Hi! I’m trying to get my old trusty server decoupled from its nginx service, as I have a bunch of other subdomains being served, and the future plan is to keep in separated containers. I have a new nginx LXC container, and I installed nginx onto it. I copied the Seafile nginx config and SSL certs onto it, changing the proxy_pass addresses (where before it was http://127.0.0.1:8000 now it’s http://192.168.0.15:8000, and so on) and the /media path accordingly, but I’m getting 502 errors when I try to go through the new nginx container.
This is the new configuration:
# Required for OnlyOffice DocumentServer
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
server {
listen 80;
server_name myserver.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen 443;
ssl on;
# Let's Encrypt cert
ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem; # managed by Certbot
# path to your cacert.pem
ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem; # managed by Certbot
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
server_tokens off;
#let's encrypt
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
root /etc/letsencrypt/live/myserver.com;
}
#TLS 1.3
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://192.168.0.15:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://192.168.0.15:8092;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
proxy_request_buffering on; #doesn't work until nginx v1.7.11 currently v1.4
}
location /media {
root /media/Seafile/seafile-server-latest/seahub;
}
location /onlyofficeds/ {
# THIS ONE IS IMPORTANT ! - Trailing slash !
proxy_pass http://192.168.0.15:88/;
proxy_http_version 1.1;
client_max_body_size 100M; # Limit Document size to 100MB
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
# THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
However, as mentioned, this doesn’t bring joy. It gets me a 502 Bad Gateway. The only difference between this file and the original from the Seafile server residing on the 192.168.0.15 is the change from 127.0.0.1 to the Seafile IP. Oh, and the /media relative path, of course. But as you can see, this is not a /media issue, as I don’t even get there…I get a 502 before I get a chance.