(the forum is telling me I can’t have links, so you’ll have to manually tweak the github links below when pasting them, sorry)
The documentation (manual-seafile-com/docker/deploy_seafile_with_docker/#lets-encrypt-ssl-certificate) talks about using custom certs:
If you want to use your own SSL certificate and the volume directory of Seafile data is
/opt/seafile-data
:
…
The issue with this is:
seafile.nginx.conf
will only be generated to listen on port 443 ifhttps
is true (github-dot-com/haiwen/seafile-docker/blob/d20a40767de91c20adbe576e79ee8586428051a6/image/arm_pro_seafile_9.0/templates/seafile.nginx.conf.template#L23-L26)https
will only be true if the pythonis_https
returns true andis_https
is true ifSEAFILE_SERVER_LETSENCRYPT
is true (github-dot-com/haiwen/seafile-docker/blob/df2628d4cd4fce711285b70182fe9d1ea49fd09c/cluster/scripts/bootstrap.py#L88-L89)
This means that you can only have your Docker server listen on 443 if you set SEAFILE_SERVER_LETSENCRYPT = true
, but if you do that, even if you provide your own ssl certs, a cron job will be created to try and renew your certs.
We need a way to enable https without enabling SEAFILE_SERVER_LETSENCRYPT
. There needs to be a SEAFILE_SERVER_USE_CUSTOM_SSL_CERT
environment variable or something that can be set to true independently of having the automatic Let’s Encrypt cron job. Or something.