Configuring my own certificate SSL in seafile pro deployed with docker

server

#1

Hello

I’m trying to set up my own ssl certificate in the seafile implemented in docker, but I’m not having much success.

Does anyone have an implementation guide that can help me?


#2

Where are you trying to obtain an SSL certificate? Or, have you already obtained it but unable to get it to work? If so, where did you get it and also, are you using NGinx?


#3

If you use another nginx process to reverse proxy the container, you also could apply it there. Also you could enter the container with docker exec -it name /bin/bash or docker exec -it name /bin/sh.


#4

The certificate is generated by me with openssl, for now I’m doing tests with seafile implemented in docker on an internal network.

My problem is that I can not get it to work, in the official seafile documentation manual, the implementation of ssl for seafile implemented with docker is not very explicit.

What is the best way to implement the certificate in the seafile container?

Do I have to use a docker container with nginx? Or is there another way?


#5

Can I configure the certificate inside the seafile container ?

had idea that it could not make configurations inside the containers, all the configurations would have to be mapped in a folder seafile-data at the local server to the docker instance.

I still do not understand much of docker, I just started working with docker now in the seafile implementation.


#6

Yes, with you could modify it. But every time you download the latest image, the config will be lost. You even could save you modified version with docker commit. So you should store your config and your keys outside the container with the -v option. If you are really insterested in docker, The Docker Book is fantastic, the book even tells you how to docker work, so you could make your own pull requests and help the project.


#7

I installed the seafile container with the commands below:

docker run -d --name seafile
-e SEAFILE_SERVER_HOSTNAME=my.domain.pt
-e SEAFILE_ADMIN_EMAIL=suporte@domain.pt
-e SEAFILE_ADMIN_PASSWORD=xxxxxxxxxxxxxx
-e SEAFILE_USE_HTTPS=1
-v /srv/seafile-data:/shared
-v /srv/seafile-nginx:/etc/nginx/sites-enabled
-p 443:443
-p 80:80
docker.seadrive.org/seafileltd/seafile-pro:latest

in addition to the directory “shared” I made mount the directory “/etc/nginx/sites-enabled”

the folder sites-enabled has the nginx configuration “seafile.nginx.conf”.

now just edit the “seafile.nginx.conf” file in /srv/seafile-nginx to configure the ssl certificates ?


#8

Nearly. You also have to mount a place where you want to store your example.pem files. Then you can edit. https://manual.seafile.com/deploy/https_with_nginx.html Look, here there are also some other things you have to make or the windows client won’t work.


#9

I have my files example.pem inside floder /srv/seafile-data/ssl, in the container the files are mapped in the /shared/ssl folder.

My problem is all the changes I make in the /srv/seafile-nginx/seafile.nginx.conf file, after restarting the seafile container, they are deleted, and the seafile.nginx.conf file returns the default settings.

I must be doing something wrong yet…


#10

To use a custom certificate it is better to run another nginx container as proxy or an nginx on the host. It also allows running multiple services.

how do you restart the container?

at least on upgrading that’ll always happen when you changes files within the container, that aren’t on a volume or bind mount.


#11

I restart container with comnands “docker stop seafile” and “docker start seafile”

I have the nginx file “seafile.nginx.conf” mounted at the local server to the docker seafile instance.

I mounted the file with the commands " -v /srv/seafile-nginx:/etc/nginx/sites-enabled"

the changes I make in the seafile.nginx.conf file of the local instance are replicated to the seafile container, I have already confirmed this, but after restarting the container the seafile.nginx.conf file goes back to the default settings.


#12

This is might the better option. But you also can make your own version of the container with docker commit. But then you have to read you into docker.


#13

I finally managed to set up my own SSL certificates

Many thanks


#14

I just wanted to point you to this resource as I hit your github issue about letsencrypt certificates.
https://hub.docker.com/r/zerossl/client/ might be another option.


#15

I strongly recommend against doing that - at least for personal usage. Every upgrade will be a pain unless it has been automated and in that case there could still be incompatible changes in the docker image.


#16

Yes, but else it won’t work.


#17

With a proxy it does :wink: It also allows running multiple services.


#18

I sad it two times, but he didn’t want.


#19

Just a bit off topic but you can get free 90 day certs from https://letsencrypt.org/

I used https://www.sslforfree.com/ which makes use of LetsEncrypt and it reminds you to renew. I think you can automate the whole process so it happens automatically but I haven’t gotten that far


#20

this is supported, but he doesn’t want to use it.

Please never use such a service.