Seafile SSL/HTTPS on IIS

Seafile SSL/HTTPS on IIS was a very interesting journey when I was trying to implement such change as it gave me some interesting facts that I have notice not well documented. In this article we will assume that you have already installed a running instance of your Seafile on your Windows Server but was server via HTTP only. So lets get started:

Additional Assumption

  • Seafile is running on its default ports 8000 and 8082
  • You already know how to get a SSL Certificate and Apply it on your SSL

Settings for your Seafile Server

  1. seahub_settings.pyFILE_SERVER_ROOT = ‘https://yourdomain.with.ssl/seafhttp’
  2. seafile.conf
    [fileserver]
    port = 8082[seahub]
    port = 8000
    fastcgi = false
  3. ccnet.confSERVICE_URL = https://yourdomain.with.ssl/

Settings for your IIS Server

  1. Install Application Request Routing Cache for your IIS Server via Web Platform Installer or by getting it on the web
  2. Create a website that will point to yourdomain.with.ssl on port 80 ONLY
  3. Open the web.config that will be created for that website and enter the following configuration<?xml version=”1.0″ encoding=”UTF-8″?>
    <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <rule name=”Redirect to HTTPS” enabled=”true” stopProcessing=”true”>
    <match url=”(.*)” />
    <action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” />
    </rule>
    </rules>
    </rewrite>
    </system.webServer>
    </configuration>
  4. Create another website that will point to yourdomain.with.ssl on port 443 ONLY
  5. Open the web.config that will be created for that website and enter the following configuration<?xml version=”1.0″ encoding=”UTF-8″?>
    <configuration>
    <location path=”” overrideMode=”Deny”>
    </location>
    <system.webServer>
    <security>
    <requestFiltering allowDoubleEscaping=”true” />
    </security>
    <rewrite>
    <rules>
    <clear />
    <rule name=”Redirect to HTTPS” enabled=”true” stopProcessing=”true”>
    <match url=”(.*)” />
    <conditions logicalGrouping=”MatchAll” trackAllCaptures=”false”>
    <add input=”{HTTPS}” pattern=”^OFF$” />
    </conditions>
    <action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}” redirectType=”Permanent” />
    </rule>
    <rule name=”seafilehttp” stopProcessing=”true”>
    <match url=”seafhttp/(.*)” />
    <conditions logicalGrouping=”MatchAll” trackAllCaptures=”false” />
    <action type=”Rewrite” url=”http://127.0.0.1:8082/{R:1}” appendQueryString=”true” logRewrittenUrl=”true” />
    </rule>
    <rule name=”seafile” enabled=”true” stopProcessing=”true”>
    <match url=”(.*)” />
    <conditions logicalGrouping=”MatchAll” trackAllCaptures=”false” />
    <action type=”Rewrite” url=”http://localhost:8000/{R:1}” appendQueryString=”true” logRewrittenUrl=”true” />
    </rule>

    </rules>
    <outboundRules>
    <preConditions>
    <preCondition name=”ResponseIsHtml1″>
    <add input=”{RESPONSE_CONTENT_TYPE}” pattern=”^text/html” />
    </preCondition>
    </preConditions>
    </outboundRules>
    </rewrite>
    <httpErrors errorMode=”DetailedLocalOnly” />
    </system.webServer>
    </configuration>

  6. Next is the critical part that most tutorial missed to include as they don’t reflect the settings on Seafile Configuration.
  7. Now Login to your Seafile Admin Area webpage and navigate to Settings section
  8. On the SERVICE_URL enter https://yourdomain.with.ssl/
  9. On the FILE_SERVER_ROOT enter https://yourdomain.with.ssl/seafhttp
  10. Now you are done and navigation, download, and upload will now work properly.

God Bless!

Thanks,
Thomie

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.