Configuration to get HTTPS (SSL) to work properly with Seafile docker behind Apache?

I have deployed Seafile docker 8.0.7 in my Ubuntu server 20.04 which also has Apache web server 2.4 running on it. When I first run docker-compose, I modified the yml file to only work with port 80 (without secure connection), and I use a custom port like -8888:80 (since port 80 was already bound to apache). Everything worked great; however now I want to secure it by using https and I have spent countless hours trying to get this to work to no avail.

Question: Does anyone one have step-by-step guide on how to configure:

  1. the apache reverse proxy for https to work with seafile
  2. the initial yml settings so that it can use https/port 443?
  3. the setting for the nginx config file within seafile so that it can handle https (port 443) that are relayed from apache?
  4. any other configs that need to be change?

By reading the forum, I believe many other users are experiencing the same issues. Some of the issues that I encountered are:

  1. Changing the yml file and deploying docker compose does not recreate the nginx configuration file , so that it is stuck with only configuration for listening to port 80 and not port 443 for secured connections (described here Seafile In Docker - Trigger Nginx Config Regeneration - #3 by rikrdo89)
  2. Setting reverse proxy rules for apache according to the manual (Seafile Community Installation - Seafile Admin Manual) works great as long as you relay an unsecure connection from your custom port (8888) to port 80, and don’t force the url/domain to use a SSL. But secure connections fail to be properly served, probably because nginx running within the seafile docker is not configured properly? I get the following msg: “The proxy server received an invalid response from an upstream server.”

Any help from the community or developers would be much appreciated by me and everyone else who is struggling to secure their Seafile installation.

I finally got Seafile docker to work using https (SSL) behind my apache server. The key was that no encryption is needed between the apache reverse proxy and the seafile server, but the communication to the apache server is always secured. The apache virtual host configuration for either *80 or *443 always proxies to the internal seafile docker using an unsecured connection and my pre-define port 8888.

To answer my previous questions:

  • the apache reverse proxy for https to work with seafile

ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8888/
ProxyPassReverse / http://127.0.0.1:8888/

  • the initial yml settings so that it can use https/port 443?
    No need to change the yml file to add 443 port since the internal communication with seafile is unsecured. If a custom unsecured port is desired, you can change it now, like in my case:

seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- “8888:80”
#- “4343:443”

  • the setting for the nginx config file within seafile so that it can handle https (port 443) that are relayed from apache?
    No need to change the nginx config file within seafile

Remaining questions:
The manual (HTTPS with Apache - Seafile Admin Manual), states to add the following lines in the apache conf files for the reverse proxy for seahub and seafile-fileserver. However, I only used the lines corresponing to the reverseproxy code for seahub and my installation is working without issues. I am not sure why we need to add a reverse proxy for seafile-fileserver, hopefully someone can clarify that.

#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]

#
# seahub
#
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/