Seafile Pro Docker Behind NGINX (Swag) container

Hi All, after searching these forums (and elsewhere), I’ve essentially come to a point where I’m going to give up. I’ve working to get seafile pro (8.0.14) on docker working with an NGINX proxy in another container (this lets me host multiple subdomains on same host). This seems impossible no matter what I do. TLS has to be enabled. I use SWAG from linuxserver.

If I let seafile and its internal nginx take over port 443 and 80 on the server, seafile works fine (but takes every other thing I host down).

All I’m wondering is if anyone has ever tried this or gotten it working? If you did, maybe you could share the seafile.conf in your SWAG NGINX?

I have managed to get a super old seafile 6.3.4 server working this way, but that container no longer updates and that NGINX config doesn’t work in new versions.

Hi, can you share your nginx and docker-compose configuration?

FYI, this is the config file I use for Seafile CE (custom image) behind SWAG:

server {
    listen       80;
    server_name  your.domain;  # <-- Set your domain here
    rewrite ^ https://$http_host$request_uri? permanent;	# force redirect http to https
    server_tokens off;
}

server {
    listen 443;
    server_name your.domain; # <-- Set your domain here

    # all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

    server_tokens off;

    location / {
        proxy_pass         http://seafile:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://seafile:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }

    location /media {
        root /shared;
    }
} 

Hi @Barolo, thanks for the reply. I appreciate you taking the time. Here’s a little more on the subject:

First a visual look at what I’m doing. The Seafile containers are a few of many others running things like Wordpress, Ghost, and other tools (all on different domains). The NGINX (swag) container manages the renewal of these 16 different Letsencrypt certificates (including the one for Seafile).

image1090×862 40.6 KB

As it turns out, I also have an old Seafile 6.3.4 container running on this very same docker server. NGINX (10.0.01) can resolve IPs and forwards to seafile (seafile.domain.com) with this seafile.conf file;

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name seafile.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.1 valid=30s;
        proxy_pass https://seafile.domain.com/;
       proxy_set_header X-Scheme $scheme;
       proxy_set_header   Host $host;
       proxy_set_header X-Forwarded-Proto https;
    }

add_header Strict-Transport-Security "max-age=0; includeSubDomains";
}

That works great… files move back and forth, the Seafile client works. The only reason to move from it is that it’s 6.3.4 and I want to take advantage of the pro edition (including adding onlyoffice).

Now, as another example, I spun up a completely new server, installed docker and LET seafile take over everything and it is possible to get it all working. This configuration does not work, but as least with seafile as the only holder of port 443/80 config is possible.

image1413×585 120 KB

So, coming back to the problem

Since the NGINX container is a different container than Seafile, it does not have visibility into the media directory (/shared in your example). Other examples I see are:

   location /media {
        root /var/seafile-server-latest/seahub;
    }

On my container I have the following volume mapped:

In addition, this directory will have to be mapped on the NGINX container. It would seem crazy is /shared is /var/seafile-server-latest/seahub in the Seafile example. Something I’ll have to test.

Huuum I’m not sure to understand how your containers communicate. Looks like your SWAG instance is in host network mode, is it?

If so, then I think the most straighforward way is:

• Using the internal nginx with a different port mappping (8080:80 something like that)
• Forward all traffic from the SWAG reverse-proxy:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name seafile.*;

    include /config/nginx/ssl.conf;

    location / {
        resolver 127.0.0.1 valid=30s;
        proxy_pass http://seafile.domain.com/;
        include /config/nginx/proxy.conf;
    }
} 

This prevents annoying stuff too, like having to map shared volumes between your containers…

That’s essentially the problem. On older version of Seafile that works. On Seafil pro 8.0.14, that does not work no matter what I do. Bad gateways, all sort fo other errors, etc.

In fact, I set all of this up again from scratch just to test it. I put the seafile server on port 8049 and loaded the page directly at https://seafiledomain.com:8049/ and it works fine to load the page (naturally nothing else will work like uploads, etc.):

image1000×810 57.1 KB

Adding that .conf file to my NGINX install and loading https://seafile.domain.com/ simply started me off with this:

image1000×810 9.23 KB

So, based on everything I know, this simply can’t - or won’t work. Went through many hour of logs, .confi file changes, fruitless searching the Internet and various different scenarios. All this time, the other Seafile server behind NGINX (version 6x) works fine and runs reliably. Something clearly changed bt I found nothing to explain what that is.

Note: The NGINX .conf file I’m using in Seafile is based on the SWAG template provided inside that container.