New docker compose deployment not creating nginx https config

alexlist · October 20, 2024, 2:46pm

I don’t get the configuration of the SSL vhost in nginx based on the docker-compose.yaml from the docs.

Pretty much standard setup, with the exception that I’d like to reuse the existing letsencrypt certs present on the host.

Here’s my docker-compose.yaml:

services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=REDACTED  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /opt/seafile-mysql/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net
    restart: always

  memcached:
    image: memcached:1.6.18
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
    restart: always
          
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - "80:80"
      - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /opt/seafile-data:/shared   # Required, specifies the path to Seafile data persistent store.
      - /etc/letsencrypt/live/mail.example.com/fullchain.pem:/shared/ssl/mail.example.com.crt
      - /etc/letsencrypt/live/mail.example.com/privkey.pem:/shared/ssl/mail.example.com.key
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=REDACTED                  # Required, the value should be root's password of MySQL service.
      - TIME_ZONE=Europe/Vienna                  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=admin@example.com    # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=SECRET            # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false         # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=mail.example.com # Specifies your host name if https is enabled.
      - FORCE_HTTPS_IN_CONF=true
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net
    restart: always

networks:
  seafile-net:

Here’s the generated nginx config:

# -*- mode: nginx -*-
# Auto generated at 10/20/2024 14:09:14
server {
listen 80;
server_name mail.example.com;

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $http_host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

}```
I looked at the jinja2 template on the seafile-docker repo on github in /templates/seafile.nginx.conf.template

For some reason, bootstrap.py in /scripts isn'rendering a https enabled config file.

Also, regeneration of configs (without destroying data!) based on a changed docker-compose.yml would be nice.

RomainC · March 26, 2025, 8:08am

Hi Alexlist,

Did you try to set SEAFILE_SERVER_LETSENCRYPT to true ?

Or did you have any success with another method ?

Best regards,