Help with setup Seafile Server on Synology NAS via Portainer Docker in local network

Hi,
After long searches and trials I dare to post the following question as I cannot get things working.

The setup is the following:

  • Home WiFi network with a Synology NAS with IP 192.168.0.2
  • Firewall on NAS is disabled for all the tests I did
  • DSM version is 7.2.2
  • Router does no port forwarding but I assume this is irrelevant since I stay within the local network (192.168.0.*)
  • Portainer set up on the NAS with the goal to setup a Seafile Server on the NAS
    => I like to access the Seafile Server (with a client or via browser) from my local network.

From all information I found in the forum and with google I have the following (minimal?) files created:
seafile.nginx.conf (under …/seafile/data/nginx/conf):

server {
  server_name 192.168.0.2;
  location / {
    proxy_pass http:// 192.168.0.2:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
}

The text that Portainer uses with docker compose (via Portainer web-interface):

services:
  db:
    image: mariadb:11.4-noble
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /volume1/*[path-to-seafile-data]*/seafile/db:/var/lib/mysql:rw
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - "8080:80"
    volumes:
      - /volume1/*[path-to-seafile-data]*/seafile/data:/shared:rw
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=password
      - TIME_ZONE=Etc/UTC
      - SEAFILE_ADMIN_EMAIL=mymail@something.com
      - SEAFILE_ADMIN_PASSWORD=strong_password
      - SEAFILE_SERVER_LETSENCRYPT=false
      - SEAFILE_SERVER_HOSTNAME=192.168.0.2:8080
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net

networks:
  seafile-net:

With this setup I get the following results:
If I enter “http:// 192.168.0.2:8080” to a browser on my laptop which is in the same local network I get “The connection has timed out” error.

Ideally I would be able to access the Seafile Server via https, but I think for that some complicated certificate things are needed on top of everything. So I am happy if it just would work via http.

Many thanks in advance for any help!

PS: the spaces after http:// are since I am not allowed to post links, it is not a spelling error.

There’s a coupe of things I noticed here. First I think you are trying to connect to the wrong port. I think by default 8080 is the port used for webdav connections (which I think is off by default), and the default for the web interface is 8000. But maybe that’s different in the docker setups, I don’t know, I never set one up with docker.

The other thing is that seafile is probably only going to accept connections from inside the container because it expects all the connections to come from the nginx reverse proxy. So you connect via port 80 to nginx, and then nginx passes the requests on to seafile at 8000 (or maybe 8080) if they look like valid requests. So try just going to http://192.168.0.2 (80 is the default for http, so no need to add it).

As for the https, there are hoops to jump through to get a good certificate, but if you aren’t ever going to make it accessible over the internet you then you don’t really need to. Also no point in worrying about that before you get this part working.

thank you very much for the very fast reply.

I have two observations:

  1. when changing from 8080 to 8000 (in both the seafile.nginx.conf and the portainer “docker compose” command) then when I click “update the stack” (i.e. invoke docker compose with portainer) I get the following error: “Bind for 0.0.0.0:8000 failed: port is already allocated”

  2. I then changed from 8080 to 8001 just for the sake of it. When I enter http:// 192.168.0.2 I get forwarded to the https connection and the regular login of my synology NAS.

Might it be the issue that I have the wrong IP? When I create the stack (with the above text for the portainer’s “docker compose” command) three containers are created: “seafile”, “seafile-memcached”, and “seafile-mysql” and portainer shows IPs for them 172.23.0.4, 172.23.0.2, and 172.23.0.3 respectively. So far, I thought these are just portainer internal addresses.

The quick reply is just lucky timing. :slight_smile:

Those are docker internal IP addresses, and your host should not be set up to allow you to access them directly. When the docker container runs, selected ports are forwarded to these internal IPs automatically by docker. The “port already allocated” says that something else is already using port 8000, but I don’t know if that’s within the container or on the host.

