server development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/rpi/" class="md-nav__link">
<span class="md-ellipsis">
Server binary package
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../develop/translation/" class="md-nav__link">
<span class="md-ellipsis">
Translation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/web_api_v2.1/" class="md-nav__link">
<span class="md-ellipsis">
Web API V2.1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/rene-s/Seafile-PHP-SDK" class="md-nav__link">
<span class="md-ellipsis">
PHP API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/data_model/" class="md-nav__link">
<span class="md-ellipsis">
Data Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
ChangeLog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
ChangeLog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/server-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/changelog-for-seafile-professional-server/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Client
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/drive-client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Drive Client
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#setup" class="md-nav__link">
<span class="md-ellipsis">
Setup
</span>
</a>
<nav class="md-nav" aria-label="Setup">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#installing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Installing Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx
</span>
</a>
<nav class="md-nav" aria-label="Preparing Nginx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#preparing-nginx-on-centos" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on CentOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#preparing-nginx-on-debianubuntu" class="md-nav__link">
<span class="md-ellipsis">
Preparing Nginx on Debian/Ubuntu
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#configuring-nginx" class="md-nav__link">
<span class="md-ellipsis">
Configuring Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#getting-a-lets-encrypt-certificate" class="md-nav__link">
<span class="md-ellipsis">
Getting a Let's Encrypt certificate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-nginx-configuration-file" class="md-nav__link">
<span class="md-ellipsis">
Modifying Nginx configuration file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#large-file-uploads" class="md-nav__link">
<span class="md-ellipsis">
Large file uploads
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seahub_settingspy" class="md-nav__link">
<span class="md-ellipsis">
Modifying seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#modifying-seafileconf-optional" class="md-nav__link">
<span class="md-ellipsis">
Modifying seafile.conf (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#starting-seafile-and-seahub" class="md-nav__link">
<span class="md-ellipsis">
Starting Seafile and Seahub
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#additional-modern-settings-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Additional modern settings for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Additional modern settings for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#activating-ipv6" class="md-nav__link">
<span class="md-ellipsis">
Activating IPv6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#activating-http2" class="md-nav__link">
<span class="md-ellipsis">
Activating HTTP2
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-tls-configuration-for-nginx-optional" class="md-nav__link">
<span class="md-ellipsis">
Advanced TLS configuration for Nginx (optional)
</span>
</a>
<nav class="md-nav" aria-label="Advanced TLS configuration for Nginx (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enabling-http-strict-transport-security" class="md-nav__link">
<span class="md-ellipsis">
Enabling HTTP Strict Transport Security
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-perfect-forward-secrecy" class="md-nav__link">
<span class="md-ellipsis">
Using Perfect Forward Secrecy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#restricting-tls-protocols-and-ciphers" class="md-nav__link">
<span class="md-ellipsis">
Restricting TLS protocols and ciphers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="enabling-https-with-nginx">Enabling HTTPS with Nginx<a class="headerlink" href="#enabling-https-with-nginx" title="Permanent link">&para;</a></h1>
<p>After completing the installation of <a href="../using_mysql/">Seafile Server Community Edition</a> and <a href="https://manual.seafile.com/deploy_pro/download_and_setup_seafile_professional_server/">Seafile Server Professional Edition</a>, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.</p>
