Following the “Deploying Seafile with Docker” (https:// download. seafile. com/published/seafile-manual/docker/deploy%20seafile%20with%20docker.md)
guide, I have set up the seafile-mc container using the following docker-compose.yml:
version: ‘2.0’
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=***** # Requested, set the root’s password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- /sharedfolders/AppData/seafile-mysql:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- “80:80”
# - “443:443” # If https is enabled, cancel the comment.
volumes:
- /sharedfolders/AppData/Seafile:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=***** # Requested, the value shuold be root’s password of MySQL service.
- TIME_ZONE=Europe/London # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=myemail@gmail. com # Specifies Seafile admin user, default is ‘me@example.com’.
- SEAFILE_ADMIN_PASSWORD=***** # Specifies Seafile admin password, default is ‘asecret’.
- SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not.
- SEAFILE_SERVER_HOSTNAME=my. server. org # Specifies your host name if https is enabled.
depends_on:
- db
- memcached
networks:
- seafile-net
networks:
seafile-net:
All is well, and I am able to access the web server both locally and externally. But then I want to secure the server so I do the following:
Set “SEAFILE_SERVER_LETSENCRYPT=true”
Uncomment “443:443”
And the server no longer works; there is no response either from my. server. org, https:// my. server. org, or locally (within my LAN or from the host machine). The same happens even if I point SERVICE_URL in ccnet.conf and FILE_SERVER_ROOT seahub_settings.py to https. There don’t seem to be any errors in the Docker logs, and the container seems to have happily processed the Let’s Encrypt certificate.
What am I missing and can anybody help? Thank you!
This problem is still not fixed.
Let’s encrypt is unable to update certificates
docker-compose run seafile
Starting seafile-memcached ... done
Starting seafile-mysql ... done
*** Running /etc/my_init.d/01_create_data_links.sh...
*** Booting runit daemon...
*** Runit started as PID 24
*** Running /scripts/enterpoint.sh...
2022-05-02 16:01:03 Nginx ready
2022-05-02 16:01:03 This is a idle script (infinite loop) to keep container running.
[2022-05-02 16:01:03] Preparing for letsencrypt ...
[2022-05-02 16:01:03] Found existing cert file /shared/ssl/WEBSITE.MY_WEBSITE.COM.crt
Certificate will expire
[2022-05-02 16:01:03] Starting letsencrypt verification
fatal: remote error:
The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
Traceback (most recent call last):
File "/scripts/start.py", line 86, in <module>
main()
File "/scripts/start.py", line 51, in main
init_letsencrypt()
File "/scripts/bootstrap.py", line 80, in init_letsencrypt
call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
File "/scripts/utils.py", line 70, in call
return subprocess.check_call(*a, **kw)
File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '/scripts/ssl.sh /shared/ssl WEBSITE.MY_WEBSITE.COM' returned non-zero exit status 1.
This stuff just drives me nuts. Just let me run the seafile docker image on port 80 and I’ll handle the ssl by way of swag or nginx. I have to remove/down nginx completely and give seafile exclusive port 80 access, but renewing the certs are still a challenge.
I did manage to force some things a little bit. I might in the future just manually copy the certs out pf nginx and force it into the seafile volume. But for now…
I had to go and mess with /scripts/ssl.sh
I removed just about everything, the key was to exit cleanly: