Client get 502 Bad Gateway response when syncing

Hi

I’ve set up seafile in a docker container with both seafile and seahub ports mapped to the localhost ports 8082&8000.
Ive set up nginx on the host and have no problem accessing the server and creating libraries and files in the libraries.
Problem comes when I installed the linux client. I get

[client seafile.log]:

[04/14/18 20:07:55] clone-mgr.c(864): Transition clone state for a3ca83c8 from [check server] to [error]: check server.
[04/14/18 20:08:00] clone-mgr.c(847): Transition clone state for a3ca83c8 from [error] to [check server].
[04/14/18 20:08:00] http-tx-mgr .c(1236): Bad response code for GET https:/ /SERVER/seafhttp/protocol-version: 502.

on the server no errors to report and even seahub .error.log is empty…

nginx seafile.conf :

server {                                                                         
 listen [::]:80;                                                                 
 listen      80;                                                                 
 server_name  HOSTNAME ;                                                  
 rewrite ^ https:/ /$http_host$request_uri? permanent;|   # force redirect http to https
                                                                                 
 # Enables or disables emitting nginx version on error pages and in the "Server" resp   onse header field.
 server_tokens off;                                                              
}                                                                                
                                                                                 
server {                                                                         
 listen 443 http2;                                                               
 listen [::]:443 http2;                                                          
 ssl on;                                                                         
 ssl_certificate /etc/ssl/certs/SERVER.pem;    |   # path to your cacert.pem
 ssl_certificate_key /etc/ssl/private/privkey.pem;|   # path to your privkey.pem 
 server_name SERVER;                                                   
 ssl_session_timeout 5m;                                                         
 ssl_session_cache shared:SSL:5m;                                                
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits          
 ssl_dhparam /etc/nginx/dhparam.pem;                                             
                                                                                 
 # secure settings (A+ at SSL Labs ssltest at time of writing)                   
 # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx                   
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                            
 ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA    384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
 ssl_prefer_server_ciphers on;                                                   
                                                                                 
 proxy_set_header X-Forwarded-For $remote_addr;                                  
                                                                                 
 # force https on next visit                                                     
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";     
 # obfuscate nginx version                                                       
 server_tokens off;                                                              
                                                                                 
 location / {                                                                     
  #seahub                                                                         
  proxy_pass         http://127.0.0.1:8000;                                       
  proxy_set_header   Host $host;                                                  
  proxy_set_header   X-Real-IP $remote_addr;                                      
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;                  
  proxy_set_header   X-Forwarded-Host $server_name;                               
  proxy_set_header   X-Forwarded-Proto https;                                     
                                                                                 
  access_log      /var/log/nginx/seahub.access.log;                               
  error_log       /var/log/nginx/seahub.error.log;                                
                                                                                 
  proxy_read_timeout  1200s;                                                      
                                                                                 
  client_max_body_size 0;                                                         
 }                                                                                
                                                                                 
 location /seafhttp {                                                            
  rewrite ^/seafhttp(.*)$ $1 break;                                               
  proxy_pass http://127.0.0.1:8082;                                               
  client_max_body_size 0;                                                         
  proxy_connect_timeout  36000s;                                                  
  proxy_read_timeout  36000s;                                                     
  proxy_send_timeout  36000s;                                                     
  send_timeout  36000s;                                                           
  proxy_http_version 1.1;                                                         
 }
 location /media {                                                               
  root /bagpool-1/sync/seafile/seafile-server/seahub;                             
 }                                                                               
} 

also :

root@SERVER:/bagpool-1/sync/seafile# cat conf/*
[General]
USER_NAME = bagbox
ID = SOMEID
NAME = bagbox
SERVICE_URL = https://SERVER

[Network]
PORT = 10001

[Client]
PORT = 13418
[network]
port=12001

[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
host = 127.0.0.1  
port=8082
SECRET_KEY = SECRETKEY
FILE_SERVER_ROOT='https://SERVER/seafhttp'

any ideas ?