<p>HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from <a href="https://letsencrypt.org/">Lets Encrypt</a> using Certbot. If you have a SSL certificate from another CA, skip the section "Getting a Let's Encrypt certificate".</p>
<p>A second requirement is a reverse proxy supporting SSL. <a href="http://nginx.org/">Nginx</a>, a popular and resource-friendly web server and reverse proxy, is a good option. Nginx's documentation is available at http://nginx.org/en/docs/.</p>
<p>If you prefer Apache, you find instructions for <a href="../https_with_apache/">enabling HTTPS with Apache here</a>.</p>
<h2 id="setup">Setup<a class="headerlink" href="#setup" title="Permanent link">&para;</a></h2>
<p>The setup of Seafile using Nginx as a reverse proxy with HTTPS is demonstrated using the sample host name <code>seafile.example.com</code>. </p>
<p>This manual assumes the following requirements:</p>
<ul>
<li>Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual</li>
<li>A host name points at the IP address of the server and the server is available on port 80 and 443</li>
</ul>
<p>If your setup differs from thes requirements, adjust the following instructions accordingly.</p>
<p>The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certificate is integrated in the Nginx configuration.</p>
<h3 id="installing-nginx">Installing Nginx<a class="headerlink" href="#installing-nginx" title="Permanent link">&para;</a></h3>
<p>Install Nginx using the package repositories:</p>
<div class="codehilite"><pre><span></span><code><span class="c1"># CentOS</span>
$<span class="w"> </span>sudo<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>nginx<span class="w"> </span>-y
<span class="c1"># Debian/Ubuntu</span>
$<span class="w"> </span>sudo<span class="w"> </span>apt<span class="w"> </span>install<span class="w"> </span>nginx<span class="w"> </span>-y
</code></pre></div>
<p>After the installation, start the server and enable it so that Nginx starts at system boot:</p>
<div class="codehilite"><pre><span></span><code><span class="c1"># CentOS/Debian/Ubuntu</span>
$<span class="w"> </span>sudo<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>nginx
$<span class="w"> </span>sudo<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>nginx
</code></pre></div>
<h3 id="preparing-nginx">Preparing Nginx<a class="headerlink" href="#preparing-nginx" title="Permanent link">&para;</a></h3>
<p>The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification.</p>
<h4 id="preparing-nginx-on-centos">Preparing Nginx on CentOS<a class="headerlink" href="#preparing-nginx-on-centos" title="Permanent link">&para;</a></h4>
<p>Switch SELinux into permissive mode and perpetuate the setting:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>setenforce<span class="w"> </span>permissive
$<span class="w"> </span>sed<span class="w"> </span>-i<span class="w"> </span><span class="s1">&#39;s/^SELINUX=.*/SELINUX=permissive/&#39;</span><span class="w"> </span>/etc/selinux/config
</code></pre></div>
<p>Create a configuration file for seafile in <code>/etc/nginx/conf.d</code>:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>touch<span class="w"> </span>/etc/nginx/conf.d/seafile.conf
</code></pre></div>
<h4 id="preparing-nginx-on-debianubuntu">Preparing Nginx on Debian/Ubuntu<a class="headerlink" href="#preparing-nginx-on-debianubuntu" title="Permanent link">&para;</a></h4>
<p>Create a configuration file for seafile in <code>/etc/nginx/sites-available/</code>:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>touch<span class="w"> </span>/etc/nginx/sites-available/seafile.conf
</code></pre></div>
<p>Delete the default files in <code>/etc/nginx/sites-enabled/</code> and <code>/etc/nginx/sites-available</code>: </p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>rm<span class="w"> </span>/etc/nginx/sites-enabled/default
$<span class="w"> </span>rm<span class="w"> </span>/etc/nginx/sites-available/default
</code></pre></div>
<p>Create a symbolic link: </p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>ln<span class="w"> </span>-s<span class="w"> </span>/etc/nginx/sites-available/seafile.conf<span class="w"> </span>/etc/nginx/sites-enabled/seafile.conf
</code></pre></div>
<h3 id="configuring-nginx">Configuring Nginx<a class="headerlink" href="#configuring-nginx" title="Permanent link">&para;</a></h3>
<p>Copy the following sample Nginx config file into the just created <code>seafile.conf</code> and modify the content to fit your needs:</p>
