Locations /seafhttp /seafdav /media giving errors

kenjibailly · January 23, 2023, 10:11pm

So I’ve installed using the recommended yaml (can’t link it).

I found out that there’s already a built in proxy using nginx forwarded to port 80.
That works all fine, the problem is that /seafhttp , /seafdav and /media aren’t working.
So they should be proxied by the built in proxy to port 80.
So if for example 192.168.0.2:8020 gives the dashboard (port 8000), 192.168.0.2:8020/seafhttp should give the page of port 8082.
Unfortunately this doesn’t work as already mentioned.

/seafhttp gives 500 Internal Server Error
/seafdav gives 502 Bad Gateway
/media gives 403 Forbidden (might be correct)

My docker-compose.yml:

seafile-db:
    image: mariadb:10.5
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /media/sata/seafile/mysql:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - swag

  memcached:
    image: memcached:1.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - swag

         
  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    ports:
      - "8020:80"
#     - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /media/sata/seafile/data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=seafile-db
      - DB_ROOT_PASSWD=  # Requested, the value shuold be root's password of MySQL service.
      - TIME_ZONE=Etc/UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL= # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=seafile.mydomain.com# Specifies your host name if https is enabled.
    depends_on:
      - seafile-db
      - memcached
    networks:
      - swag

This is the auto generated seafile.nginx.conf

# -*- mode: nginx -*-
# Auto generated at 01/24/2023 17:43:23
server {
listen 80;
server_name seafile.mydomain.com;

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    # For letsencrypt
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }
}

I’d like to be able to proxy this to my domain for the upload and download (FILE_SERVER_ROOT). But the locations aren’t working in the first place, which leaves me wondered how I can fix this.

Any help would be appreciated.

Morgennebel · January 30, 2023, 7:33am

Just use port 80 and use all the end points like /seafhttp /seafdav as needed as configured by default.
No need to proxy yourself and tweak configurations.

You can put another proxy like nginx-proxy-manager in front of the proxy, then forward everything to port 80.

Do not overcomplicate.

Ciao, -MN

kenjibailly · February 10, 2023, 12:43am

I didn’t overcomplicate. I’m explaining that all of these end points aren’t working on port 80 out of the box.
I do however understand the structure and explained that.
Why it’s not working? I have no clue, that’s why I’m here.

Morgennebel · February 10, 2023, 10:21am

All locations like /seafhttp, /, /seafdav etc. are working straight out of the box on port 80 only using HTTP.

I put a second nginx proxy in front of that.

kenjibailly · February 11, 2023, 11:14pm

Even without adding the second nginx proxy it does not work for me.
It might work for you, but it doesn’t for me… That’s what I’m trying to explain here.

Dario_Pellegrini · March 5, 2023, 3:29pm

I am observing exactly the same behavior, but are you even supposed to reach those locations via browser?

Tronde · March 26, 2023, 5:53pm

Upload via web interface, seafile-client and Android app not possible; Sync via seafile-client works as expected.

Hello everyone,
I seem to face the same or at least a very similiar issue as @kenjibailly.

My Setup

I’m running the Seafile Pro Edition (Server Version: 9.0.14) as Container on a Debian host. Host port 8002 is mapped to container port 80 (-p 127.0.0.1:8002:80).
NGINX is used as a reverse proxy with the following configuration (my domain is replaced with example.com):

## BEGIN CONFIGURATION ##############################################
server {
        listen 80;
        listen [::]:80;
        server_name seafile.example.com;
        root /var/www/seafile.example.com/public;
        index index.html;
        # Path to the logfiles
        access_log /var/www/logs/seafile.example.com_access.log combined;
        error_log /var/www/logs/seafile.example.com_error.log error;
        #return 301 https://$server_name$request_uri;
        location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/seafile.example.com/public;
        }
        location = /.well-known/acme-challenge/ {
        return 404;
        }
}

server {
    # Listen on Port 443
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name seafile.example.com; 
    client_max_body_size 0;
#    add_header Strict-Transport-Security max-age=31536000;

    ssl_certificate …/file.cer;
    ssl_certificate_key …/file.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers …
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dh_params.pem;

    # Path to the root of your installation
    root /var/www/seafile.example.com/public;

    # Path to the logfiles
    access_log /var/www/logs/seafile.example.com_access.log combined;
    error_log /var/www/logs/seafile.example.com_error.log error;

        location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/seafile.example.com/public;
        }
        location = /.well-known/acme-challenge/ {
        return 404;
        }

        proxy_set_header X-Real-IP $remote_addr;
        location / {
        client_max_body_size 0;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:8002;
        }
}
# END CONFIGURATION ##############################################

Actual behavior

I can access the web interface at https://seafile.example.com, login, create libraries, edit my profile and change settings. I successfully sync a local folder from my laptop with an encrypted library on my server.

But when I try to upload a file via web interface, the seafile-client on my laptop or the android app I got a network error. The seafile.example.com_access.log on the server shows:

203.0.113.9 - - [26/Mar/2023:12:46:46 +0200] "POST /seafhttp/upload-api/00000000-1111-2222-3333-444444444444 HTTP/1.1" 404 125 "-" "okhttp/3.9.1"
203.0.113.9 - - [26/Mar/2023:16:00:41 +0200] "GET /seafhttp/repo/55555555-333-4444-8888-999999999999/jwt-token HTTP/2.0" 404 0 "-" "Seafile/8.0.10 (Linux)"
203.0.113.9 - - [26/Mar/2023:16:33:15 +0200] "POST /seafhttp/upload-api/000000000-aaaa-4444-8888-222222222222 HTTP/1.1" 404 125 "-" "Mozilla/5.0"

Conlusion

It seems that the endpoint seafhttp is not reachable using the current reverse proxy configuration. But as I understand it, it should just work this way.

Does someone spot a mistake I made in the configuration or has a solution for this problem?

Looking forward reading your answers soon.

Best,
Tronde

Tronde · June 20, 2023, 9:01am

Hello Community,
Please excuse me for bumping this up. The issue described in my previous post still exists and I don’t know what to do about it.

Any suggestions would be much appreciated.

Regards,
Tronde

Barolo · June 20, 2023, 11:56am

Hi, what’s the content of your seahub_settings.py ?