Https not working: Docker installation as non root with non default ports on non default path with nginx proxy manager

On my server I installed via docker paperless-ngx, nginx proxy manager, watchtower (to update everything automatically) and try to install seafile. Everything was installed as non root. Because paperless-ngx and nginx proxy manager are using the ports of seafile, I had to make port-changes. I put all seafile files into /seafile. As non-root it also would not be possible to save to /opt.

mkdir ~/seafile && cat <<EOF > ~/seafile/docker-compose.yml
services:
  seafile-db:
    image: mariadb:10.11
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - ./seafile-mysql/seafile-db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6.18
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - '8280:80'
#      - '8443:443'  # If https is enabled, cancel the comment.
    volumes:
      - ./seafile-data:/shared   # Required, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=seafile-db
      - DB_ROOT_PASSWD=password  # Required, the value should be root's password of MySQL service.
      - TIME_ZONE=Europe/Zurich  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=test@gmail.com # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=secret     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=seafile.xxx.de # Specifies your host name if https is enabled.
#      - FORCE_HTTPS_IN_CONF=true
#      - NON_ROOT=true
    depends_on:
      - seafile-db #neu
      - memcached
    networks:
      - seafile-net

networks:
  seafile-net:
EOF

docker-compose -f ~/seafile/docker-compose.yml up -d
sudo chmod -R a+rwx seafile/seafile-data/seafile/
docker-compose -f ~/seafile/docker-compose.yml down
docker-compose -f ~/seafile/docker-compose.yml up -d

nginx proxy manager is
Forward Hostname / IP*
IP: xxx.xxx.xx.xxx

Forward Port *
8280

• Block Common Exploits and Websockets Support are activated
• ssl Certificate for my site is ok
• Force SSL and HTTP/2 Support are activated
  I have the certificates - there are green

I login and make a https://

• SERVICE_URL
• FILE_SERVER_ROOT

I can login via http:// xxx.xxx.xx.xxx:8280 (space after // for the posting, not in real)

I can not login via https nor upload files.

Where is the problem?

I think you better use rootless docker or rootless podman. Then inside the container namespace you are root but it is actually running as non-root.

Anyway, I don’t have a direct answer to your question.

It sounds like you’re facing some challenges with getting Seafile to work with HTTPS. I’ve successfully set up Seafile behind SWAG, and I think I might be able to help you with your configuration.

Could you please share your Nginx configuration from the “Nginx Proxy Manager”? This will help us understand how the requests are being forwarded and identify any potential issues.

Common problems with reverse proxies often include:

• Incompatible Headers: There might be a mismatch between the headers set by the reverse proxy and those expected by Seafile’s internal proxy. Ensuring that headers like X-Forwarded-For, X-Forwarded-Proto, and Host are correctly set can resolve many issues.

• Misconfiguration in seahub_settings.py: Double-check that SERVICE_URL and FILE_SERVER_ROOT are set to use HTTPS and match your domain configuration.

For posting links, you can write the link and format it as a code block using the editor, which will allow you to share it without any issues.

https://www.seafile.com/en/home/

Looking forward to your response so we can troubleshoot this together!

Thank you very much! I appreciate every answer a lot!!! In total I was working on seafile at least 20 hours, unfortunatly it is still not working in https. In my dispair I even tried Nextcloud but it has so many function which I never would need.

It was already set to https.

• Misconfiguration in seahub_settings.py: Double-check that SERVICE_URL and FILE_SERVER_ROOT are set to use HTTPS and match your domain configuration.

I found different command in the internet to put into ngninx proxy manager in tab into “advanced” - none worked for me. At the point of writting the below was inside “advanced”

location / {
    proxy_pass http://127.0.0.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
    proxy_set_header Origin 'https://seafile.myhomepage.de';
    client_max_body_size 0;
}

Could you give me the entire Nginx configuration of your proxy manager?

This is my file nano seafile/seafile-data/nginx/conf/seafile.nginx.conf

# -*- mode: nginx -*-
# Auto generated at 12/10/2024 13:10:32
server {
listen 80;
server_name seafile.mysite.de;

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $http_host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

}

I’m really trying to help you but you don’t help me help you I asked you to configure your NGINX PROXY MANAGER not the Nginx of Seafile

Sorry, seafile is very confusing concerning nginx: You have nginx proxy manager with the tab “advanced” which you can modify, then seafile/seafile-data/nginx/conf/seafile.nginx.conf and my file below is from

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;

#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

I have also a docker-compose

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '8080:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "password"
      DB_MYSQL_NAME: "npm"
      # Nutzen Sie kein IPv6, so entfernen Sie das '#'-Zeichen vor der nächsten Zeile
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'password2'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'password'
      MARIADB_AUTO_UPGRADE: '1'
    volumes:
      - ./mysql:/var/lib/mysql

I hope I sent you the correct files! I am trying my best. Thank you for your time for helping me!

If this kind of configuration works for your other containers I don’t understand how Nginx Proxy Manager works because I don’t see anything that redirects a port to a container I have to look at how it works

I am a totally beginner. But I thought the redirection is made with the gui of nginx proxy manager. For paperless-ngx it is working. I never made a configration in a config-file.
I used the docker-compose files for nginx and paperless-ngx and gui of nginx proxy manager.

Bildschirmfoto 2024-12-15 um 10.53.441309×497 40.8 KB

I was also a beginner, don’t get hung up on all the headers that NGINX must have to start with but just try to understand the basics of Nginx, the server, http and other sections and understand how Nginx Proxy Manager works to make redirects.

Is it not: Learning by doing?

I have still no clue where the mistake is.

The .yml file pasted at the top of this post still shows:
"

#      - '8443:443'  # If https is enabled, cancel the comment.

"
Have you cancelled the comment “#”?