<div class="codehilite"><pre><span></span><code><span class="k">log_format</span><span class="w"> </span><span class="s">seafileformat</span><span class="w"> </span><span class="s">&#39;</span><span class="nv">$http_x_forwarded_for</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="w"> </span><span class="s">[</span><span class="nv">$time_local]</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$request&quot;</span><span class="w"> </span><span class="nv">$status</span><span class="w"> </span><span class="nv">$body_bytes_sent</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_referer&quot;</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_user_agent&quot;</span><span class="w"> </span><span class="nv">$upstream_response_time&#39;</span><span class="p">;</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># used for view/edit office file via Office Online Server</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.access.log</span><span class="w"> </span><span class="s">seafileformat</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^/seafhttp(.*)</span>$<span class="w"> </span><span class="nv">$1</span><span class="w"> </span><span class="s">break</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8082</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_connect_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seafhttp.access.log</span><span class="w"> </span><span class="s">seafileformat</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seafhttp.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/media</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">root</span><span class="w"> </span><span class="s">/opt/seafile/seafile-server-latest/seahub</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</code></pre></div>
<p>The following options must be modified in the CONF file:</p>
<ul>
<li>Server name (server_name)</li>
</ul>
<p>Optional customizable options in the seafile.conf are:</p>
<ul>
<li>Server listening port (<code>listen</code>) - if Seafile server should be available on a non-standard port</li>
<li>Proxy pass for location <code>/</code> - if Seahub is configured to start on a different port than 8000</li>
<li>Proxy pass for location <code>/seafhttp</code> - if seaf-server is configured to start on a different port than 8082</li>
<li>Maximum allowed size of the client request body (<code>client_max_body_size</code>)</li>
</ul>
<p>The default value for <code>client_max_body_size</code> is 1M. Uploading larger files will result in an error message HTTP error code 413 ("Request Entity Too Large"). It is recommended to syncronize the value of client_max_body_size with the parameter <code>max_upload_size</code> in section <code>[fileserver]</code> of <a href="../../config/seafile-conf/">seafile.conf</a>. Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.</p>
<p>Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>nginx<span class="w"> </span>-t
$<span class="w"> </span>nginx<span class="w"> </span>-s<span class="w"> </span>reload
</code></pre></div>
<h3 id="getting-a-lets-encrypt-certificate">Getting a Let's Encrypt certificate<a class="headerlink" href="#getting-a-lets-encrypt-certificate" title="Permanent link">&para;</a></h3>
<p>Getting a Let's Encrypt certificate is straightforward thanks to <a href="https://certbot.eff.org/">Certbot</a>. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.</p>
<p>First, go to the <a href="https://certbot.eff.org/">Certbot</a> website and choose your webserver and OS.
<img alt="grafik" src="../../images/certbot.png" /></p>
<p>Second, follow the detailed instructions then shown.</p>
<p><img alt="grafik" src="../../images/certbot-step2.png" /></p>
<p>We recommend that you get just a certificate and that you modify the Nginx configuration yourself:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>certbot<span class="w"> </span>certonly<span class="w"> </span>--nginx
</code></pre></div>
<p>Follow the instructions on the screen.</p>
<p>Upon successful verification, Certbot saves the certificate files in a directory named after the host name in <code>/etc/letsencrypt/live</code>. For the host name seafile.example.com, the files are stored in <code>/etc/letsencrypt/live/seafile.example.com</code>. </p>
<h3 id="modifying-nginx-configuration-file">Modifying Nginx configuration file<a class="headerlink" href="#modifying-nginx-configuration-file" title="Permanent link">&para;</a></h3>
<p>Add an server block for port 443 and a http-to-https redirect to the <code>seafile.conf</code> configuration file in <code>/etc/nginx</code>. </p>
<p>This is a (shortened) sample configuration for the host name seafile.example.com:</p>
