Seafile unreachable after enabling lets encrypt

mackan · January 23, 2020, 3:58pm

Hello,

I installed Docker, then Docker Compose on a fresh debian installation to run seafile. It worked great until I enabled lets encrypt for our domain.

This is how the environment config looks like:

   - SEAFILE_ADMIN_EMAIL=info@domain.tld 
  - SEAFILE_ADMIN_PASSWORD=mypassword 
  - SEAFILE_SERVER_LETSENCRYPT=true # THIS IS THE ONLY THING THAT CHANGED
  - SEAFILE_SERVER_HOSTNAME=seafile.domain.tld

It worked just fine until I set the lets encrypt to true. I can see that the ssl certs are being generated but when I visit our domain I only get " This site can’t be reached".

I have looked on all the logs I could find but it only looks like nothing is happening so something has to be very wrong here.

Not sure where to continue looking and this must be very easy to reproduce?

Thanks in advance

eyalk · April 1, 2020, 2:38pm

Hi,
I have the same issue.
How did you solve it?

Thanks,
Eyal

rdb · April 1, 2020, 2:51pm

I suggest you post your conf files (webserver and seafile) here that others can review and comment

eyalk · April 1, 2020, 9:30pm

Thanks.
Please see the below:
Attached seahub_settings.py,seafile.conf, seafile.nginx.conf.
I am running the docker using this command:
docker run -d --name sf7 -e SEAFILE_SERVER_LETSENCRYPT=true -e SEAFILE_SERVER_HOSTNAME=dummy.someserver.net -e SEAFILE_ADMIN_EMAIL=me@example.com -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password -e SEAFILE_USE_HTTPS=1 -v c:/opt/seafile-data:/shared -v c:/opt/seafile-nginx:/etc/nginx/sites-enabled -p 80:80 -p 443:443 seafileltd/seafile:latest

seahub_settings.py file:
# -*- coding: utf-8 -*-
SECRET_KEY = "m0+o$d%)mz_7f9n77t&z$$m_+^ch68_%8vciyti3p)koqgy@k-"

DATABASES = {
	'default': {
		'ENGINE': 'django.db.backends.mysql',
		'NAME': 'seahub_db',
		'USER': 'seafile',
		'PASSWORD': '302f27a2-35ba-4057-a101-6af609e9211a',
		'HOST': '127.0.0.1',
		'PORT': '3306'
	}
}


CACHES = {
	'default': {
		'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
		'LOCATION': '127.0.0.1:11211',
	},
	'locmem': {
		'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
	},
}
COMPRESS_CACHE_BACKEND = 'locmem'
FILE_SERVER_ROOT = "https://dummy.someserver.net/seafhttp"
---------------------
    seafile.conf file:
[fileserver]
port = 8082

[database]
type = mysql
host = 127.0.0.1
port = 3306
user = seafile
password = 302f27a2-35ba-4057-a101-6af609e9211a
db_name = seafile_db
connection_charset = utf8 
----------------
seafile.nginx.conf file:
# -*- mode: nginx -*-
# Auto generated at 04/01/2020 21:04:27
server {
	listen 80;
	server_name _ default_server;

	# allow certbot to connect to challenge location via HTTP Port 80
	# otherwise renewal request will fail
	location /.well-known/acme-challenge/ {
		alias /var/www/challenges/;
		try_files $uri =404;
	}

	location / {
		rewrite ^ https://dummy.someserver.net$request_uri? permanent;
	}
}
server {
listen 443;
	ssl on;
	ssl_certificate      /shared/ssl/dummy.someserver.net.crt;
	ssl_certificate_key  /shared/ssl/dummy.someserver.net.key;

	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

	# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
	# ssl_session_tickets on;
	# ssl_session_ticket_key /etc/nginx/sessionticket.key;
	# ssl_session_cache shared:SSL:10m;
	# ssl_session_timeout 10m;
server_name dummy.someserver.net;

	client_max_body_size 10m;

	location / {
		proxy_pass http://127.0.0.1:8000/;
		proxy_read_timeout 310s;
		proxy_set_header Host $host;
		proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header Connection "";
		proxy_http_version 1.1;
	}

	location /seafhttp {
		rewrite ^/seafhttp(.*)$ $1 break;
		proxy_pass http://127.0.0.1:8082;
		client_max_body_size 0;
		proxy_connect_timeout  36000s;
		proxy_read_timeout  36000s;
		proxy_request_buffering off;
	}

	location /seafdav {
		client_max_body_size 0;
		fastcgi_pass    127.0.0.1:8080;
		fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
		fastcgi_param   PATH_INFO           $fastcgi_script_name;

		fastcgi_param   SERVER_PROTOCOL     $server_protocol;
		fastcgi_param   QUERY_STRING        $query_string;
		fastcgi_param   REQUEST_METHOD      $request_method;
		fastcgi_param   CONTENT_TYPE        $content_type;
		fastcgi_param   CONTENT_LENGTH      $content_length;
		fastcgi_param   SERVER_ADDR         $server_addr;
		fastcgi_param   SERVER_PORT         $server_port;
		fastcgi_param   SERVER_NAME         $server_name;

		access_log      /var/log/nginx/seafdav.access.log;
		error_log       /var/log/nginx/seafdav.error.log;
	}

	location /media {
		root /opt/seafile/seafile-server-latest/seahub;
	}

	# For letsencrypt
	location /.well-known/acme-challenge/ {
		alias /var/www/challenges/;
		try_files $uri =404;
	}
}

j43li · May 14, 2020, 6:07pm

I got the same problem. Is there any solution?