Anyone Rumming Seafile with the jwilder/nginx-proxy and jrcs/letsencrypt-nginx-proxy-companion?

Hi,
As soon as I have my Seafile back up and running today, I was going to look at getting it working with the above containers which have provided a generalized pattern to managing Nginx and lets-encrypt in the docker-verse. Has anyone done this yet? I’ve seen some general issues raised trying to run Seafile with lets-encrypt that were not resolved. I was thinking I would terminate SSL at Nginx – and just proxy http rather then adding more complexity.

Even for folks who do not have multiple images on a single host, having a single automated Nginx/lets-encrypt process to manage would likely be a big benefit. If I have to go from scratch, I’ll document stuff on my blog, as I’m sure there’s a few gotchas or things of interest along the way.

  • Andrew

I’m using this combination for several months now. Works without any problems.

Excellent. Did you leave the existing http machinery in the Seafile docker-compose pretty much as is?
For the virtual_host did you use the docker container name of your seafile? I imagine it’ll be pretty easy when I can grab the image.

Cheers.

Andrew

Yes, that’s what I did

Not quite sure what you mean. That’s part of my Seafile docker-compose:

 seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    restart: unless-stopped
    expose:
      - 80
    volumes:
      - /opt/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - VIRTUAL_HOST=mydomainname.com
      - LETSENCRYPT_HOST=mydomainname.com
      - VIRTUAL_PORT=80
      - DB_HOST=db
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
    depends_on:
      - db
      - memcached
      - nginx-proxy

One other idea to consider; I just implemented traefik as a front end to a number of services (containers and bare metal), including Seafile. If you haven’t heard of it, it functions similarly to NGINX but works across containers and other devices.

Similar to your desired outcome above, https terminates at traefik and Seafile runs without much complexity behind traefik. If you’re already familiar with NGINX it is probably easier to implement there, but if not, both are worth a look IMHO.

1 Like

I got this working - but not the manner I originally desired. I could not get the jwilder/nginx-proxy / jrcs/letsencrypt to work period; even with the most simple setup. I got tired of messing with it, magic that doesn’t work, even in the most simple case. All it would ever do is return a 503. I saw others with the same problem. I decided it was obviously to fragile for my tolerance levels.
I ended up using a similar approach, except I have to maintain the NginX config. It was a ceph something other other image and letsencrypt. It worked without any ado

That said, I had to do some fugly stuff with Seafile config – as it would not work behind a reverse proxy (for me). I went through far too much trial and error; again people having similar problems – often times no known resolve. One thread I found - the author claimed it worked. I put my stuff aside totally, to ensure I wasn’t doing something, and it didn’t work. I reverse proxy from my front-end Nginx directly, just as the bundled Nginx would have. To do that, I just had to set the ports in the docker-compose. Except in one case, I had to handle the root mount for the site elements: images, styles, etc. I did that by just reverse proxying those requests for media to the Nginx that comes with Seafile.
This works perfectly; although a huge clusterfsck. I was so tired of messing with half-baked or magik that wasn’t so magical. We’ll see what happens when i have an upgrade opportunity.

Thanks, I will check out this Traefik and eval it.

Ta

Do you have any links for tutorials to follow for this? I’m struggling with the same issues as OP.

Hey sawdog, did you ever get this working with jwilder & proxy-companion? I can’t get it working and don’t know nearly enough to even troubleshoot it well. I have lots of services working with the current Nginx/let’s encrypt set up, but seafile doesn’t seem to want to work with that.

I am using an nginx and let’s encrypt image, I have my own docker 9.x pro image. Works great. When I rerolled the Seafile image, I pulled out all the extras that I didn’t need for that setup. If you want some help, I still have an Seafile slack setup that is good for quick RTC stuff.

So i don’t understand anything in this last sentence, “If you want some help, I still have an Seafile slack setup that is good for quick RTC stuff.” but yes I would love some help!