<div class="codehilite"><pre><span></span><code><span class="k">log_format</span><span class="w"> </span><span class="s">seafileformat</span><span class="w"> </span><span class="s">&#39;</span><span class="nv">$http_x_forwarded_for</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="w"> </span><span class="s">[</span><span class="nv">$time_local]</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$request&quot;</span><span class="w"> </span><span class="nv">$status</span><span class="w"> </span><span class="nv">$body_bytes_sent</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_referer&quot;</span><span class="w"> </span><span class="s">&quot;</span><span class="nv">$http_user_agent&quot;</span><span class="w"> </span><span class="nv">$upstream_response_time&#39;</span><span class="p">;</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^</span><span class="w"> </span><span class="s">https://</span><span class="nv">$http_host$request_uri?</span><span class="w"> </span><span class="s">permanent</span><span class="p">;</span><span class="w"> </span><span class="c1"># Forced redirect from HTTP to HTTPS</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span><span class="w"> </span><span class="c1"># Prevents the Nginx version from being displayed in the HTTP response header</span>
<span class="p">}</span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/letsencrypt/live/seafile.example.com/fullchain.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your fullchain.pem</span>
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/letsencrypt/live/seafile.example.com/privkey.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your privkey.pem</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="s">https</span><span class="p">;</span>
<span class="kn">...</span><span class="w"> </span><span class="c1"># No changes beyond this point compared to the Nginx configuration without HTTPS</span>
</code></pre></div>
<p>Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:</p>
<div class="codehilite"><pre><span></span><code><span class="n">nginx</span><span class="w"> </span><span class="o">-</span><span class="n">t</span>
<span class="n">nginx</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="n">reload</span>
</code></pre></div>
<h3 id="large-file-uploads">Large file uploads<a class="headerlink" href="#large-file-uploads" title="Permanent link">&para;</a></h3>
<p>Tip for uploading very large files (&gt; 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version &gt;= 1.8.0 and add the following options to Nginx config file:</p>
<div class="codehilite"><pre><span></span><code><span class="w"> </span><span class="k">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">...</span><span class="w"> </span><span class="s">...</span>
<span class="w"> </span><span class="s">proxy_request_buffering</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<p>If you have WebDAV enabled it is recommended to add the same:</p>
<div class="codehilite"><pre><span></span><code><span class="w"> </span><span class="k">location</span><span class="w"> </span><span class="s">/seafdav</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">...</span><span class="w"> </span><span class="s">...</span>
<span class="w"> </span><span class="s">proxy_request_buffering</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<h3 id="modifying-seahub_settingspy">Modifying seahub_settings.py<a class="headerlink" href="#modifying-seahub_settingspy" title="Permanent link">&para;</a></h3>
<p>The <code>SERVICE_URL</code> in <a href="../../config/seahub_settings_py/">seahub_settings.py</a> informs Seafile about the chosen domain, protocol and port. Change the <code>SERVICE_URL</code>so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the <code>http://</code> must not be removed):</p>
<div class="codehilite"><pre><span></span><code><span class="n">SERVICE_URL</span> <span class="o">=</span> <span class="s1">&#39;https://seafile.example.com&#39;</span>
</code></pre></div>
<p>The <code>FILE_SERVER_ROOT</code> in <a href="../../config/seahub_settings_py/">seahub_settings.py</a> informs Seafile about the location of and the protocol used by the file server. Change the <code>FILE_SERVER_ROOT</code> so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing <code>/seafhttp</code> must not be removed):</p>
<div class="codehilite"><pre><span></span><code><span class="n">FILE_SERVER_ROOT</span> <span class="o">=</span> <span class="s1">&#39;https://seafile.example.com/seafhttp&#39;</span>
</code></pre></div>
<p>Note: The <code>SERVICE_URL</code> and <code>FILE_SERVER_ROOT</code> can also be modified in Seahub via System Admininstration &gt; Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.</p>
<h3 id="modifying-seafileconf-optional">Modifying seafile.conf (optional)<a class="headerlink" href="#modifying-seafileconf-optional" title="Permanent link">&para;</a></h3>
<p>To improve security, the file server should only be accessible via Nginx.</p>
<p>Add the following line in the <code>[fileserver]</code> block on <code>seafile.conf</code> in <code>/opt/seafile/conf</code>:</p>
<div class="codehilite"><pre><span></span><code><span class="na">host</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1</span><span class="w"> </span><span class="c1">## default port 0.0.0.0</span>
</code></pre></div>
<p>After his change, the file server only accepts requests from Nginx.</p>