Seafile has a few parts that use different ports. On my system, the main web interface is on 8000, the fileserver part is on 8082, the notification server on 8083, and the webdav part would be on 8080, but I have it disabled.

The nginx config tells it which part to talk to based on the URL requested. Addresses like https://my.domain.name/ go to the seafile server port 8000, https://my.domain.name/seafhttp is forwarded to port 8082, and /notification is forwarded to port 8083. So I only talk to nginx on 443 and it knows which port to forward to.

I hadn’t considered that your NAS might already be using 80 and 443 for its own web interface. So maybe you need to configure it to listen to some other port, like 88. Unfortunately I don’t know enough about the docker setup to know which options in the config to change for sure, but I think it would be “server_name 192.168.0.2:88”, or add a line after “server_name” that says “listen 88”. And you probably need to add “88” to the “ports” part of the container config, but I don’t know the right format for that.

Hopefully someone more familiar with docker can jump in and be more help.

ok, so I tinkered around a bit but unfortunately to no avail.
My configuration is now as follows:

Synology reverse proxy settings (and I added port forwarding on my router to forward 9005 to the NAS):

Source: seafile.[mydomain].synology.me
HTTPS
Port: 9005
HSTS enabled

Destination: localhost
HTTP
Port: 8001

The seafile.nginx.conf is (same as before just changed to localhost:8001):

server {
  server_name localhost;
  location / {
    proxy_pass http://localhost:8001;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
}

The text that Portainer uses with docker compose (via Portainer web-interface):

services:
  db:
    image: mariadb:11.4-noble
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /volume1/*[path-to-seafile-data]*/seafile/db:/var/lib/mysql:rw
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - "8002:8001" 
    volumes:
      - /volume1/*[path-to-seafile-data]*/seafile/data:/shared:rw
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=password
      - TIME_ZONE=Etc/UTC
      - SEAFILE_ADMIN_EMAIL=mymail@something.com
      - SEAFILE_ADMIN_PASSWORD=strong_password
      - SEAFILE_SERVER_LETSENCRYPT=false
      - SEAFILE_SERVER_HOSTNAME=localhost:8002
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net

networks:
  seafile-net:

Now, when I type “https:// seafile.[mydomain].synology.me:9005” in my browser on the laptop, I get an error from Synology: Sorry, the page you are looking for is not found. (i.e. Synology logo on top, text beneath the logo).

I tried a few port combinations but nothing worked (some combination leads to a “bad gateway” error from nginx). My understanding is that the synology reverse proxy should forward the browser request to localhost:8001, and the docker should catch that and forward to localhost:8002 where seafile is…apparently I am not quite correct?

First off, sorry I don’t directly have answers for you. I’ve only occasionally used docker (never enjoyed it), and never used synology.

I would not turn HSTS on until everything is working. That tells your browser that this server will never do HTTP, so if you get an HTTP link it should automatically upgrade to HTTPS without asking, which might cause pain while troubleshooting.

I’m not sure exactly how all the parts you have fit together. It looks like you have a synology reverse proxy (the first bit of config you quoted), in front of nginx, which is in front of seafile. It’s not clear to me if nginx is inside the container, in it’s own container, or just another process on the synology device. But still the chain of synology → nginx → seafile is useful (so hopefully I got that right).

If nginx isn’t in the same container as seafile, then the “proxy_pass” line should point to the container’s address instead of localhost. And the server_name of localhost is probably wrong. In nginx, the “server_name” lets a section of config apply when that name matches the address you typed into your browser. So I suspect that should be “seafile.[mydomain].synology.me”, unless the synology reverse proxy is rewriting that header before forwarding on to nginx.

The “Sorry, the page you are looking for is not found” message from synology I assume is from the synology reverse proxy, and my guess is that is what it says when it can’t get a reply from whatever it is trying to forward to. The configs where you got errors from nginx would be an improvement then because you at least got from synology to nginx. The “bad gateway” message from nginx is what it says when it can’t contact the thing it is supposed to be forwarding to.