In your last post there is:
SEAFILE_SERVER_PROTOCOL=http
In your post before is:
SEAFILE_SERVER_PROTOCOL=https
→ You can´t use https with a local-ip. For https you need a proxy-manager, which get the ssl-cert for your service.
you mean changing to http will solve my issue?
How to change this, delete all containers and redeploy again, or can I change that differently, just in edit mode of container in portainer?
For future: I noticed when redeploy it takes the newest containers, is this something what I want or should I try to avoid?
This impacts mariadb as well - and will the compose and .env always fit to an updated seafile version?
And when applying your Nginx setup will that impact the rest, or do I need to change something additionally in my .env or .compose?
you were taking the compose and .env as given by seafile or did you apply changes to .env and .deploy?
Yes, all files from manual installation. Then I use portainer stack. Imported .env. Then placed config above in editor and launched. Write to me on priv or by mail da.rybacki (at) gmail (dot) com
Thanks a lot!!!
Running again - You were absolutely right 
Somehow I mixed-up the .env versions used.
Deleted all and re-deployed using http and can access via http.
Comment: Noticed that I couldn´t just edit http in portainer and re-deploy. Unfortunately it requires to delete all and re-deploy from scratch otherwise the mysql isn´t coming up
OK but as you said I need lets encrypt securing external access.
Checked now your Nginx-proyxmanager link you provided.
What folder do I need to create for saving the yml file in Debian?
Do I need to expose my port 8099 as well?
In your example for that yml you are writing:
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
When using e.g. the Android app accessing seafile is that not using a secured connection by default, just for my understanding?
You only need to expose the three ports in the compose file for the nginx-container, nothing else.
Why would you want to save the yml file? Copy the whole thing to portainer stack and go for it.
Then log in to nginx-proxy-manager:
After you have configured the ssl-cert for your proxy-host (your dyndns), you can portforward port 443 in your router and can access it using your dyndns.
For example:
In the seafile-android-settings, you can configure the same domain, so that all traffic is secured.
Thanks for being so patient
OK, that is cool I will try that.
maybe in one sentence - how is nginx now allowing to access seafile when 443 and https is not set in seafile settings, does it somehow transfer extern https to intern http?
One thing I don´t fully understand, you wrote:
After you have configured the ssl-cert for your proxy-host (your dyndns), you can portforward port 443 in your router and can access it using your dyndns.
- where/how do I configure the ssl-cert for my dyndns?
- do I really need to portforward 443 for the local ip of the seafile server? Just asking cause 443 is generally open in that Telekom router or is this a different story?
Exactly, the seafile container has an nginx web server that listens to port 80. So https requests are passed through to http.
If you create a proxy host with your dyndns in nginx-proxy-manager, you can force SSL in the section and also request an SSL certificate to be created automatically via lets encrypt and renewed regularly.
If you only want to access your seafile in the local network, you do not need to forward port 443 in the router. You only need this if you also want to access it externally.
However, you must forward port 80 to your server so that nginx-proxy-manager can communicate with lets encryp for the ssl-certificate.
Another note:
-
If you want to access your server locally with DynDns, you must ensure that the requests remain in the network, e.g. with Adguard DNS rewriting or PiHole. Some routers also support this.
If you do not do this, your request will first leave your local network and then access it again from outside. Then port 443 in the router should be forwarded to your server and you are limited in speed. -
If you only want to access Seafile locally and don’t want all the additional settings, you can of course also access Seafile with your local IP + port. Then you can set your local IP as the server name in the settings and you can connect with:
http://local ip:8099.
Small issue on nginx
I deployed that yml in portainer → up and running
Now I am in the proxy manager-interface and try to add a certificate for my dyndns.
When testing the server reachability it states:
Server found but with unexpected status code
when trying to save
Command error
Does the dyndns point to your real ipv4 address?
When I ping your dyndns I get the following IP: 93.210.229.112
For this, port 80 in your router must also be forwarded to the server.
(If your network is not accessible from the outside at all, e.g. because you don’t have a real IPv4 but share it with others due to DSLite or similar stories, it won’t work this way anyway. I could see from your settings that you are from Germany. In the meantime, Internet providers usually only distribute a real IPv4 with a normal DSL connection. This is usually no longer the case with fiber optic or cable connections).
By the way, I would never post my real DynDns on the Internet. Even if the page is found by bots anyway, I would be a bit careful.
almost there
Ports are forwarded
trying now to use seafile app with https but getting an error
like… cannot trust the ssl certificate from the dyndns server…
is this maybe related to that config you wrote what I cannot find in Nginx Manager?
and one small thing when I tried to load a file to seafile (I tried on http) it wasn´t successful. I can see in the log there that the upload was interrupted - something I miss?
Did the creation of the ssl certificate work?
Can you access your network from outside at all?
(I mentioned the DS Lite problem in the previous post)
To test this quickly, you could forward port 81 in the router to your server and try to open your nginx proxy manager with http:share.stdat.selfhost.co:81. If that doesn’t work, there is a general problem accessing your network.
The configuration I posted is for there to be no file limit when uploading via the browser, that’s all it does
OK 81 works no problem.
But
certificate is created for the dyndns is green
certificat status in nginx proxy manager is red
is this the trouble maker?
when I use
http:dyndns:80 I am reaching
Inactive means that it has not yet been assigned to a proxy host.
You must now go to the Hosts → Proxy Hosts and “Add Proxy Host” section.
Details
Scheme: http
Forward Hostname: local-ip
Forward Port:
- 80 (if you take the ip of the seafile container)
- or 8099 (if you use the local ip 127.0.0.1 oder 192.168.x.x of the server)
If the Nginx proxy manager and the seafile container share a network, you can use: seafile:80 for the location and port.
SSL
Certificate: Choose your Certificate you created before
Force SSL: On
HTTP/2 Support: On
I choose 80 - not working
in manager host is green the certificate is on green now as well
but getting the same error message in the app
my settings in hosts
You can only choose port 80, if the ip is the ip of the seafile-container and both have to be in the same docker network. I think the´re not in the same docker-network.
If you don´t want to do that in this way, you can ch0ose:
IP: 127.0.0.1
Port: 8099
Doesn´t work
changed in details and location to
(when using the 8099 is that not to be added in nginx ports?)
in seafile app I need to select https and 8099 right?
In the client, you only use: https://dyndns.exampl (your DynDNS-adress)
unfortunately not the app still doesn´t trust the certificate
when pushing “ignore” it doesn´t accept
also https:dyndns in browser doesn´t work
the http access is still working
the yml for used for nginx was not containing 8099 can we maybe adjust at that point?