Docker with SSL on non standard ports

Hi

Are there any docker users who have managed to deploy a container for seafile CE using Lets Encrypt, but with the container on non standard ports ?

As part of the process of the cert generation, letsencrypt tries to download a file that fails due to the fact the container is not available on port 80 or 443 (i map 8043:443 and 8091:80)

I’ve tried sticking the port in the host name during the container build, but that fails also.

My config looks like this for the build:

docker run -d --name seafile \
  -e SEAFILE_SERVER_LETSENCRYPT=true \
  -e SEAFILE_SERVER_HOSTNAME=share.mydomain.com \
  -e SEAFILE_ADMIN_EMAIL=me@gmail.com \
  -e SEAFILE_ADMIN_PASSWORD=mypass! \
  -v /opt/seafile-data:/shared \
  -p 8091:80 \
  -p 443:443 \
  seafileltd/seafile:latest

Hy!
Probably you could use nginx/apache as a reverse proxy, so you can access multiple services on port 80/443 on different subdomains/subfolders, and only the webserver need the certificate.

Do you have any instructions on how to set up the reverse proxy with apache so that it works with letsEncrypt and seafile? Also, if the host webserver has a certificate with letsEncrypt for the seafile domain, does the reverse proxy need to relay to port 443 in seafile? or it can be pass to port 80 in seafile? not sure at what point the encryption happens.

Hi, rikardo89

Seafile docs for Apache reverse proxy: HTTPS with Apache - Seafile Admin Manual

You configure the Apache to use letsencrypt SSL, and use seafile without SSL. The communication between the client and webserver (Apache) will be encrypted, but in general no encryption needed between reverse proxy and seafile server. (Of course assuming that the network between proxy and seafile is trusted)

I would recommend using Traefik and let that handle letsencrypt certs and ssl termination.

This is really helpful, I finally got Seafile docker to work using https behind apache. Thanks for clarifying that no encryption was needed between the reverse proxy and the seafile server. I will update my post : Configuration to get HTTPS (SSL) to work properly with Seafile docker behind Apache?

One more question, I only used the reverse proxy configuration for seahub and everything seems to be working without using. However, the manual says to add reverse proxy for the seafile-fileserver. Do you know if the reverse proxy for seafile-fileserver is needed at all?

For seahub:

ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/

For seafile fileserver:

ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]