"Network Error" when uploading files with reverse proxy (letsencrypt/nginx)

Hi
I have done a ton of troubleshooting and research and I can’t seem to find what the config error is in my server. I have an Unraid server with letsencrypt reverse proxy. I’ve tried dozens of different configurations and cannot get the upload portion to work. The web ui works fine locally and over the net, but any upload attempt results in a “Network Error”.

I have received a couple different types of errors from letsencrypt over the last couple days based on different configs.

Notes :

  • “[subdomain]” and “[domain]” are redacted aliases for my actual configs.
  • 192.168.1.60 is my local server ip.
  • 8000 and 8082 are the standard ports used for seafile http and seafhttp respectively

This error happened when I tried to upload locally

2020/01/20 02:20:02 [error] 390#390: *78 no host in upstream ":8082", client: 192.168.1.1, server: [subdomain].*, request: "OPTIONS /seafhttp/upload-aj/d0e416fb-f178-4660-9b21-9fcb09ef2c8e HTTP/2.0", host: "[subdomain].[domain].com", referrer: "https://[subdomain].[domain].com/"

This error happened when I tried to upload from a remote client (my phone over LTE)

2020/01/20 02:22:34 [error] 390#390: *702 no host in upstream ":8082", client: 172.58.43.25, server: [subdomain].*, request: "POST /seafhttp/upload-aj/e417c487-cd0d-4eb7-bd48-8d40de5627b0 HTTP/2.0", host: "[subdomain].[domain].com", referrer: "https://[subdomain].[domain].com/"

Not sure which config changes caused these errors

2020/01/20 04:05:22 [error] 390#390: *3451 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 139.59.136.64, server: _, request: "GET /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "73.97.4.181", referrer: "http://73.97.4.181/wp-login.php"
2020/01/21 00:05:30 [error] 393#393: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: [subdomain].[domain].com, request: "POST /seafhttp/upload-aj/6e5cce6e-2886-4953-94ff-821981aa85c1 HTTP/2.0", upstream: "http://192.168.1.60:8082/upload-aj/6e5cce6e-2886-4953-94ff-821981aa85c1", host: "[subdomain].[domain].com", referrer: "https://[subdomain].[domain].com/"
2020/01/21 00:15:35 [error] 392#392: *22 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: [subdomain].[domain].com, request: "OPTIONS /seafhttp/upload-aj/05967d27-4d06-4438-b56c-8fde04a61d10 HTTP/2.0", upstream: "http://192.168.1.60:8082/upload-aj/05967d27-4d06-4438-b56c-8fde04a61d10", host: "[subdomain].[domain].com", referrer: "https://[subdomain].[domain].com/"

Here are my configurations :

\letsencrypt\nginx\proxy-confs\seafile.subdomain.conf

server {
listen 80;
server_name  [subdomain].[domain].com;
rewrite ^ https://$http_host$request_uri? permanent;	# force redirect http to https
server_tokens off;
}

server {
listen 443 ssl;
server_name [subdomain].[domain].com;

root /config/www;
index index.html index.htm index.php;

###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

###Diffie–Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;

###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

###Extra Settings###
ssl_prefer_server_ciphers on;
###ssl_session_cache shared:SSL:10m;

    ### Add HTTP Strict Transport Security ###
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
#add_header Front-End-Https on;

client_max_body_size 0;

    location / {
            proxy_pass http://192.168.1.60:8000/;
    }

    location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://192.168.1.60:8082;
            client_max_body_size 0;

            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
            proxy_send_timeout  36000s;
            send_timeout  36000s;
            proxy_request_buffering off;
    }
}

ccnet.conf

[General]
USER_NAME = seafile
ID = 9ac1b919bb6235172d152697bb201606a0bfa84d
NAME = seafile
SERVICE_URL = https://[subdomain].[domain].com

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = [redacted]
DB = ccnet_db
CONNECTION_CHARSET = utf8


[Client]
UNIX_SOCKET = /opt/seafile/ccnet.sock

seafdav.conf

[WEBDAV]
enabled = false
port = 8080
fastcgi = false
share_name = /

seafile.conf

[fileserver]
port = 8082
host = 127.0.0.1

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = seafile
password = [redacted]
db_name = seafile_db
connection_charset = utf8

seahub_settings.py

# -*- coding: utf-8 -*-
SECRET_KEY = "[redacted]"

DATABASES = {
'default': {
    'ENGINE': 'django.db.backends.mysql',
    'NAME': 'seahub_db',
    'USER': 'seafile',
    'PASSWORD': '[redacted]',
    'HOST': '127.0.0.1',
    'PORT': '3306'
    }
}


CACHES = {
'default': {
    'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
    'LOCATION': '127.0.0.1:11211',
},
'locmem': {
    'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
}
COMPRESS_CACHE_BACKEND = 'locmem'
FILE_SERVER_ROOT = 'https://[subdomain].[domain].com/seafhttp'

The following are set in the GUI settings :

SERVICE_URL : https://[subdomain].[domain].com
FILE_SERVER_ROOT : https://[subdomain].[domain].com/seafhttp

I’m at my wits end. I can’t figure out what is going wrong. Thanks.

Is this right?

And why did you deviate from the “recipe” in the Seafile manual for the nginx.conf?

Meant to redact that as well