Seafile Docker - Nginx - 502 Bad Gateway

GITchristoph · March 25, 2025, 3:29pm

Hi

(me again, since today I face several issues).

Without any changes done to my docker installation, but after rebooting my server, I get the 502 Bad Gateway error message.

When checking Nginx I get this:

docker exec seafile nginx -t && docker exec seafile nginx -s reload

> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful

But the conf file should be called “seafile-data/nginx/conf/seafile.nginx.conf”
Is maybe the Docker nginx not being seen anymore on the server?

I don’t understand Docker so well yet.

This is a Contabo VPS only running a single Seafile instance within Docker.
I only rebootet today.

Did maybe Seafile upgrade itself and that changed something?

(I am very much struggling with this. Worked great for more than a decade )

EDIT:
In my seahub.error.log I see this line:

2025/03/25 15:30:12 [error] 74#74: *121 connect() failed (111: Connection refused) while connecting to upstream, client: 2xx.xx.xxx.77, server: share.xxxxx.de, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8000/", host: "share.xxxx.de"

EDIT2:
I tried docker compose down and then dockercompse up -d, which didn’t fix it.

Is the entry under ports as expected from docker ps?

0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp

CONTAINER ID   IMAGE                               COMMAND                  CREATED          STATUS         PORTS                                      NAMES
940e9dd3bc1f   seafileltd/seafile-mc:11.0-latest   "/sbin/my_init -- /s…"   55 minutes ago   Up 2 minutes   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   seafile
1fff65389726   mariadb:10.11                       "docker-entrypoint.s…"   55 minutes ago   Up 2 minutes   3306/tcp                                   seafile-mysql
33cd966c670e   memcached:1.6.18                    "memcached -m 256"       55 minutes ago   Up 2 minutes   11211/tcp                                  seafile-memcached

EDIT3:
When I try to access the seafile conf files, it states: Permission denied.
Could that be the issue and does someone know how I can fix the permissions?

EDIT4:
This is my docker-compose.yml

services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=xx  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /home/ck/seafile/seafile-mysql/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6.18
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /home/ck/seafile/seafile-data:/shared   # Required, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=xx  # Required, the value should be root's password of MySQL service.
      - TIME_ZONE=Etc/UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=admin@xxx.de # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=xxxxxxx     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=true   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=share.xxx.de # Specifies your host name if https is enabled.
#      -  - FORCE_HTTPS_IN_CONF=true
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net

networks:
  seafile-net:

trifleneurotic · March 27, 2025, 9:54am

Hello & good day!

One thing I noted was that, when you were validating the nginx configuration file, its path in your post was the following:

/etc/nginx/nginx.conf

That file does exist in the seafile container, but you are correct in that the one you should be working with is…

seafile-data/nginx/conf/seafile.nginx.conf

…which should already be linked to…

/etc/nginx/sites-enabled/seafile.nginx.conf

…inside the container.

Now although I suppose it is possible, I’m unaware of any automatic update in these circumstances. Also, it looks like you a using version 11 of Seafile; you may want to consider using at least version 12.

So back to the original 502 issue that you have been getting. The ports entry doesn’t strike me as odd really, so I have two ideas:

You could perhaps recursively set your top level permissions for your Seafile directories using something like the following:

sudo chmod -R 755 ./seafile
sudo chmod -R 755 ./seafile-data

…etc…

That should take care of the files within as well while giving some basic security. Incidentally, the nginx master process should be running as root but its worker processes should be running under the www-data user. If the latter user is supposed to be able read files within those directories that right now have more restrictive permissions, that could be one issue.

The only other thing I can think of is to make sure that your server domain name matches between the seafile-data/nginx/conf/seafile.nginx.conf file (server_name) and in your seafile/seafile-server.conf (SEAFILE_SERVER_HOSTNAME). If there is a discrepancy between the two, nginx may be returning 502’s.

If you want to stick with Seafile version 11 (Docker), let’s check those things out first. Or, you can go with version 12 or 13 which uses Caddy for the downstream reverse proxy, and you might have better luck out of the gate anyway.