I installed an instance of Seafile on Docker today and was unable to get letsencrypt working. Port 80 and 443 were open to the public internet, my compose file was correct and I was able to verify seafile being fully functional on port 80.
When I tried to enable letsencrypt I was met with this in the logs:
This confused the hell out of me! I finally started watching the NAT translations on my router to see what was occuring. I noticed when starting the container an IP of 172.65.32.248 coming up. I checked the IP to find it was cloudflare managed and therefore appeared that the letsencrypt validation was coming from within cloudflare - no problem there.
I then realised I have DNS hosting WITH cloudflare also! I had it setup with DNS only not Proxied. I changed it to proxied, waited for propogation and then Seafile was able to get an SSL cert fine.
I’m guessing something in cloudflare messes up if you happen to have DNS only configured for a host record and happen to receive a connection for validation of letsencrypt from them. Changing to proxied so your behind Cloudflares WAF seems to resolve it.
HTH someone else so they dont spend hours trying to figure it out - or worse, see it as a bug in seafile.
Actually I’m wrong. Seafile isn’t listening on 443 for some reason. The reason proxying via cloudflared worked is because they handle SSL > Port 80 for you. It doesn’t work on the LAN. I’ll blow it all away and try again.
this is what was in seafile.nginx.conf. I’m not very familiar with nginx but looks like it needs a section for port 443? Does this mean seafile doesn’t update the conf correctly if an error is returned or if you want to enable SSL later?
This is a BAD idea. Your data is being sent unencrypted from your server to Cloudflare. Even if it would be encrypted Cloudflare is man in the middle and can see all your traffic in cleartext.
In that case just use Dropbox or something like that.
Thank you so much, I had the same issue with the docker container, I disabled SSL at first to setup more easily, and then when I tried to re-enable it, the 443 port was inaccessible. As you pointed out, the nginx config file is only autogenerated at the first run, so it’s necessary to either reinitialize the docker image as you did or copy the missing part of the config (I used your snippet and did a diff, for others: make sure to replace the 3 instances of seafile dot example dot com by your real domain).
HI Irq3000. I am having a similar issue and I was wondering if you have a template of the Ngnix conf file that I can use? I tried different snippets of code and I still cannot get my seafile docker to work on a https connection (works fine using just HTTP and reverse proxy with appache). I have an apache server in my system, and the docker seafile (with Nginx in it).