Here’s where I’m at so far. With this Docker-Compose set up below, I have the service available at localhost:39205 but I’m getting 502 error when accessing from seafile.mydomain.org

db:
    image: mariadb:10.5
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=db_dev  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /mnt/storage/seafile/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    ports:
      - "39205:80"
      #- "39207:443"  # If https is enabled, cancel the comment.
    volumes:
      - /mnt/storage/seafile/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
      - /mnt/storage/seafile/seafile-templates:/templates
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=db_dev  # Requested, the value shuold be root's password of MySQL service.
      - TIME_ZONE=${TZ}  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=my@email.com # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=password     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=seafile.mydomain.org # Specifies your host name if https is enabled.
      - VIRTUAL_HOST=seafile.mydomain.org
      - VIRTUAL_PORT=8000
      - LETSENCRYPT_HOST=seafile.mydomain.org
      - LETSENCRYPT_EMAIL=my@email.com
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net
      - proxy-tier

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

I was saying - if you need help, I have a Slack (replaced IRC for the most part) that I setup for the Seafile community. It’s better then a forum, post back and forth to solve problems. I’ll be home in about 10 minutes and I’ll be glad to see if I can help. Search here for Slack post with the link. I’m on a phone, can’t grasp what you pasted ATM.

No, I figured it out and now know my setup. There was too much bitrot with a bunch of posts that simply wouldn’t work period; with the simplest setup. I can give you image name when I’m home. Depends on your setup. Mine was a reverse proxy across multiple systems and Seafile living on a separate host.

Ah. Got it. Thanks. I’ll get on the slack. Just didn’t know what RTC was. Realizing now it’s probably Real-Time Chat? See you in slack!

the link in this post is “no longer valid”. Can you send a new one?

FYI, for anyone searching this after the fact. I was getting a 502 error because I wasn’t addressing my standalone Nginx properly. I needed to forward traffic to the external port in my case from the container, in my case, 39205. Then I got a “Bad Request. Contradictory scheme headers” error. This was actually due to the internal seafile Nginx not being configured correctly. Essentially, I followed this reddit post and change the default nginx conf file and now it works! https://www.reddit.com/r/selfhosted/comments/iav3iw/need_help_with_nginx_config_for_reverse_proxy_in/

My new docker-compose file:

  db:
    image: mariadb:10.5
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${SFDBPASS}  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - ${STORAGE}/seafile/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    networks:
      - seafile-net
      
  elasticsearch:
    image: elasticsearch:7.16.2
    container_name: seafile-elasticsearch
    restart: unless-stopped
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    volumes:
      - ${CONFIG}/seafile/seafile-elasticsearch/data:/usr/share/elasticsearch/data  # Requested, specifies the path to Elasticsearch data persistent store.
    networks:
      - seafile-net
          
  seafile:
    image: docker.seafile.top/seafileltd/seafile-pro-mc:9.0.4
    container_name: seafile
    restart: unless-stopped
    ports:
      - "39205:80"
#      - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - ${STORAGE}/seafile/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
      - ${CONFIG}/seafile/seafile-templates:/templates # follow this guide to replace the templates to make the Nginx inside the container work with the Nginx outside: https://www.reddit.com/r/selfhosted/comments/iav3iw/need_help_with_nginx_config_for_reverse_proxy_in/
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=${SFDBPASS} # Requested, the value shuold be root's password of MySQL service.
      - TIME_ZONE=${TZ}  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=${EMAIL} # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=${SFPASS}     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=seafile.${DOMAIN} # Specifies your host name if https is enabled.
      - VIRTUAL_HOST=seafile.${DOMAIN}
      - LETSENCRYPT_HOST=seafile.${DOMAIN}
      - LETSENCRYPT_EMAIL=${EMAIL}

    depends_on:
      - db
      - memcached
      - elasticsearch
    networks:
      - seafile-net
      - proxy-tier

Now I have a new problem, so I’ve opened my own ticket. It doesn’t have to do with Nginx anymore.

I’ve create a tutorial for deployment Seafile in docker behind the nginx-proxy.

Feel free to use:

https://github.com/strahli30/HowTo-use-Docker-Seafile-Plex-NGINX

Summary
  • NGINX-Proxy by jwilder
  • autom. SSL-Certs by LetsEncrypt
  • webDav works
  • Clients works