<h3 id="starting-seafile-and-seahub">Starting Seafile and Seahub<a class="headerlink" href="#starting-seafile-and-seahub" title="Permanent link">&para;</a></h3>
<p>Restart the seaf-server and Seahub for the config changes to take effect:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>su<span class="w"> </span>seafile
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>/opt/seafile/seafile-server-latest
$<span class="w"> </span>./seafile.sh<span class="w"> </span>restart
$<span class="w"> </span>./seahub.sh<span class="w"> </span>restart<span class="w"> </span><span class="c1"># or &quot;./seahub.sh start-fastcgi&quot; if you&#39;re using fastcgi</span>
</code></pre></div>
<h2 id="additional-modern-settings-for-nginx-optional">Additional modern settings for Nginx (optional)<a class="headerlink" href="#additional-modern-settings-for-nginx-optional" title="Permanent link">&para;</a></h2>
<h3 id="activating-ipv6">Activating IPv6<a class="headerlink" href="#activating-ipv6" title="Permanent link">&para;</a></h3>
<p>Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.</p>
<div class="codehilite"><pre><span></span><code><span class="k">listen</span><span class="w"> </span><span class="mi">443</span><span class="p">;</span>
<span class="k">listen</span><span class="w"> </span><span class="s">[::]:443</span><span class="p">;</span>
</code></pre></div>
<h3 id="activating-http2">Activating HTTP2<a class="headerlink" href="#activating-http2" title="Permanent link">&para;</a></h3>
<p>Activate HTTP2 for more performance. Only available for SSL and nginx version&gt;=1.9.5. Simply add <code>http2</code>.</p>
<div class="codehilite"><pre><span></span><code><span class="k">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
<span class="k">listen</span><span class="w"> </span><span class="s">[::]:443</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span>
</code></pre></div>
<h2 id="advanced-tls-configuration-for-nginx-optional">Advanced TLS configuration for Nginx (optional)<a class="headerlink" href="#advanced-tls-configuration-for-nginx-optional" title="Permanent link">&para;</a></h2>
<p>The TLS configuration in the sample Nginx configuration file above receives a B overall rating on <a href="https://www.ssllabs.com/ssltest/">SSL Labs</a>. By modifying the TLS configuration in <code>seafile.conf</code>, this rating can be significantly improved. </p>
<p>The following sample Nginx configuration file for the host name seafile.example.com contains additional security-related directives. (Note that this sample file uses a generic path for the SSL certificate files.) Some of the directives require further steps as explained below.</p>
<div class="codehilite"><pre><span></span><code><span class="w"> </span><span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^</span><span class="w"> </span><span class="s">https://</span><span class="nv">$http_host$request_uri?</span><span class="w"> </span><span class="s">permanent</span><span class="p">;</span><span class="w"> </span><span class="c1"># Forced redirect from HTTP to HTTPS</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">server</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/ssl/cacert.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your cacert.pem</span>
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/ssl/privkey.pem</span><span class="p">;</span><span class="w"> </span><span class="c1"># Path to your privkey.pem</span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">seafile.example.com</span><span class="p">;</span>
<span class="w"> </span><span class="kn">server_tokens</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># HSTS for protection against man-in-the-middle-attacks</span>
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">Strict-Transport-Security</span><span class="w"> </span><span class="s">&quot;max-age=31536000</span><span class="p">;</span><span class="w"> </span><span class="kn">includeSubDomains&quot;</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># DH parameters for Diffie-Hellman key exchange</span>
<span class="w"> </span><span class="kn">ssl_dhparam</span><span class="w"> </span><span class="s">/etc/nginx/dhparam.pem</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># Supported protocols and ciphers for general purpose server with good security and compatability with most clients</span>
<span class="w"> </span><span class="kn">ssl_protocols</span><span class="w"> </span><span class="s">TLSv1.2</span><span class="w"> </span><span class="s">TLSv1.3</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_ciphers</span><span class="w"> </span><span class="s">ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="no">off</span><span class="p">;</span>
<span class="w"> </span><span class="c1"># Supported protocols and ciphers for server when clients &gt; 5years (i.e., Windows Explorer) must be supported</span>
