I have a machine with various Docker containers. One of them is Seafile. Because I want to use port 443 for all containers, I cannot assign it to the Seafile container. But I don’t want to use any other port.
So I wanted to use NGINX as a reverse proxy for all my containers. Except for Seafile, I can configure this with all containers by using proxy_pass http://127.0.0.1:.
Unfortunately, it doesn’t work like this with Seafile.
The following ports are configured in the compose.yaml file:
“8001:8000” # media server
“8082:8082” # seafile server
“8083:8083” # notification server
With Apache, I can create a reverse proxy configuration that works by using the IP address of the machine. Why, I don’t understand. I get proxy errors when I use http://127.0.0.1 in the Apache reverse proxy configuration. It works with the machine IP address. Of course I had to adjust it accordingly in the gunicorn.conf.py file (127.0.0.1 → 0.0.0.0), but Seafile works with Apache as a reverse proxy this way.
But it doesn’t work with NGINX as a reverse proxy. Neither with 127.0.0.1, nor with the IP address of the machine. I always get the error 502. I don’t understand it.
Are you using NPM or just pure nginx? In either case, you can try the name of the container and make sure they are on the same Docker network. Let me know if this helps!
Using the container name unfortunately doesn’t work, but the IP address of the docker0 interface works. Thank you!
What is the reason that it works for other containers with the address 127.0.0.1, but for the Seafile container you have to use the IP address of the Docker interface?
In the Seafile configuration file gunicorn.conf.py I still have to change the binding from 127.0.0.1:8000 to 0.0.0.0:8000 for Seafile to work.
For most Docker containers, 127.0.0.1 works in the context of the host machine when mapped via proxy_pass http://127.0.0.1:<port>. This is because the container’s services are explicitly bound to 127.0.0.1 or 0.0.0.0 (making them accessible through the loopback or all interfaces).
Seafile’s default configuration binds its services (e.g., gunicorn) to 127.0.0.1. But inside the Docker container, 127.0.0.1 refers to the container’s internal loopback interface, not the host’s loopback. This makes the service unreachable from the host using 127.0.0.1.
By contrast, the docker0 interface on the host (typically 172.17.0.1 or similar) connects Docker containers to the host, allowing you to access Seafile’s service via the Docker interface IP.
When you update gunicorn.conf.py to bind Seafile to 0.0.0.0, it listens on all network interfaces, including the container’s IP and the Docker bridge network. This change allows NGINX (or any other reverse proxy) to communicate with Seafile via the Docker bridge IP.
I might add, if you have nginx proxy manager on the same machine, this becomes a trivial issue (still fairly simple if on another machine btw) as you can use the container name and port instead of an IP, but I can understand not wanting a whole new piece introduced to solve a simple issue. I will add though, NPM is a great reverse proxy and I replaced traefik with NPM due to it being so much easier to use, even though I lost some features such as custom middleware in the process. If this seems interesting to you, definitely look into it!
Also for transparency, I used chatgbt along with some documentation to provide this information.
Apache likely uses the machine’s external IP or docker0 interface IP rather than relying on 127.0.0.1. When you adjust the Seafile service to bind to 0.0.0.0, Apache can communicate with it through any interface accessible from the host, resolving the issue.
Hi,
If either @Jukelyn or @dbet1 could share their nginx config file and the ports and ssl configuration in the compose.yaml, I would be very thankful. Especially, if you also use the webdav (/seafdav) feature.
Here is my config. I should note, my main server that my reverse proxy is on is on another machine and so I route to my other machine were Seafile is hosted with that port.
Interesting: I go to ports 8000, 8082 and 8083 and thus bypass NGINX within the container. Jukelyn goes via port 80 within the container and thus uses NGINXi in the container.