Seafile with a separated proxy

Hi! I’m trying to get my old trusty server decoupled from its nginx service, as I have a bunch of other subdomains being served, and the future plan is to keep in separated containers. I have a new nginx LXC container, and I installed nginx onto it. I copied the Seafile nginx config and SSL certs onto it, changing the proxy_pass addresses (where before it was http://127.0.0.1:8000 now it’s http://192.168.0.15:8000, and so on) and the /media path accordingly, but I’m getting 502 errors when I try to go through the new nginx container.

This is the new configuration:

# Required for OnlyOffice DocumentServer
map $http_x_forwarded_proto $the_scheme {
    default $http_x_forwarded_proto;
    "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}

map $http_upgrade $proxy_connection {
    default upgrade;
    "" close;
}



server {
        listen       80;  
        server_name  myserver.com;
        rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
        server_tokens off;
}
server {
        listen 443;
        ssl on;
        # Let's Encrypt cert
        ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem; # managed by Certbot
        # path to your cacert.pem
        ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem; # managed by Certbot
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        server_tokens off;

        #let's encrypt
       location ^~ /.well-known/acme-challenge {
        default_type "text/plain";
root /etc/letsencrypt/live/myserver.com;
        }
        #TLS 1.3
        ssl_protocols TLSv1.2 TLSv1.3;

        location / {
        proxy_pass         http://192.168.0.15:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
    }
   location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://192.168.0.15:8092;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        proxy_request_buffering on; #doesn't work until nginx v1.7.11 currently v1.4
    }

    location /media {
        root /media/Seafile/seafile-server-latest/seahub;
    }
    location /onlyofficeds/ {

        # THIS ONE IS IMPORTANT ! - Trailing slash !
        proxy_pass http://192.168.0.15:88/;
        proxy_http_version 1.1;
        client_max_body_size 100M; # Limit Document size to 100MB
       proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;

        # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
        proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

However, as mentioned, this doesn’t bring joy. It gets me a 502 Bad Gateway. The only difference between this file and the original from the Seafile server residing on the 192.168.0.15 is the change from 127.0.0.1 to the Seafile IP. Oh, and the /media relative path, of course. But as you can see, this is not a /media issue, as I don’t even get there…I get a 502 before I get a chance.