Is there anyone that successfully got seafile working with traefik proxy in docker ? I can access seafile remotely when using labels but I can not upload anything or view anything in the label.
Below are the labels I used, any help would be great. this will be the first time I tried to get traefik to work that involves more than one port
traefik.enable=true
traefik.http.routers.seafile.rule=Host(seafile.example.com
)
traefik.http.services.seafile.loadbalancer.server.port=8000
traefik.http.routers.seafile.service=seafile
this needs to turn in to http://:8082:/files/xxx/xxx/xx
traefik.http.routers.seafhttp.rule=Host(seafile.example.com
) && PathPrefix(/seafhttp
)
traefik.http.services.seafhttp.loadbalancer.server.port=8082
traefik.http.routers.seafhttp.service=seafhttp
traefik.http.middlewares.sf-replacepath.replacepathregex.regex=^/seafhttp/(.*)
traefik.http.middlewares.sf-replacepath.replacepathregex.replacement=/$$1
traefik.http.routers.seafhttp.middlewares=sf-replacepath
the above worked with port 80.
#added the below to use HTTPS
to tell traefik to try get a letsencrypt cert for your domain
traefik.http.routers.seafile.tls.certresolver=letsencrypt
#[1]If you want to redirect port 80 to 443 when connecting to this domain on port 80
traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
traefik.http.routers.https-redirect.entrypoints=web
traefik.http.routers.https-redirect.middlewares=https-redirect
traefik.http.routers.https-redirect.rule=Host(seafile.example.com
)
hobbsAU
February 19, 2021, 6:58am
2
Yes, the following traefik v2 works.
Make sure you have an https entrypoint setup and working first (use a whoami container to test). I also completely disabled and removed nginx in the Seafile container, it is not needed.
The following docker-compose is compatible with Seafile 7 or 8 and will proxy:
Seafile (TCP/8000)
Seafhttp (TCP/8082)
SeafDav (TCP/8080)
seafile:
image: seafile:local
volumes:
- ${VOLDIR}/seafile-data:/shared
environment:
- DB_HOST=seafile-db
- DB_ROOT_PASSWD=${SF_MYSQL_ROOTPWD}
- TIME_ZONE=${TZ}
- SEAFILE_ADMIN_EMAIL=${SF_ADMIN_EMAIL}
- SEAFILE_ADMIN_PASSWORD=${SF_ADMIN_PWD}
- SEAFILE_SERVER_LETSENCRYPT=false
- SEAFILE_SERVER_HOSTNAME=${SF_FQDN}
- SEAFILE_SERVICE_URL=https://${SF_FQDN}
- SEAFILE_FILE_SERVER_ROOT=https://${SF_FQDN}/seafhttp
depends_on:
- seafile-db
- seafile-memcached
expose:
- 8000
- 8082
- 8080
networks:
- seafile-internal
- proxy-internal
labels:
- traefik.enable=true
# HTTP Router Seafile
- traefik.http.routers.seafile.rule=Host(`seafile.${DOMAINNAME}`)
- traefik.http.routers.seafile.entrypoints=https
- traefik.http.routers.seafile.tls=true
- traefik.http.routers.seafile-http.middlewares=sec-headers
- traefik.http.routers.seafile.service=seafile
- traefik.http.services.seafile.loadbalancer.server.port=8000
# HTTP Router Seafdav
- traefik.http.routers.seafile-dav.rule=Host(`seafile.${DOMAINNAME}`) && PathPrefix(`/seafdav`)
- traefik.http.routers.seafile-dav.entrypoints=https
- traefik.http.routers.seafile-dav.tls=true
- traefik.http.routers.seafile-dav.service=seafile-dav
- traefik.http.services.seafile-dav.loadbalancer.server.port=8080
# HTTP Router Seafhttp
- traefik.http.routers.seafile-http.rule=Host(`seafile.${DOMAINNAME}`) && PathPrefix(`/seafhttp`)
- traefik.http.routers.seafile-http.entrypoints=https
- traefik.http.routers.seafile-http.tls=true
- traefik.http.routers.seafile-http.middlewares=seafile-strip
- traefik.http.routers.seafile-http.service=seafile-http
- traefik.http.services.seafile-http.loadbalancer.server.port=8082
# Middlewares
- traefik.http.middlewares.seafile-strip.stripprefix.prefixes=/seafhttp
- traefik.http.middlewares.sec-headers.headers.framedeny=true
- traefik.http.middlewares.sec-headers.headers.sslredirect=true
- traefik.http.middlewares.sec-headers.headers.browserXssFilter=true
- traefik.http.middlewares.sec-headers.headers.contentTypeNosniff=true
- traefik.http.middlewares.sec-headers.headers.forceSTSHeader=true
- traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.sec-headers.headers.stsPreload=true
- traefik.http.middlewares.sec-headers.headers.referrerPolicy=same-origin
# Network
- traefik.docker.network=traefik_proxy-internal
networks:
proxy-external:
proxy-internal:
#internal: true # commented out if containers need non-proxied outbound Internet access
seafile-internal:
internal: true
1 Like
hobbsAU:
HTTP Router Seafile - traefik.http.routers.seafile.rule=Host(seafile.${DOMAINNAME}
) - traefik.http.routers.seafile.entrypoints=https - traefik.http.routers.seafile.tls=true - traefik.http.routers.seafile-http.middlewares=sec-headers - traefik.http.routers.seafile.service=seafile - traefik.http.services.seafile.loadbalancer.server.port=8000 # HTTP Router Seafdav - traefik.http.routers.seafile-dav.rule=Host(seafile.${DOMAINNAME}
) && PathPrefix(/seafdav
) - traefik.http.routers.seafile-dav.entrypoints=https - traefik.http.routers.seafile-dav.tls=true - traefik.http.routers.seafile-dav.service=seafile-dav - traefik.http.services.seafile-dav.loadbalancer.server.port=8080 # HTTP Router Seafhttp - traefik.http.routers.seafile-http.rule=Host(seafile.${DOMAINNAME}
) && PathPrefix(/seafhttp
) - traefik.http.routers.seafile-http.entrypoints=https - traefik.http.routers.seafile-http.tls=true - traefik.http.routers.seafile-http.middlewares=seafile-strip - traefik.http.routers.seafile-http.service=seafile-http - traefik.http.services.seafile-http.loadbalancer.server.port=8082 # Middlewares - traefik.http.middlewares.seafile-strip.stripprefix.prefixes=/seafhttp - traefik.http.middlewares.sec-headers.headers.framedeny=true - traefik.http.middlewares.sec-headers.headers.sslredirect=true - traefik.http.middlewares.sec-headers.headers.browserXssFilter=true - traefik.http.middlewares.sec-headers.headers.contentTypeNosniff=true - traefik.http.middlewares.sec-headers.headers.forceSTSHeader=true - traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains=true - traefik.http.middlewares.sec-headers.headers.stsPreload=true - traefik.http.middlewares.sec-headers.headers.referrerPolicy=same-origin
How would I use the syntax for here
(seafile.${DOMAINNAME}
)
would it be
(seafile.domain.name
)
or
exactly like you had it
(seafile.${DOMAIN.NAME}
)
This ${DOMAINNAME}
refers to an environment variable.
