Reverse Proxy best approach with nginx

Seafile Server
1

Hello, everybody. I come from an old way installation without docker. Now I’m trying a brand new installation with docker.

My setup is:
internet - router - reverseproxyserver - seafileserver

I’m familiar with nginx. My approach usually would be to let the reverse proxy handle the SSL and push the certificate into the main server. Can this work with this docker installation or are there easier way to do this?

Thank you in advance

2

There is a document for using Nginx as reverse proxy: Use other reverse proxy - Seafile Admin Manual

1 Like
3

Thank you for your answer. I saw the documentation so I ended up disabling caddy, letting the reverse proxy handle ssl cert and then proxying all via http.
It worked! The desktop app is syncing.
Except for one thing: with the browser I’cannot upload nor download anything.
Maybe something is wrong.

this is how i configured my reverse proxy

server {
    listen            80;
    listen            [::]:80;
    server_name       my.server.ext;
    return 301 https://$server_name$request_uri;
}
server {
    listen            443 http2 ssl;
    listen            [::]:443 http2 ssl;
    server_name       my.server.ext;
    ssl_certificate        /etc/ssl/acme/seafile.crt;
    ssl_certificate_key    /etc/ssl/acme/seafile.key;
    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_connect_timeout 36000s;
    proxy_send_timeout 36000s;
    location / {
        proxy_pass          http://192.168.10.205;
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Host $server_name;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        proxy_http_version 1.1;
        client_max_body_size    0;
    }
    location /media {
        proxy_pass http://192.168.10.205;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://192.168.10.205:8082;
        client_max_body_size 0;
        proxy_connect_timeout 36000s;
        proxy_read_timeout 36000s;
        proxy_send_timeout 36000s;
        send_timeout 36000s;
        proxy_request_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

However, there can be something in seafile misconfigurated: when from the reverse proxy I

curl -I http://192.168.10.205:8082/seafhttp

I get a 404.

Can you please help me out on this?

4

TL;DR - Comment out the /seafhttp section (and maybe /media section too).

Your config looks to me like it would have worked with the older versions. Sending /seafhttp to one port (8082), and everything else to another port (80 in your case here) used to be normal. But with version 12, seafile builds a small nginx config into the docker container. It doesn’t do the SSL, but does do the splitting out the paths to go to different components, so you can just talk to it on port 80.

Another option you can try would be to bypass the nginx in the container. I had trouble with the built-in nginx, when trying to get OAUTH working and eventually just bypassed it. I still don’t really know if that was necessary to fix the problem. But if you want to go that route, you can change your nginx config to forward to 8000 instead of 80, and then modify the seafile-server.yml ports section to look like:

    ports:
      - "8000:8000"
      - "8082:8082"
2 Likes
5

OK so I commented out what you suggested.

digging into the problem with DevTools I found that the url generated when i physically click download contains a double slash, like this:

https://my.server.it/seafhttp/repos/LIBRARY-ID/files//file.txt/?op=download

How can I get rid of the dobule slash without touching things inside the container? And why does it happen?

6

I just tested and mine does the same. I never noticed it even though I have looked through the dev tools panel a lot while working out other problems. I think that must just be a bug in the code, but since the downloads still work fine, I don’t expect it to get fixed any time soon.

1 Like
7

ok that’s really wierd:

  • I’ve tried with firefox and it works.
  • I’ve tried with the android app (which if I recall is kind like a browser) and it works
  • the problem seems just with chrome. Can you please try @tomservo? if I click on the “download” icon, the download does not start. But if I copy the download link generated by that action and paste it the browser, the download starts!!
8

I also tried different proxys …

For me, the fastest was with traefik. I gave it up with nginx - too hard for me as a beginner.

9

I tried from chorme. I clicked the download icon, and in the dev tools panel it says the URL was (htt_ps://file.my-domain.com/seafhttp/repos/18404316-945a-4420-9ccf-51bd884a758c/files//test/atestfile.pdf/?op=download), and I got the dialog asking where I wanted to save the test pdf file (because I have configured it to ask instead of just immediately downloading).

I don’t use chrome much (mostly stick to firefox), so there might be an extension you have that I don’t (maybe an ad blocker?) that is interfering, so maybe try from incognito mode, or from a guest profile?

1 Like
10

Well, I tried disabling all the extension and still no luck.

I can’t find a stable “fix” browser side. It’s very strange this happens only to my installation and with chrome only.

BTW I can still live with this.

Thank you for your support @tomservo it was indeed helpful :beers: