Docker Container with Separate Nginx Reverse Proxy

Hello,

I’m running seafile Pro 7.0.13 using the docker containers and have been trying to move my Nginx reverse proxy to a separate container. I forwarded the ports in docker (8000, 8080, 8082) and can access it directly. However, when I try to access it via the proxy, the web page comes is a reduced/graphic less version.

image

I have tried to login, which seems to accept my credentials but the page then comes up blank. The interesting thing is that my clients (iOS, Android, SeaDrive) are working just fine.

My nginx.config looks like the following. Note: My redirect from 80 and my certs are configured in a different config file.

upstream seafile_8000 {
  server	seafile:8000;
}
upstream seafile_8080 {
  server        seafile:8080;
}
upstream seafile_8082 {
  server        seafile:8082;
}
server {
    listen 443 ssl;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';

    ssl_prefer_server_ciphers on;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;
    server_name raynet.hopto.org;
    location / {
        proxy_pass http://seafile_8000;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        proxy_set_header   X-Real-IP $remote_addr;
        client_max_body_size 0;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://seafile_8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;

    }
    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }
}

I’m not sure what else to do at this point. I have come across the following:

However, I am unsure if this is still relevant since this was for 6.4.3 where I am running 7.0.13. In fact, it references file, url.py, which I don’t seem to have.

Can anyone point me in the right direction?
Thanks
Ray

Has the new nginx proxy access to this directory? If you seperate the nginx from the docker container away it is clear why it is not working. Your nginx in the new container cant access the media files, e.g. javascript, css etc.

Thanks Snowfall!

Spot on! I had copied and pasted the nginx config from the seafile server and didn’t even think about the media folder being there. Confirmed the issue with 404 errors in the browser.

Removed those lines and all is working! Thanks so much!

Can i have your file docker-compose please? Thanks

Hello,

I’m actually using Kubernetes and not docker specifically. You can find my seafile setup on Kubernetes in the following repository.

However, I do not believe I have my nginx config there. What are you trying to do exactly? Separate nginx from seafile in docker?

Thanks
Ray

thanks for your reply.
Yeah, i want to separate nginx from seafile docker too. Here is my nginx conf file

# nginx setup

upstream seafile {
server seafile:8000;
}
upstream seafhttp {
server seafile:8082;
}

upstream seafdav{
server seafile:8080;
}

server {
listen 80;

server_name   my-domain-here;
server_tokens off;

location / {
  rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
}

location ~ /.well-known/acme-challenge{
    allow all;
    root /usr/share/nginx/html/letsencrypt;
}

}

server {
listen 443 ssl http2;
server_name dung.casc4de.fr;
# server_tokens off;

ssl_protocols TLSv1.2;
# ssl on;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
# ssl_dhparam /opt/ssl/dhparam2048.pem;
# ssl_ecdh_curve secp384r1;
ssl_buffer_size 8k;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;

client_max_body_size 10m;

location / {
    proxy_pass         http://seafile;
    proxy_read_timeout 310s;
    proxy_set_header Host $host:$server_port;
    proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Connection "";
    proxy_http_version 1.1;

    access_log      /var/log/nginx/seafile.access.log;
    error_log       /var/log/nginx/seafile.error.log;
}

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://seafhttp;
    client_max_body_size 0;
    proxy_set_header Host $host:$server_port;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;
    proxy_request_buffering off;
    proxy_http_version 1.1;
}

# location /media {
#     rewrite ^/seafmedia(.*)$ /media$1 break;
#     root /opt/seafile/seafile-server-latest/seahub;
# }

location /seafdav {
    proxy_pass         http://seafdav;
    proxy_set_header Host $host:$server_port;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_set_header   X-Forwarded-Proto https;
    proxy_http_version 1.1;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;

    # This option is only available for Nginx >= 1.8.0.
    client_max_body_size 0;
    proxy_request_buffering off;

    access_log      /var/log/nginx/seafdav.access.log;
    error_log       /var/log/nginx/seafdav.error.log;
}

}

But i have a problem that i can not upload any file to seafile. They will return Network error.

Hello @nguacon01

Your nginx config looks almost identical to mine. I see too differences.

Under “location /” my headers are:

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Also under
“location /seafhttp”

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

I’m not using webdav so I cannot share a config for that.

Also, I’m not an nginx expert, but I do not think your issue is related to this config.

Are you able to download files without issue? Is this internal or external or both? What about other browser/clients?

Thanks
Ray

Good news, I solved my problem.
it’s true that my nginx config is fine. But I have to change something in seafile docker.
in seahub_settings_file, i have changed something like:

FILE_SERVER_ROOT = “https://your_domain_here”

HTTP_SERVER_ROOT = “https://your_domain_here”

and then it works.
But one thing i dont understand: what is webdav? I saw its config, but i dont know what it is?

Glad to here it is working.

Webdav is an extension to the http protocol that allows you to create, move, edit files, delete or copy files and folders. There are plenty of websites that can explain it’s functionality better than I. For example:
http://www.webdav.org

It is if you wish to edit within the browser. For example, using Onlyoffice.

Hope this helps.
Thanks
Ray