I am trying for hours now to get a fresh 12 CE running in docker with https a custom port and a custom certificate.
With the following configuration http mydomain com 1222 is reachable but https mydomain com 1222 gives an certificate error. Why is http still reachable?
seafile:
ports:
- "1222:80"
volumes:
- ${SEAFILE_VOLUME:-/opt/seafile/seafile-data}:/shared
- "/opt/seafile/seafile-caddy/certs/cert.pem:/usr/local/share/ca-certificates/cert.crt"
labels:
caddy: ${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} # leave this variables only
caddy.reverse_proxy: "{{upstreams 80}}"
caddy.tls: "/data/caddy/certs/cert.pem /data/caddy/certs/key.pem"
seafile-caddy | {"level":"warn","ts":1748636480.7576115,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
seafile-caddy | {"level":"warn","ts":1748636480.758721,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
seafile.nginx.conf
server {
listen 80;
server_name mydomain.com:1222;
In a normal setup, you don’t talk to seafile directly, you talk to the reverse proxy, and that forwards on to the seafile server. When using TLS (SSL), it is the reverse proxy that manages the certificates and encryption, so the connection from the reverse proxy to seafile is without encryption.
A normal setup would look like this:
browser <--https--> caddy <--http--> seafile server
But your setup looks like this:
caddy <--http--> Seafile Server
browser <---------- http ----------------^
In your configuration you are using caddy as your reverse proxy, and have configured it to listen for http on port 1223, and https on 1224, and you also have seafile configured to listen on port 1222. The only port you need accessible externally is that https port from caddy, which you currently have configured as 1224. You can comment out the rest of those ports. You will also want to change the ports in seahub_settings.py to 1224.
Thank you so much. I got the webinterface working now! Port is 1222. But i can not upload files. I get a network error and no other message.
In the browser i get the following error when i try to upload. The Port 1222 is missing! But where do i need tro enter it?
Access to XMLHttpRequest at 'https://mydomain.com/seafhttp/upload-aj/63ed4ccb-b47a-4c59-a788-6a0b27d17e72?ret-json=1' from origin 'https://mydomain.com:1222' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
volumes:
# ports:
# - "80:80"
labels:
caddy: ${SEAFILE_SERVER_PROTOCOL:-https}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
caddy.0_reverse_proxy: "@ws {{upstreams 80}}"
seafile-server.yml
seafile:
# ports:
# - "80:80"
environment:
- SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-https}
- SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-https}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
- FORCE_HTTPS_IN_CONF=true
- SEAFILE_SERVER_LETSENCRYPT=false
labels:
#caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
caddy: ${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} # leave this variables only
caddy.reverse_proxy: "{{upstreams 80}}"
caddy.tls: "/data/caddy/certs/cert.pem /data/caddy/certs/key.pem"
That was the first thing i tried. But when i add the port to SEAFILE_SERVER_HOSTNAME in .env i cannot connect to the webinterface anymore: ERR_CONNECTION_REFUSED
That’s strange. I am not sure why it would do that. I would check the logs from caddy and see if you can determine if the connection attempt from your browser is making it to caddy, and if so why it is being refused.
Unfortunately I’ve never used caddy so I don’t think I can be much help, but I am willing to try if you post your results here.