Issue with seafile pro ssl and nginx on version 8 to 9 docker upgrade

Johan_Bosman · December 21, 2022, 2:35pm

I gradually upgraded our Pro version from 6.3 to 8.0.22, it worked fine,
Then on the last upgrade from 8 to the latest 9 version I followed the steps to
rename the SSL folder as well as rename the seafile.nginx.conf file. as stipulated
in the Upgrade for other versions in the manual at the bottom of this link : Upgrade for other versions - Seafile Admin Manual
I then proceed to bring docker-compose down
then when I start it, it creates a new ssl folder opt/seafile-data/ssl
but there is no new file under /opt/seafile-data/nginx/conf/

The instructions say to wait for the certificate to be applied then modify the new seafile.nginx.conf as you want, but no such file gets created.

If I open the log file with docker-compose logs -f I see the following -

seafile | nginx:
seafile-mysql | 2022-12-21 16:02:39 0 [Note] Reading of all Master_info entries succeeded
seafile | nginx version: nginx/1.18.0 (Ubuntu)
seafile-mysql | 2022-12-21 16:02:39 0 [Note] Added new Master_info ‘’ to hash table
seafile | built with OpenSSL 1.1.1f 31 Mar 2020
seafile-mysql | 2022-12-21 16:02:39 0 [Note] mysqld: ready for connections.
seafile | TLS SNI support enabled
seafile-mysql | Version: ‘10.5.18-MariaDB-1:10.5.18+maria~ubu2004’ socket: ‘/run/mysqld/mysqld.sock’ port: 3306 mariadb.org binary distribution
seafile | configure arguments: --with-cc-opt=’-g -O2 -fdebug-prefix-map=/build/nginx-7KvRN5/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2’ --with-ld-opt=’-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC’ --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
seafile | socat:
seafile | [2022-12-21 16:02:40] Preparing for letsencrypt …
seafile | [2022-12-21 16:02:40] Starting letsencrypt verification
seafile | Traceback (most recent call last):
seafile | File “/scripts/start.py”, line 86, in
seafile | main()
seafile | File “/scripts/start.py”, line 51, in main
seafile | init_letsencrypt()
seafile | File “/scripts/bootstrap.py”, line 83, in init_letsencrypt
seafile | call(’/scripts/ssl.sh {0} {1}’.format(ssl_dir, domain))
seafile | File “/scripts/utils.py”, line 70, in call
seafile | return subprocess.check_call(*a, **kw)
seafile | File “/usr/lib/python3.8/subprocess.py”, line 364, in check_call
seafile | raise CalledProcessError(retcode, cmd)
seafile | subprocess.CalledProcessError: Command ‘/scripts/ssl.sh /shared/ssl my.domain.net’ returned non-zero exit status 1.

Any assistance would be greatly appreciated.

Johan_Bosman · December 21, 2022, 3:14pm

Well, I restored the renamed ssl folder as well as the renamed seafile.nginx.conf file and then
docker-compose down
docker-compose up -d

and everything came back normal and working with version 9.0.13
So I don’t think the SSL steps on that link was needed, or I might get problems when the license expire, not sure have to see in 90 day’s.

Johan_Bosman · December 23, 2022, 11:04am

Daniel you marked my last answer as the solution, but its not a solution.

I installed seafile on a fresh server just now with the latest version with docker to use as a realtime backup.

The latest version did not create the seafile.nginx.conf file
also the ssl did not get created and Im getting the exact same error that I got in my original post about this.

On the new server I don’t have any fall back SSL to rely on so it seems the 9.0.13 image is not creating the ssl as it should?

I tried a copy of the seafile.nginx.conf from my primary server just updating the FQDN to those of the new server but its not working. also the SSL folder structure referenced in the seafile.nginx.conf folder is not the same.

Johan_Bosman · December 23, 2022, 11:18am

If I edit the paths in the seafile.nginx.conf file I get these errors:
seafile | nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /etc/nginx/sites-enabled/seafile.nginx.conf:19

I cannot find this nginx folder under /etc

Also this with that error :
seafile | nginx: [emerg] cannot load certificate “/shared/ssl/my.domain.net/my.domain.net.crt”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/shared/ssl/my.domain.net/my.domain.net.crt’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)

I don’t know why the SSL doesnt want to work with the new fresh install, this worries me as I will have the same issue on the production server as soon as the current license expire.

How can I fix this please ?

Edit: if I remove the seafile.nginx.conf file again and run the docker-compose up, I see this error :
seafile | nginx: [emerg] open() “/etc/nginx/sites-enabled/seafile.nginx.conf” failed (2: No such file or directory) in /etc/nginx/nginx.conf:26

dan1229 · June 10, 2023, 9:06pm

@Johan_Bosman did you ever figure this out? Running into similar on Windows + Docker

I know before I ran into this due to some HyperV issue however that doesn’t seem to be the case now. Updated to the most recent version of the seafile Docker image as well and still nothing.