Seafile-mc docker only works without SSL

Will_Thong · April 23, 2020, 2:52pm

Following the “Deploying Seafile with Docker” (https:// download. seafile. com/published/seafile-manual/docker/deploy%20seafile%20with%20docker.md)
guide, I have set up the seafile-mc container using the following docker-compose.yml:

version: ‘2.0’
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=***** # Requested, set the root’s password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- /sharedfolders/AppData/seafile-mysql:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net

memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net

seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- “80:80”
# - “443:443” # If https is enabled, cancel the comment.
volumes:
- /sharedfolders/AppData/Seafile:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=***** # Requested, the value shuold be root’s password of MySQL service.
- TIME_ZONE=Europe/London # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=myemail@gmail. com # Specifies Seafile admin user, default is ‘me@example.com’.
- SEAFILE_ADMIN_PASSWORD=***** # Specifies Seafile admin password, default is ‘asecret’.
- SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not.
- SEAFILE_SERVER_HOSTNAME=my. server. org # Specifies your host name if https is enabled.
depends_on:
- db
- memcached
networks:
- seafile-net

networks:
seafile-net:

All is well, and I am able to access the web server both locally and externally. But then I want to secure the server so I do the following:

Set “SEAFILE_SERVER_LETSENCRYPT=true”
Uncomment “443:443”

And the server no longer works; there is no response either from my. server. org, https:// my. server. org, or locally (within my LAN or from the host machine). The same happens even if I point SERVICE_URL in ccnet.conf and FILE_SERVER_ROOT seahub_settings.py to https. There don’t seem to be any errors in the Docker logs, and the container seems to have happily processed the Let’s Encrypt certificate.

What am I missing and can anybody help? Thank you!

fastguy · April 27, 2020, 10:43am

I have the same problem and I think this is a bug. Not sure how this passed without validation.

GoodV1n · May 2, 2022, 2:46pm

Just:
rm -f /opt/seafile-data/nginx/conf/seafile.nginx.conf
docker rm -f seafile
docker-compose -f docker-compose.yml up -d

Stefano_Perrini · May 2, 2022, 5:17pm

This problem is still not fixed.
Let’s encrypt is unable to update certificates

docker-compose run seafile
Starting seafile-memcached ... done
Starting seafile-mysql     ... done
*** Running /etc/my_init.d/01_create_data_links.sh...
*** Booting runit daemon...
*** Runit started as PID 24
*** Running /scripts/enterpoint.sh...
2022-05-02 16:01:03 Nginx ready
2022-05-02 16:01:03 This is a idle script (infinite loop) to keep container running.
[2022-05-02 16:01:03] Preparing for letsencrypt ...
[2022-05-02 16:01:03] Found existing cert file /shared/ssl/WEBSITE.MY_WEBSITE.COM.crt
Certificate will expire
[2022-05-02 16:01:03] Starting letsencrypt verification
fatal: remote error:
  The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
Traceback (most recent call last):
  File "/scripts/start.py", line 86, in <module>
    main()
  File "/scripts/start.py", line 51, in main
    init_letsencrypt()
  File "/scripts/bootstrap.py", line 80, in init_letsencrypt
    call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
  File "/scripts/utils.py", line 70, in call
    return subprocess.check_call(*a, **kw)
  File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '/scripts/ssl.sh /shared/ssl WEBSITE.MY_WEBSITE.COM' returned non-zero exit status 1.

kevinc · November 16, 2022, 2:27am

This stuff just drives me nuts. Just let me run the seafile docker image on port 80 and I’ll handle the ssl by way of swag or nginx. I have to remove/down nginx completely and give seafile exclusive port 80 access, but renewing the certs are still a challenge.

I did manage to force some things a little bit. I might in the future just manually copy the certs out pf nginx and force it into the seafile volume. But for now…

I had to go and mess with /scripts/ssl.sh

I removed just about everything, the key was to exit cleanly:

#!/bin/bash
set -e
nginx -s reload
echo “Nginx reloaded.”
exit 0;

Then inside the seafile docker console I ran the following command to force the container up:

./scripts/start.py

Seafile loads and least will function.
Server Version: 9.0.10