Seafile server with docker and NGINX on separate servers

Buhli · April 16, 2023, 7:56am

Hi seafile community

I have been using seafile for many years.

Yesterday I installed the newest Seafile version 9.0.16 with docker on my Debian 11. It’s the first time I am working with docker.

According to the official installation instructions (sorry I can’t insert the link) I installed the Seafile Server version 9.0.16 with docker on an Debian 11 x64. On the Seafile Server I am working only with HTTP (80) and without HTTPs (443) and certificates

I have a seperate NGINX Sever (Debian 11 x64) and there I am using HTTPs.

I could not upload the nginx conifg, I tried, but unfortunately I always got the message, because I am new I can only upload one picture and no links or anything else.

Here you can see my environment and some informations from the installion (sorry I had to merge all images in one:

Without nginx all works fine but if I want to use nginx I get a bad gateway error.

I don’t know my nginx conifg is wrong (I’m sorry I could no upload) I dont know I have to forward some extra ports (8000, 8080, 8082) on the seafile server or in the docker container. I don’t know there is a permission issue, because seafile and nginx runs on seperate servers.

I hope somebody can help me here.

Thanks and best reagards
Buhli

Barolo · April 16, 2023, 9:59am

Hi, we’ll need your nginx config, don’t do a screenshot as you can’t upload it but just copy/paste it. You can use a 3 backticks (```) block to preserve formatting:

some nginx config

What I can tell so far is that you’ll have to change http to https in SERVICE_URL and FILE_SERVER_ROOT, it should prevent future (but not current) errors.

This is not needed, there is an internal nginx server in the container which dispatches requests to the right service.

Maybe if you have some kind of firewall. Bad gateway means the connection was refused, and a firewall is one possible cause. But I wouldn’t bet on it.

Finally, I’ve answered some questions on the same topic, giving some nginx config samples, maybe you’ll find something useful:

Buhli · April 16, 2023, 10:39am

Hi Barolo

Thank you very much for your fast reply

Here my config:

server {
   listen 443 ssl;

    ssl on;
    ssl_certificate    /etc/nginx/certs/mydomain.org.crt;
    ssl_certificate_key    /etc/nginx/certs/mydomain.org.key;

    ssl_protocols TLSv1.2;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/private/dhparam.pem;

    server_name seafile.mydomain.org;

  proxy_set_header X-Forwarded-For $remote_addr;

  location / {
    proxy_pass         http://192.168.5.202:8000;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_read_timeout  1200s;

    # used for view/edit office file via Office Online Server
    client_max_body_size 0;

    access_log      /var/log/nginx/seahub.access.log;
    error_log       /var/log/nginx/seahub.error.log;
  }

  location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://192.168.5.202:8082;
    client_max_body_size 0;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
  }

  location /media {
    root /opt/seafile/seafile-server-latest/seahub;
  }

  location /seafdav {
    fastcgi_pass    192.168.5.202:8080;
    fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
    fastcgi_param   PATH_INFO           $fastcgi_script_name;
    fastcgi_param   SERVER_PROTOCOL     $server_protocol;
    fastcgi_param   QUERY_STRING        $query_string;
    fastcgi_param   REQUEST_METHOD      $request_method;
    fastcgi_param   CONTENT_TYPE        $content_type;
    fastcgi_param   CONTENT_LENGTH      $content_length;
    fastcgi_param   SERVER_ADDR         $server_addr;
    fastcgi_param   SERVER_PORT         $server_port;
    fastcgi_param   SERVER_NAME         $server_name;
    fastcgi_param   REMOTE_ADDR         $remote_addr;

    client_max_body_size 0;
    access_log      /var/log/nginx/seafdav.access.log;
    error_log       /var/log/nginx/seafdav.error.log;
  }
}

If I understood it corretly, out of the box in debian is no firewall installed or active. From the nginx server I did some telnet tests. 192.168.5.202 80, 192.168.5.202 8000 etc. and only by 192.168.5.202 80 the port was open. Therefore the question whether one would still have to forward something with the container.

I will have a look at your links - many thanks

Barolo · April 16, 2023, 10:53am

Ok this should be easy, you have two possibilities:

You want to have seafile listening on port 8000, then you’ll need the correct redirection in your compose file:

ports:
  - 8000:80

You want to have seafile listening on port 80 (current state), then you’ll need you’re nginx server to forward to port 80 (not 8000):

proxy_pass         http://192.168.5.202:80;

Buhli · April 16, 2023, 12:04pm

Thank you very much for your hint. Now I can reach the login page. But when I try to log in, nothing happens. Is there something else wrong in my conf file? Maybe I have also to change the other ports?

-
location / {
    proxy_pass         http://192.168.5.202:80;

  location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://192.168.5.202:8082;

  location /seafdav {
    fastcgi_pass    192.168.5.202:8080;

Thank you very much for your help

Barolo · April 16, 2023, 12:37pm

Oh I missed the scrollbar sorry. There’s no need to forward other paths than /. Full config should look like:

server {
   listen 443 ssl;

    ssl on;
    ssl_certificate    /etc/nginx/certs/mydomain.org.crt;
    ssl_certificate_key    /etc/nginx/certs/mydomain.org.key;

    ssl_protocols TLSv1.2;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/private/dhparam.pem;

    server_name seafile.mydomain.org;

  proxy_set_header X-Forwarded-For $remote_addr;

  location / {
    proxy_pass         http://192.168.5.202:80;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_read_timeout  1200s;

    # used for view/edit office file via Office Online Server
    client_max_body_size 0;

    access_log      /var/log/nginx/seahub.access.log;
    error_log       /var/log/nginx/seahub.error.log;
  }
}

Then if login still does nothing, try to open your browser console with F12 and log you again. Some errors should appear.

Buhli · April 16, 2023, 5:37pm

Thank you very much. Now it’s look like all (login, down- and upload) works like expected

I have another question about the licenses. I have installed the PE and up to three users, this license is also free. Do I still have to apply for this license somewhere? Or is that already okay so?

Thank you very much for your support.

Barolo · April 16, 2023, 7:05pm

You’re welcome. About the license I use CE but it looks like you don’t need to do anything:

From: Private Server - Seafile

You can get pro edition free for 3 users by register an account in our customer center. Note, you don’t need a license file to run the pro edition for 3 users.

Buhli · April 17, 2023, 10:56am

Hi Barolo

Perfect

Thank you very much for your support.

Thanks and best regards
Buhli