Caddy V2 and Seafile Server on a root server

sundervart · July 24, 2020, 8:38pm

Hello there,

I’m trying to move from apache2 because I don’t host a lot of websites, its for mostly my own services and the KISS approach of the caddy is just awesome, my only problem is the Seafile server, I cannot get it to work under Caddy and I cannot find much information about seafile working under caddyV2 on the searches Ive done. Since I’m new with caddy I think here is the best place to fix this problem and ditch apache2.

Here is the apache2 code, works flawlessly:

ServerAdmin *****@*******.eu

ServerName files.***********.eu


DocumentRoot /var/www/files.***********eu/html
RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteCond %{SERVER_NAME} =files.************.eu [OR]

RewriteCond %{SERVER_NAME} =www.files.*********.eu

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.files.*************.eu
SSLCertificateFile /etc/letsencrypt/live/files.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/files..eu/privkey.pem

Alias /media /opt/seafile/seafile-server-latest/seahub/media
<Location /media>

    Require all granted

</Location>



# seafile fileserver

ProxyPass /seafhttp http://127.0.0.1:8082

ProxyPassReverse /seafhttp http://127.0.0.1:8082

RewriteEngine On

RewriteRule ^/seafhttp - [QSA,L]



# seahub web interface

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

ProxyPass / http://127.0.0.1:8000/

ProxyPassReverse / http://127.0.0.1:8000/

I know that I need to reverse proxy. but the problem is how can I redirect the /seafhttp to the fileserver and how can I point the media location of seahub in Caddy? Tried somethings but I’m kinda lost.

The server is running Debian 10 buster with kernel 5.6.

Thank you and Hope you have a nice weekend

Whitestrake · July 27, 2020, 12:23am

Howdy @sundervart, welcome to the Caddy community.

I found it was also useful to peek at the Seafile docs on the recommended nginx configuration, to get an understanding of what they’re doing on both servers. It’s pretty cool because they actually explain what the important sections do:

The most interesting parts of this configuration are:

listen 80;                  The port Nginx listens to
server_name _;              The 'name' of the virtual server
server_tokens off;          Nginx does not reveal its version number to make life more difficult for attackers
location /seafile           proxy for seahub (!)
location /seafhttp          proxy for seafile (!)
location /seafmedia         static content of Seafile Server
location /seafdav           proxy for seadav
access_log and error_log    Nginx log files

—Nginx - Seafile Community Manual

We don’t care about listeners, server names or tokens.

First up, we see that in nginx they proxy /seafile locally to 127.0.0.1:8000, although you proxy the web root /. This is the easiest one.

Proxies requests to one or more backends with configurable transport, load balancing, health checking, header manipulation, and buffering options.
—reverse_proxy (Caddyfile directive) — Caddy Documentation

It’s as simple as this:

reverse_proxy http://127.0.0.1:8000

Next, we can see that they proxy /seafhttp and strip the prefix, which we do in Caddy with handle_path:

Same as the handle directive, but implicitly strips the matched path prefix.
—handle_path (Caddyfile directive) — Caddy Documentation

handle_path /seafhttp* {
  reverse_proxy http://127.0.0.1:8082
}

They take /seafmedia, rewrite to /media, and then serve files from /opt/seafile/seafile-server-latest/seahub. We can use handle_path again to remove the old prefix and rewrite to add the new one, set the root, then add a file_server.

Rewrites the request internally. A rewrite changes some or all of the request URI.
—rewrite (Caddyfile directive) — Caddy Documentation

A static file server. It works by appending the request’s URI path to the site’s root path.
—file_server (Caddyfile directive) — Caddy Documentation

Like so:

handle_path /seafmedia* {
  rewrite * /media{uri}
  root * /opt/seafile/seafile-server-latest/seahub
  file_server
}

They also have a /seafdav path they proxy to http://127.0.0.1:8080. Another easy one:

reverse_proxy /seafdav* http://127.0.0.1:8080

Logging can be as easy or as complicated as you want with the log directive. You don’t appear to have logging in Apache configured but here’s how you’d do it based on Seafile’s nginx default:

Enables and configures HTTP request logging (also known as access logs).
—log (Caddyfile directive) — Caddy Documentation

log {
  output file /var/log/caddy/seafile.access.log
  # Uncomment below if you prefer common log format:
  # format single_field common_log
}