EDIT: Note that I have set up the webserver with self signed keys and disabled the “check certificate” on the client.

Thanks

It should be a problem with the Seafile API. Did you opened all used ports on your container and redirect them to localhost?

Yes.

4bcad369f2b8        sunx/seafile        "/bin/docker-run"   2 days ago          Up 41 hours         127.0.0.1:8000->8000/tcp, 127.0.0.1:8082->8082/tcp   pedantic_bell

Also front end works fine from the client… only the fileserver has issues.

Ok so after digging a bit it seems I was’nt looking in the right place for the nginx logs:

2018/04/16 17:29:04 [error] 3683#3683: *2 open() "/bagpool-1/sync/seafile/seafile-server/seahub/media/avatars/default.png" failed (2: No such file or directory), client: CLIENT, server: SERVER, request: "GET /media/avatars/default.png HTTP/2.0", host: "SERVER", referrer: "SERVER"
2018/04/16 17:29:05 [error] 3683#3683: *2 open() "/bagpool-1/sync/seafile/seafile-server/seahub/media/avatars/default.png" failed (2: No such file or directory), client: CLIENT, server: SERVER, request: "GET /media/avatars/default.png HTTP/2.0", host: "SERVER", referrer: "SERVER"
2018/04/16 17:30:33 [error] 3681#3681: *9 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: CLIENT, server: SERVER, request: "GET /seafhttp/protocol-version HTTP/1.1", upstream: "http://127.0.0.1:8082/protocol-version", host: "SERVER"
2018/04/16 17:30:37 [error] 3681#3681: *9 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: CLIENT, server: SERVER, request: "GET /seafhttp/protocol-version HTTP/1.1", upstream: "http://127.0.0.1:8082/protocol-version", host: "SERVER"

I suspect there might be an issue where fastcgi might be enabled for seafile and since It is not configured on the proxy then it fails. Is there an easy way to check if the running instance has fastcgi ?

Also interestingly in the above logs you see that it cannot resolve

/bagpool-1/sync/seafile/seafile-server/seahub/media/avatars/

which if you check the filesystem is a symlink:

/bagpool-1/sync/seafile/seafile-server/seahub/media/ -la
total 46
drwxr-xr-x 11 2016 2016 12 Apr 14 16:28 .
drwxr-xr-x 12 2016 2016 31 Apr 13 17:52 ..
drwxr-xr-x  5 2016 2016  5 Apr 13 17:52 assets
lrwxrwxrwx  1 2016 2016 33 Apr 13 17:53 avatars -> /home/seafile/seahub-data/avatars
drwxr-xr-x  3 2016 2016  3 Apr 14 16:28 CACHE
drwxr-xr-x  2 2016 2016  5 Apr 13 17:52 codemirror
drwxr-xr-x  2 2016 2016  3 Apr 13 17:52 cors
drwxr-xr-x  5 2016 2016 24 Apr 13 17:52 css
drwxr-xr-x  5 2016 2016 41 Apr 13 17:52 img
drwxr-xr-x  5 2016 2016 27 Apr 13 17:52 js
drwxr-xr-x  2 2016 2016  5 Apr 13 17:52 office-template
drwxr-xr-x  5 2016 2016  5 Apr 13 17:52 rest_framework

where /home/seafile doesnt exist on the host but is mounted on the container with

sudo docker run -v /bagpool-1/sync/seafile:/home/seafile -p 127.0.0.1:8000:8000 -p 127.0.0.1:8082:8082 -ti sunx/seafile

so that link should work withing the container context. So I assume it should work too…

Ok after digging some more I finally found the issue

basically in seafile.conf

[network]
port=12001

[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
host = 127.0.0.1 #DONT SET THIS IF YOU HAVE REDIRECT OUTSIDE DOCKER
port=8082

the line

host = 127.0.0.1

prevented nginx to redirect connections to the docker container. That’it

As for the other issue of names not resolving due to simlinks only beeing valid within containers I might start another thread (or just fix the simlinks when I see them)

thanks
cheers
-B

1 Like