ssl in docker config

Seafile Server
1

I’m configuring seafile v12 CE.

Is it possible to specify two protocols in the parameter
SEAFILE_SERVER_PROTOCOL http https

How will seafile behave if no SSL certificate is present while https is specified?
Also, could you please advise on how to correctly configure nginx and how to install the certificate in case of a Docker container installation?

2

  1. Two protocols? Well, it may be possible, but even if it was, I don’t think it would technically be supported. Why not stick with http and terminate SSL at the reverse proxy (i.e. nginx)?

  2. I’m not sure what the behavior would be if no SSL certificate is present while https is specified, but again I guess it would depend on where you want SSL termination to occur. If using https in your .env file, you’d likely want to stick with the supported Caddy configuration as the reverse proxy.

  3. For a Docker v12 CE nginx installation, try looking here for nginx information, and here for nginx certificate help for v12 CE, although be advised that the latter link is assuming you are not using Docker but the Seafile binary.

UPDATE 1: Grammar and clarification.

UPDATE 2: Link added for Seafile binary certification installation for nginx.

3

Do I understand correctly that you’re referring to an additional nginx installed in front of the seafile instance?

4

Omigosh! I did sound a little confusing there lol. My sincere apologies.

But technically that’s right, as Caddy is the reverse proxy that Docker-based Seafile uses. Employing another reverse proxy in front like nginx, Envoy, HAproxy or Apache Traffic Server here could handle your https certificate termination as well, essentially http-forwarding to Seafile’s Caddy instance which then brings the request to the Seafile service itself.

I think mine is set up a little weird as Caddy is really supposed to handle https certificate processing in a Docker scenario, but it doesn’t have to, and the documentation tells you how to do that. I already was using Apache Traffic Server for my termination anyway, so I set ATS to forward Seafile requests to port 80 on the Seafile side.