Help with traefik v2 labels?

Docker
#1

Is there anyone that successfully got seafile working with traefik proxy in docker ? I can access seafile remotely when using labels but I can not upload anything or view anything in the label.

Below are the labels I used, any help would be great. this will be the first time I tried to get traefik to work that involves more than one port

  • traefik.enable=true

  • traefik.http.routers.seafile.rule=Host(seafile.example.com)

  • traefik.http.services.seafile.loadbalancer.server.port=8000

  • traefik.http.routers.seafile.service=seafile

on upload/download, a request to https://seafile.example.com/seafhttp/files/xxx/xxx.xx is attempted

this needs to turn in to http://:8082:/files/xxx/xxx/xx

  • traefik.http.routers.seafhttp.rule=Host(seafile.example.com) && PathPrefix(/seafhttp)

  • traefik.http.services.seafhttp.loadbalancer.server.port=8082

  • traefik.http.routers.seafhttp.service=seafhttp

  • traefik.http.middlewares.sf-replacepath.replacepathregex.regex=^/seafhttp/(.*)

  • traefik.http.middlewares.sf-replacepath.replacepathregex.replacement=/$$1

  • traefik.http.routers.seafhttp.middlewares=sf-replacepath

the above worked with port 80.

#added the below to use HTTPS

to tell traefik to try get a letsencrypt cert for your domain

traefik.http.routers.seafile.tls.certresolver=letsencrypt

#[1]If you want to redirect port 80 to 443 when connecting to this domain on port 80

traefik.http.middlewares.https-redirect.redirectscheme.scheme=https

traefik.http.routers.https-redirect.entrypoints=web

traefik.http.routers.https-redirect.middlewares=https-redirect

traefik.http.routers.https-redirect.rule=Host(seafile.example.com)

#2

Yes, the following traefik v2 works.

Make sure you have an https entrypoint setup and working first (use a whoami container to test). I also completely disabled and removed nginx in the Seafile container, it is not needed.

The following docker-compose is compatible with Seafile 7 or 8 and will proxy:

  • Seafile (TCP/8000)
  • Seafhttp (TCP/8082)
  • SeafDav (TCP/8080)
  seafile:
    image: seafile:local
    volumes:
      - ${VOLDIR}/seafile-data:/shared
    environment:
      - DB_HOST=seafile-db
      - DB_ROOT_PASSWD=${SF_MYSQL_ROOTPWD}
      - TIME_ZONE=${TZ}
      - SEAFILE_ADMIN_EMAIL=${SF_ADMIN_EMAIL}
      - SEAFILE_ADMIN_PASSWORD=${SF_ADMIN_PWD}
      - SEAFILE_SERVER_LETSENCRYPT=false
      - SEAFILE_SERVER_HOSTNAME=${SF_FQDN}
      - SEAFILE_SERVICE_URL=https://${SF_FQDN}
      - SEAFILE_FILE_SERVER_ROOT=https://${SF_FQDN}/seafhttp
    depends_on:
      - seafile-db
      - seafile-memcached
    expose:
      - 8000
      - 8082
      - 8080
    networks:
      - seafile-internal
      - proxy-internal
    labels:
      - traefik.enable=true
      # HTTP Router Seafile
      - traefik.http.routers.seafile.rule=Host(`seafile.${DOMAINNAME}`)
      - traefik.http.routers.seafile.entrypoints=https
      - traefik.http.routers.seafile.tls=true
      - traefik.http.routers.seafile-http.middlewares=sec-headers
      - traefik.http.routers.seafile.service=seafile
      - traefik.http.services.seafile.loadbalancer.server.port=8000
      # HTTP Router Seafdav
      - traefik.http.routers.seafile-dav.rule=Host(`seafile.${DOMAINNAME}`) && PathPrefix(`/seafdav`)
      - traefik.http.routers.seafile-dav.entrypoints=https
      - traefik.http.routers.seafile-dav.tls=true
      - traefik.http.routers.seafile-dav.service=seafile-dav
      - traefik.http.services.seafile-dav.loadbalancer.server.port=8080
      # HTTP Router Seafhttp
      - traefik.http.routers.seafile-http.rule=Host(`seafile.${DOMAINNAME}`) && PathPrefix(`/seafhttp`)
      - traefik.http.routers.seafile-http.entrypoints=https
      - traefik.http.routers.seafile-http.tls=true
      - traefik.http.routers.seafile-http.middlewares=seafile-strip
      - traefik.http.routers.seafile-http.service=seafile-http
      - traefik.http.services.seafile-http.loadbalancer.server.port=8082
      # Middlewares 
      - traefik.http.middlewares.seafile-strip.stripprefix.prefixes=/seafhttp
      - traefik.http.middlewares.sec-headers.headers.framedeny=true
      - traefik.http.middlewares.sec-headers.headers.sslredirect=true
      - traefik.http.middlewares.sec-headers.headers.browserXssFilter=true
      - traefik.http.middlewares.sec-headers.headers.contentTypeNosniff=true
      - traefik.http.middlewares.sec-headers.headers.forceSTSHeader=true
      - traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.sec-headers.headers.stsPreload=true
      - traefik.http.middlewares.sec-headers.headers.referrerPolicy=same-origin
      # Network
      - traefik.docker.network=traefik_proxy-internal


networks:
  proxy-external:
  proxy-internal:
    #internal: true # commented out if containers need non-proxied outbound Internet access
  seafile-internal:
    internal: true
1 Like
#3

How would I use the syntax for here

(seafile.${DOMAINNAME})

would it be

(seafile.domain.name)

or

exactly like you had it

(seafile.${DOMAIN.NAME})

#4

This ${DOMAINNAME} refers to an environment variable.