<span class="w"> </span><span class="c1">#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;</span>
<span class="w"> </span><span class="c1">#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;</span>
<span class="w"> </span><span class="c1">#ssl_prefer_server_ciphers on;</span>
<span class="w"> </span><span class="kn">ssl_session_timeout</span><span class="w"> </span><span class="mi">5m</span><span class="p">;</span>
<span class="w"> </span><span class="kn">ssl_session_cache</span><span class="w"> </span><span class="s">shared:SSL:5m</span><span class="p">;</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8000</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$http_host</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Host</span><span class="w"> </span><span class="nv">$server_name</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="s">https</span><span class="p">;</span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.access.log</span><span class="p">;</span>
<span class="w"> </span><span class="kn">error_log</span><span class="w"> </span><span class="s">/var/log/nginx/seahub.error.log</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">1200s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/seafhttp</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">rewrite</span><span class="w"> </span><span class="s">^/seafhttp(.*)</span>$<span class="w"> </span><span class="nv">$1</span><span class="w"> </span><span class="s">break</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:8082</span><span class="p">;</span>
<span class="w"> </span><span class="kn">client_max_body_size</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_connect_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">proxy_send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="kn">send_timeout</span><span class="w"> </span><span class="s">36000s</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/media</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kn">root</span><span class="w"> </span><span class="s">/home/user/haiwen/seafile-server-latest/seahub</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
</code></pre></div>
<h3 id="enabling-http-strict-transport-security">Enabling HTTP Strict Transport Security<a class="headerlink" href="#enabling-http-strict-transport-security" title="Permanent link">&para;</a></h3>
<p>Enable HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle-attacks by adding this directive:</p>
<div class="codehilite"><pre><span></span><code><span class="k">add_header</span><span class="w"> </span><span class="s">Strict-Transport-Security</span><span class="w"> </span><span class="s">&quot;max-age=31536000</span><span class="p">;</span><span class="w"> </span><span class="k">includeSubDomains&quot;</span><span class="w"> </span><span class="s">always</span><span class="p">;</span>
</code></pre></div>
<p>HSTS instructs web browsers to automatically use HTTPS. That means, after the first visit of the HTTPS version of Seahub, the browser will only use https to access the site.</p>
<h3 id="using-perfect-forward-secrecy">Using Perfect Forward Secrecy<a class="headerlink" href="#using-perfect-forward-secrecy" title="Permanent link">&para;</a></h3>
<p>Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:</p>
<div class="codehilite"><pre><span></span><code>$<span class="w"> </span>openssl<span class="w"> </span>dhparam<span class="w"> </span><span class="m">2048</span><span class="w"> </span>&gt;<span class="w"> </span>/etc/nginx/dhparam.pem<span class="w"> </span><span class="c1"># Generates DH parameter of length 2048 bits</span>
</code></pre></div>
<p>The generation of the the DH parameters may take some time depending on the server's processing power.</p>
<p>Add the following directive in the HTTPS server block:</p>
<div class="codehilite"><pre><span></span><code><span class="k">ssl_dhparam</span><span class="w"> </span><span class="s">/etc/nginx/dhparam.pem</span><span class="p">;</span>
</code></pre></div>
<h3 id="restricting-tls-protocols-and-ciphers">Restricting TLS protocols and ciphers<a class="headerlink" href="#restricting-tls-protocols-and-ciphers" title="Permanent link">&para;</a></h3>
<p>Disallow the use of old TLS protocols and cipher. Mozilla provides a configuration generator for optimizing the conflicting objectives of security and compabitility. Visit https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx for more Information.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Seafile Ltd.
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/haiwen/seafile-admin-docs/" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.973d3a69.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../assets/javascripts/bundle.f55a23d4.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink