Adding a letencrypt certificate for a server running seafile server

The regular letsencrypt certbot procedure fails due to reverse proxying-it essentially means that contrary to regular delivery of webpage content, where you type an address and apache serves the content from a specific folder, seafile runs a service as a reverse proxy. Apache binds to the particular port running seafile, and serves content provided by the seafile daemon (service). So obviously letsencrypt authorization doesnt work regularly. I struggled with a lot of apparent techniques for the reverse proxy, all of which threw up all kinds of errors while letsencrypt was authorizing in apache mode. Finally the solution is very simple-use letsencrypt certbot in manual DNS verification mode. It’s simple-you just add a particular TXT record to your DNS, and Cloudflare instantly verifies it and provides you the certificate, CSR and chain.

certbot -d --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
(Y)es/(N)o: y

Please deploy a DNS TXT record under the name with the following value:


Once this is deployed,
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert
   will expire on 2017-07-19. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

I found that there was a problem with the path of the chain.
Copying to new location:

mkdir /home/you/domains/
cp /etc/letsencrypt/live/*pem /home/you/domains/

Apache config:

DocumentRoot /var/www
ErrorLog /var/log/virtualmin/
CustomLog /var/log/virtualmin/ combined
Alias /media  /home/user/haiwen/seafile-server-latest/seahub/media
RewriteEngine on
<Location /media>
          Require all granted
# seafile fileserver
ProxyPass /seafhttp
ProxyPassReverse /seafhttp
RewriteRule ^/seafhttp - [QSA,L]
# seahub
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://
ProxyPass /.well-known !
Alias /.well-known "/var/www/.well-known"
<Directory "/var/www/.well-known">
           Require all granted
           order allow,deny
           allow from all
           AllowOverride All
           AddDefaultCharset Off
SSLEngine on
SSLCertificateFile /home/you/domains/
SSLCertificateKeyFile /home/you/domains/
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/you/domains/
SSLHonorCipherOrder on

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Fix seafile server for folder names containing spaces

This is an apache bug.

Use a newer apache version:

Generic steps to install a newer version of a package with apt than provided in the stable stream:

In /etc/apt/apt.conf.d add the following file


APT::Default-Release "stable";

In /etc/apt/sources.list.d – add urls for testing / unstable sources


deb    stable main contrib non-free
deb-src    stable main contrib non-free

deb         stable/updates  main contrib non-free


deb    testing main contrib non-free
deb-src    testing main contrib non-free

deb         testing/updates  main contrib non-free
apt-get update

and then install what you need with

apt-get -t testing install something

So for our purpose:

apt-get update
apt-get -t testing install apache2
service apache2 restart

Choose to keep all your default config files with no changes.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install ownloud on a Debian box running apache server and an i-mscp panel

Add a DNS entry for in your DNS manager. I will choose Cloudflare.
Then, login to the i-mscp panel, create a domain alias, say

Install owncloud:

echo 'deb /' >> /etc/apt/sources.list.d/owncloud.list
apt-key add - < Release.key
apt-get update
apt-get install owncloud

It will get installed to /var/www/ownlcoud
We will have to move the files to the directory of the new domain alias:

cd /var/www/
cp -a owncloud/* virtual/
cp -a owncloud/.* virtual/
rm -rf owncloud

Set permissions (Check the username for your directory virtual/ first):

chown -R vu2004.vu2004 virtual/*

Install owncloud by visiting, and creating a new admin user and password.
Now that owncloud is confirmed to work, we will add SSL support.
In i-mscp, enable SSL support by visiting Admin settings.
Now, use the “Add/Edit SSL Certificate” to generate a new SSL certificate.

Enable Cloudflare for the domain.
Now you will be able to login to

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Create a self signed openssl certificate


sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to setup Owncloud for your own server

Install owncloud on own server.
First add an apache virtualhost.



Create the following:

<VirtualHost *:80>
DocumentRoot /var/www/virtual/

Create a “A” record in the DNS panel for

A [myipaddress]

Create the virtual directory:

mkdir -p /var/www/virtual/
chown -R www-data.www-data /var/www/virtual/

Download and uncompress the latest owncloud installation package [Available at ]
tar xf owncloud-8.0.3.tar.bz2
mv owncloud/* ./
rm owncloud-8.0.3.tar.bz2
rm -rf owncloud/

Install php gd module, php5-curl and php5-mysql:

sudo apt-get install php5-gd php5-curl php5-mysql

Set always_populate_raw_post_data to -1 in your php.ini
Now to set the appropriate value in php.ini, first I have to locate the correct php.ini to edit.

find /etc -iname 'php.ini'

Now locate the location of the setting:

grep -in 'always_populate_raw_post_data' /etc/php5/apache2/php.ini
704:;always_populate_raw_post_data = -1

Edit the correct line with emacs:

emacs /etc/php5/apache2/php.ini
Alt-G G 704

takes me to the correct line to edit. Remove the two leading semicolons.

Restart apache2 server:

service apache2 restart

Now reload in your browser.

Now I got a security warning:
Your data directory and files are probably accessible from the internet because the .htaccess file does not work.
For information how to properly configure your server, please see the documentation.

This means that htaccess is not enabled for the server. So to setup .htaccess for apache:

Edit /etc/apache2/sites-available/default
emacs /etc/apache2/sites-available/default

Add the “AllowOverride All” directive.
So the block now looks like:

DocumentRoot /var/www/virtual/

AllowOverride All

If while editing apache directive files, you face issues, run: systemctl status apache2.service Or journalctl -xn for details

Create database with mysql:
mysql -u root -p
mysql> CREATE DATABASE ‘owncloudie’;
mysql> USE owncloudie;
mysql> CREATE USER ‘cloudsrvrusr’@’localhost’ IDENTIFIED BY ‘mypassword’;
mysql> GRANT ALL PRIVILEGES ON owncloudie.* TO ‘cloudsrvrusr’@’localhost’ WITH GRANT OPTION;
mysql> EXIT;

Restart apache2, and reload the install page.

Now, add an admin username and password, and add the database details that we created with mysql.
When you click on ‘Finish setup’, mysql installation will be over, and you can login as administrator.
Create users.

Download the Desktop client at, and the Android client from

To create ssl:

mkdir -p /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
emacs /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin [email protected]
        DocumentRoot /var/www/virtual/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
a2ensite default-ssl.conf
service apache2 reload

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Blocking listing of certain file types in apache directory listing with .htaccess

If you’d like to block listing of *.avi files in the directory listing on your server, add the following to the same directory, in a file named .htaccess:

IndexIgnore *avi

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Run php files without typing in the extension in apache

On i-mscp, edit the file /etc/apache2/sites-available/,


<Directory /var/www/virtual/>
        Options -Indexes +Includes +FollowSymLinks +MultiViews
        # SECTION php_enabled BEGIN.
        AllowOverride All
        # SECTION php_enabled END.
        Order allow,deny
    Allow from all

adding the following:

Options +MultiViews
DirectoryIndex index.php
AddType application/x-httpd-php .php

so that final code becomes:

 <Directory /var/www/virtual/>
        Options -Indexes +Includes +FollowSymLinks +MultiViews
        DirectoryIndex index.php
        AddType application/x-httpd-php .php
        # SECTION php_enabled BEGIN.
        AllowOverride All
        # SECTION php_enabled END.
        Order allow,deny
    Allow from all

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Install Pydio on webserver

Get it from here:


wget -O pydio-core-5.0.4.tar.gz

Extract the file to a chosen directory.

tar xf pydio-core-5.0.4.tar.gz
mv pydio-core-5.0.4 /var/www/explore
chown -R www-data /var/www/explore/data/

Install mysql-server if not already installed.

apt-get install mysql-server-5.5

Install mcrypt, php5-gd, php5-mysql:

apt-get install php5-mcrypt php5-gd php5-mysql

Now, add “AllowOverride All” to /etc/apache2/sites-available/default

<Directory "/var/www/explore">
                    AllowOverride All

Restart apache2:

service apache2 restart

Create a mysql database, then a user and assign a password for the user on the database.

mysql -u root -p

And the following on the mysql shell.

CREATE USER 'pydiouser'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON pydiodbase.* TO 'pydiouser'@'localhost';

To change password of the dbuser:

UPDATE mysql.user SET Password=PASSWORD('yourpassword') WHERE User='pydiouser';

Then, access the web install at http://yourip/explore, and follow the onscreen prompts.

Your files appear in ./data/files/

Error message during installation:

It seems that your data/ folder is not correctly protected, and that subfolders (like the data/cache/ folder) are web-accessible. If you are using Apache, make sure the AllowOverride All option is active for your current directory. If you are running Windows IIS, you must manually add a RequestFiltering/HiddenSegments configuration to prevent web access to these folders. If you have defined a different AJXP_DATA_PATH pointing outside the webfolder, you can ignore this warning.

Check the default apache config:

ServerAdmin [email protected]
DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

In the code:

Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
allow from all

change none to All:

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

Warning about locale not set:

dpkg-reconfigure locales
Generating locales...
  en_IN.UTF-8... up-to-date
Generation complete.


grep -in AJXP_LOCALE conf/bootstrap_conf.php
30: * define("AJXP_LOCALE", "");
32://define("AJXP_LOCALE", "en_EN.UTF-8");
33://define("AJXP_LOCALE", "");

And edit line 33 of the file to change it to:

33:define("AJXP_LOCALE", "en_IN.UTF-8");

Warning: PHP Output Buffer disabled
You should disable php output_buffering parameter for better performances with Pydio.

Check php value:

#grep -in output_buffering /etc/php5/apache2/php.ini
126:; output_buffering
245:output_buffering = 4096

Edit it to:

245:output_buffering = Off

Restart apache2 when you’re done.

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Failed to create virtual server : No virtual domains file (virtual_alias_maps) was found in your Postfix configuration!

I received the following error from Webmin (Virtualmin) when creating a new virtual server

The solution is to add the following:

virtual_alias_maps = hash:/etc/postfix/virtual

to /etc/postfix/

Next error:

The Apache webserver does not appear to be installed on your system, or has not yet been set up properly in Webmin's Apache Webserver module. If your system does not use Apache, it should be disabled in Virtualmin's module configuration page.

Just visit https://domain:10000/apache/

and install apache

Suexec is enabled in the default template, but the Apache module mod_suexec is not installed or not enabled.


apt-get install apache2-suexec


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

WordPress error: To perform requested action, wordpress needs access to webserver

The error message displayed is:

“Connection Information: To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host.”

This occurs due to permission issue. Check ownership of files.

The reason is that certain files in your wordpress installation directory cannot be written to, as they’re not owned by the user running the apache process.

To find out the user runing apache, put the following code in a file testeuser.php and run it:

<!--?php echo(exec("<span class="hiddenSpellError" pre=""-->whoami")); ?&gt;

For me, it outputs:


So I have to change ownership of my htdocs folder:

[[email protected]] ~/domains/htdocs #chown -R rt6004.www-data *

Here, rt6004 is the user and www-data is the group.

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.