Configuring my own certificate SSL in seafile pro deployed with docker

David_Jesus · June 13, 2018, 3:16pm

Hello

I’m trying to set up my own ssl certificate in the seafile implemented in docker, but I’m not having much success.

Does anyone have an implementation guide that can help me?

wthess · June 13, 2018, 5:56pm

Where are you trying to obtain an SSL certificate? Or, have you already obtained it but unable to get it to work? If so, where did you get it and also, are you using NGinx?

bionade24 · June 13, 2018, 6:04pm

If you use another nginx process to reverse proxy the container, you also could apply it there. Also you could enter the container with docker exec -it name /bin/bash or docker exec -it name /bin/sh.

David_Jesus · June 14, 2018, 10:41am

The certificate is generated by me with openssl, for now I’m doing tests with seafile implemented in docker on an internal network.

My problem is that I can not get it to work, in the official seafile documentation manual, the implementation of ssl for seafile implemented with docker is not very explicit.

What is the best way to implement the certificate in the seafile container?

Do I have to use a docker container with nginx? Or is there another way?

David_Jesus · June 14, 2018, 11:55am

Can I configure the certificate inside the seafile container ?

had idea that it could not make configurations inside the containers, all the configurations would have to be mapped in a folder seafile-data at the local server to the docker instance.

I still do not understand much of docker, I just started working with docker now in the seafile implementation.

bionade24 · June 14, 2018, 12:21pm

Yes, with you could modify it. But every time you download the latest image, the config will be lost. You even could save you modified version with docker commit. So you should store your config and your keys outside the container with the -v option. If you are really insterested in docker, The Docker Book is fantastic, the book even tells you how to docker work, so you could make your own pull requests and help the project.

David_Jesus · June 14, 2018, 5:16pm

I installed the seafile container with the commands below:

docker run -d --name seafile
-e SEAFILE_SERVER_HOSTNAME=my.domain.pt
-e SEAFILE_ADMIN_EMAIL=suporte@domain.pt
-e SEAFILE_ADMIN_PASSWORD=xxxxxxxxxxxxxx
-e SEAFILE_USE_HTTPS=1
-v /srv/seafile-data:/shared
-v /srv/seafile-nginx:/etc/nginx/sites-enabled
-p 443:443
-p 80:80
docker.seadrive.org/seafileltd/seafile-pro:latest

in addition to the directory “shared” I made mount the directory “/etc/nginx/sites-enabled”

the folder sites-enabled has the nginx configuration “seafile.nginx.conf”.

now just edit the “seafile.nginx.conf” file in /srv/seafile-nginx to configure the ssl certificates ?

bionade24 · June 14, 2018, 6:34pm

Nearly. You also have to mount a place where you want to store your example.pem files. Then you can edit. https://manual.seafile.com/deploy/https_with_nginx.html Look, here there are also some other things you have to make or the windows client won’t work.

David_Jesus · June 15, 2018, 9:34am

I have my files example.pem inside floder /srv/seafile-data/ssl, in the container the files are mapped in the /shared/ssl folder.

My problem is all the changes I make in the /srv/seafile-nginx/seafile.nginx.conf file, after restarting the seafile container, they are deleted, and the seafile.nginx.conf file returns the default settings.

I must be doing something wrong yet…

shoeper · June 15, 2018, 9:53am

To use a custom certificate it is better to run another nginx container as proxy or an nginx on the host. It also allows running multiple services.

how do you restart the container?

at least on upgrading that’ll always happen when you changes files within the container, that aren’t on a volume or bind mount.

David_Jesus · June 15, 2018, 10:49am

I restart container with comnands “docker stop seafile” and “docker start seafile”

I have the nginx file “seafile.nginx.conf” mounted at the local server to the docker seafile instance.

I mounted the file with the commands " -v /srv/seafile-nginx:/etc/nginx/sites-enabled"

the changes I make in the seafile.nginx.conf file of the local instance are replicated to the seafile container, I have already confirmed this, but after restarting the container the seafile.nginx.conf file goes back to the default settings.

bionade24 · June 15, 2018, 1:36pm

This is might the better option. But you also can make your own version of the container with docker commit. But then you have to read you into docker.

David_Jesus · June 18, 2018, 11:39am

I finally managed to set up my own SSL certificates

Many thanks

andreas.huber · June 20, 2018, 9:31am

I just wanted to point you to this resource as I hit your github issue about letsencrypt certificates.
https://hub.docker.com/r/zerossl/client/ might be another option.

shoeper · June 20, 2018, 10:36am

I strongly recommend against doing that - at least for personal usage. Every upgrade will be a pain unless it has been automated and in that case there could still be incompatible changes in the docker image.

bionade24 · June 20, 2018, 11:47am

Yes, but else it won’t work.

shoeper · June 20, 2018, 12:11pm

With a proxy it does It also allows running multiple services.

bionade24 · June 20, 2018, 12:12pm

I sad it two times, but he didn’t want.

DoubleD · June 20, 2018, 1:55pm

Just a bit off topic but you can get free 90 day certs from https://letsencrypt.org/

I used https://www.sslforfree.com/ which makes use of LetsEncrypt and it reminds you to renew. I think you can automate the whole process so it happens automatically but I haven’t gotten that far

shoeper · June 20, 2018, 2:14pm

this is supported, but he doesn’t want to use it.

Please never use such a service.