I’m currently running seafile server version: 13.0.18 under docker with a compose file as recommended in the docu. Basically unmodified, so Caddy is the reverse proxy. Let’s Encrypt takes care of the certificates, https works.
Now I’m wondering how to deploy other services (say sftpgo or papra) on the same docker. As far as I understand other services would use the same certificate and would probably need to use the same reverse proxy.
Can anyone point me to a starting point where to find documentation? Or give me any hint, what to to or avoid. Of course I’m not asking for a complete How-To, but any help would be appreciated.
These are the high-level steps I would go through to add another service.
- Move seafile to a subdomain if it isn’t already. Assuming you bought a domain name like example.net, you would want to reconfigure seafile so that it is files.example.net, or seafile.example.net or whatever name you want. Later your reverse proxy will use the subdomain to identify which service to forward connections to.
- Replace caddy. You need a reverse proxy that you can configure yourself. That could be a caddy you write the configs for, or nginx or probably a lot of other options. I chose nginx because there’s lots of documentation out there on using it with lots of other services. This can be in a docker, but I hate docker and have found it much MUCH easier to configure things like this in their own VMs whenever possible. Whatever works for you, set up a different reverse proxy, and configure it to forward your subdomain to seafile. Some info on that here HTTPS with Nginx - Seafile Admin Manual
- Get a certificate from letsencrypt for your new reverse proxy. You probably want to do the extra effort to get a wildcard certificate (one that is valid for all subdomains of your domain, like *.example.net). This can be harder to set up because only some of the ways you verify with letsencrypt can be used for wildcard certificates, and they tend to be the harder ones to set up. It is possible to just get a cerificate that covers several subdomains, but that means a lot of extra work every time you add one, so I think the effort to get a wildcard cert is worth it.
- So at this point you should have seafile working with the new reverse proxy. Now you can add another service on a new subdomain pretty easily. The new service can be another docker container (it won’t run in the same containers as seafile, it should have its own), or a VM, or even on other hardware, anywhere that works for that service and can be reached from your reverse proxy.
So once you have another service set up, you add configuration to your reverse proxy to forward another subdomain to it. Other than the reverse proxy talking to both, usually you want to keep your services separated so they can’t interfere with each other.
Thanks will try to follow that path. When started to add services, I was thinking about separating by port number only not subdomains. Perhaps that was a mistake.
That can work for some things, but there’s a lot of things that don’t work right on non-standard port numbers. For example some parts of seafile will fail to work if you aren’t using them on 443 (or 80 if you aren’t doing https).