Add it all together and add some handle blocks to ensure each path is exclusive to each other and neat, and we get something like this that looks suspiciously nginx-like, actually:

example.com {
  handle {
    reverse_proxy http://127.0.0.1:8000
  }

  handle_path /seafhttp* {
    reverse_proxy http://127.0.0.1:8082
  }

  handle_path /seafmedia* {
    rewrite * /media{uri}
    root * /opt/seafile/seafile-server-latest/seahub
    file_server
  }

  handle /seafdav* {
    reverse_proxy http://127.0.0.1:8080
  }

  log {
    output file /var/log/caddy/seafile.access.log
  }
}

Although I think it looks a bit neater myself!

sundervart · July 27, 2020, 8:01pm

Hello,

Thank you for your help kind stranger, since I know nothing about nginx I was a bit uncomfortable going that path but its a good idea.

I tried that, but its seems to be buggy, I finally managed to access the app through Chrome, but in firefox it just doesnt work, displaying the SSL_ERROR_INTERNAL_ERROR_ALERT. I already cleaned everything on firefox to start fresh but still no luck till now. I’m on a linux machine by the way but doesn’t seem to be the issue because in chrome it works.

Also if I try to upload something it wont work and the app on my phone and PC could not connect to the server which is odd. The page /seafhttp could not be found and seems that the reverse proxy is not working for that. As soon as I turn caddy off and start apache2, all works again so I’m still on the mission to working it out.

I see that in the apache2 config is a ProxyPassReverse after the ProxyPass as like these:

seafile fileserver

ProxyPass /seafhttp http://127.0.0.1:8082

ProxyPassReverse /seafhttp http://127.0.0.1:8082

RewriteEngine On

RewriteRule ^/seafhttp - [QSA,L]

Could be something to do with that?

I also tried to change some things but no success.

A good day to you!

francislavoie · July 27, 2020, 8:09pm

Are you using an old version of Firefox?

Also, please use ``` on the lines immediately before and after your code blocks to use proper code formatting. You’re using > which is for textual quotes, which messes up the syntax.

Whitestrake · July 27, 2020, 11:40pm

ProxyPassReverse just rewrites Location headers coming back from the proxy.

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypassreverse

The official nginx Seafile config does not require this behaviour, but it does set proxy_set_header Host $host;. Meanwhile, your Apache configuration does not use ProxyPreserveHost.

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost

I presume based on this that the application itself infers the URL for redirects based on the Host header and your Apache config simply does this a bit backwards. Caddy preserves the client Host header by default for reverse proxies.

datunicorn · August 19, 2020, 12:03pm

i was trying to get caddy to work with seafile but i can’t get the /seafhttp rewrite to work.

there are 2 ways i tried:

xxx.yyy.com/seafhttp {
    uri strip_prefix seafhttp
    reverse_proxy 127.0.0.1:8082
}

xxx.yyy.com {
    handle_path /seafhttp* {
        reverse_proxy 127.0.0.1:8082
}
}

none worked and so the client gets an 404 when trying to connect to the server and getting the protocol version :https://xxx.yyy.com/seafhttp/protocol-version but it should return {"version": 2}

the rewrite rule that works with nginx is:

rewrite ^/seafhttp(.*)$ $1 break;

francislavoie · August 19, 2020, 3:03pm

In your first attempt, you didn’t use a * for the path matcher on your site label (it has the same path matching rules as everywhere else, i.e. exact matching).

In your second attempt, you were missing a space between * and { so Caddy may not have parsed your config correctly.

datunicorn · August 19, 2020, 7:00pm

i corrected the second attempt and it was with a space in my actual config file but does not work.

i gave the first attempt a second try considering your comment, and it is working.
here the complete basic seafile config that is working for me with caddy version 2.1.1 and seafile 7.1.3

xxx.yyy.com {
    reverse_proxy 127.0.0.1:8000
}
xxx.yyy.com/seafhttp* {
    uri strip_prefix seafhttp
    reverse_proxy 127.0.0.1:8082
}
xxx.yyy.com/seafdav* {
    uri strip_prefix seafdav
    reverse_proxy 127.0.0.1:8899
}

system · August 23, 2020, 8:38pm

This topic was automatically closed after 30 days. New replies are no longer allowed.