You can either
a) change to a domain name literal seafile.yourdomain.com
as you have described
b) define the environment variable ${DOMAINNAME}
in your .env file (should be in the same directory as your docker-compose.yml) as follows:
$ echo "DOMAINNAME=yourdomain.com" >> .env
Here is the docker compose reference Variable Substitution
I had to make the following changes to make it work
since I am using UNRAID docker, I can’t set variables. I had to set it such as - ( seafile.domain.name
) and that worked fine
Then I had to change the lines to say websecure vs HTTPS
Once I added these below lines. I can get the login page to load and I can sign in, but I can’t upload anything or view files like PDFs in the browser correctly. I am not the best of getting traefik rules to work. I copied some rules from other container that worked for me. Below is the delta’s I added
- traefik.http.routers.seafile.tls.certresolver=letsencrypt
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.routers.https-redirect.entrypoints=web
- traefik.http.routers.https-redirect.middlewares=https-redirect
- traefik.http.routers.https-redirect.rule=Host(`seafile.somedomain.tech`)
Here is everything I added
- traefik.enable=true
# HTTP Router Seafile
- traefik.http.routers.seafile.rule=Host(`seafile.somedomain.tech`)
- traefik.http.routers.seafile.entrypoints=websecure
- traefik.http.routers.seafile.tls=true
- traefik.http.routers.seafile-http.middlewares=sec-headers
- traefik.http.routers.seafile.service=seafile
- traefik.http.services.seafile.loadbalancer.server.port=8000
# HTTP Router Seafdav
- traefik.http.routers.seafile-dav.rule=Host(`seafile.somedomain.tech`)&&PathPrefix(`/seafdav`)
- traefik.http.routers.seafile-dav.entrypoints=websecure
- traefik.http.routers.seafile-dav.tls=true
- traefik.http.routers.seafile-dav.service=seafile-dav
- traefik.http.services.seafile-dav.loadbalancer.server.port=8080
# HTTP Router Seafhttp
- traefik.http.routers.seafile-http.rule=Host(`seafile.somedomain.tech`)&&PathPrefix(`/seafhttp`)
- traefik.http.routers.seafile-http.entrypoints=websecure
- traefik.http.routers.seafile-http.tls=true
- traefik.http.routers.seafile-http.middlewares=seafile-strip
- traefik.http.routers.seafile-http.service=seafile-http
- traefik.http.services.seafile-http.loadbalancer.server.port=8082
# Middlewares
- traefik.http.middlewares.seafile-strip.stripprefix.prefixes=/seafhttp
- traefik.http.middlewares.sec-headers.headers.framedeny=true
- traefik.http.middlewares.sec-headers.headers.sslredirect=true
- traefik.http.middlewares.sec-headers.headers.browserXssFilter=true
- traefik.http.middlewares.sec-headers.headers.contentTypeNosniff=true
- traefik.http.middlewares.sec-headers.headers.forceSTSHeader=true
- traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.sec-headers.headers.stsPreload=true
- traefik.http.middlewares.sec-headers.headers.referrerPolicy=same-origin
# Things I added
- traefik.http.routers.seafile.tls.certresolver=letsencrypt
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.routers.https-redirect.entrypoints=web
- traefik.http.routers.https-redirect.middlewares=https-redirect
- traefik.http.routers.https-redirect.rule=Host(`seafile.somedomain.tech`)
ok, now its fully working with the config I pasted up above.
Once I went into the sysadmin settings and updated the below, everything is worked as its suppose to !
SERVICE_URL - https://seafile.somedomain.tech:8000
and
FILE_SERVER_ROOT - https://seafile.somedomain.tech/seafhttp
I can’t thank you enough for posting the config and getting me the rest of the way there!
1 Like
great contribution! Thanks
Dear,
image: seafile:local
this image (Seafile without an internal nginx) is no longer available. Is there an alternative available?
I do not like the complexity of Firewall → NGINX (Central) → NGINX (Seafile) → Seafile Docker.
Thanks, -MN
You can handle your own direction from your central NGINX instance, I do this with Traefik and it works as expected.