You can either
a) change to a domain name literal seafile.yourdomain.com as you have described
b) define the environment variable ${DOMAINNAME} in your .env file (should be in the same directory as your docker-compose.yml) as follows:

$ echo "DOMAINNAME=yourdomain.com" >> .env

Here is the docker compose reference Variable Substitution

#5

I had to make the following changes to make it work
since I am using UNRAID docker, I can’t set variables. I had to set it such as - ( seafile.domain.name ) and that worked fine

Then I had to change the lines to say websecure vs HTTPS

Once I added these below lines. I can get the login page to load and I can sign in, but I can’t upload anything or view files like PDFs in the browser correctly. I am not the best of getting traefik rules to work. I copied some rules from other container that worked for me. Below is the delta’s I added

  - traefik.http.routers.seafile.tls.certresolver=letsencrypt
  - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
  - traefik.http.routers.https-redirect.entrypoints=web
  - traefik.http.routers.https-redirect.middlewares=https-redirect
  - traefik.http.routers.https-redirect.rule=Host(`seafile.somedomain.tech`)

Here is everything I added

 - traefik.enable=true

  # HTTP Router Seafile
  - traefik.http.routers.seafile.rule=Host(`seafile.somedomain.tech`)
  - traefik.http.routers.seafile.entrypoints=websecure
  - traefik.http.routers.seafile.tls=true
  - traefik.http.routers.seafile-http.middlewares=sec-headers
  - traefik.http.routers.seafile.service=seafile
  - traefik.http.services.seafile.loadbalancer.server.port=8000
  # HTTP Router Seafdav
  - traefik.http.routers.seafile-dav.rule=Host(`seafile.somedomain.tech`)&&PathPrefix(`/seafdav`)
  - traefik.http.routers.seafile-dav.entrypoints=websecure
  - traefik.http.routers.seafile-dav.tls=true
  - traefik.http.routers.seafile-dav.service=seafile-dav
  - traefik.http.services.seafile-dav.loadbalancer.server.port=8080
  # HTTP Router Seafhttp
  - traefik.http.routers.seafile-http.rule=Host(`seafile.somedomain.tech`)&&PathPrefix(`/seafhttp`)
  - traefik.http.routers.seafile-http.entrypoints=websecure
  - traefik.http.routers.seafile-http.tls=true
  - traefik.http.routers.seafile-http.middlewares=seafile-strip
  - traefik.http.routers.seafile-http.service=seafile-http
  - traefik.http.services.seafile-http.loadbalancer.server.port=8082
  # Middlewares
  - traefik.http.middlewares.seafile-strip.stripprefix.prefixes=/seafhttp
  - traefik.http.middlewares.sec-headers.headers.framedeny=true
  - traefik.http.middlewares.sec-headers.headers.sslredirect=true
  - traefik.http.middlewares.sec-headers.headers.browserXssFilter=true
  - traefik.http.middlewares.sec-headers.headers.contentTypeNosniff=true
  - traefik.http.middlewares.sec-headers.headers.forceSTSHeader=true
  - traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains=true
  - traefik.http.middlewares.sec-headers.headers.stsPreload=true
  - traefik.http.middlewares.sec-headers.headers.referrerPolicy=same-origin
# Things I added
   - traefik.http.routers.seafile.tls.certresolver=letsencrypt
   - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
   - traefik.http.routers.https-redirect.entrypoints=web
   - traefik.http.routers.https-redirect.middlewares=https-redirect
   - traefik.http.routers.https-redirect.rule=Host(`seafile.somedomain.tech`)
#6

ok, now its fully working with the config I pasted up above.

Once I went into the sysadmin settings and updated the below, everything is worked as its suppose to !

SERVICE_URL - https://seafile.somedomain.tech:8000
and
FILE_SERVER_ROOT - https://seafile.somedomain.tech/seafhttp

I can’t thank you enough for posting the config and getting me the rest of the way there!

1 Like
#7

great contribution! Thanks

#8

Dear,

image: seafile:local

this image (Seafile without an internal nginx) is no longer available. Is there an alternative available?

I do not like the complexity of Firewall → NGINX (Central) → NGINX (Seafile) → Seafile Docker.

Thanks, -MN

#9

You can handle your own direction from your central NGINX instance, I do this with Traefik and it works as expected.