Does anyone have Seafile working with the Traefik reverse proxy? A bit of searching doesn’t turn anything up. If so, I’d really appreciate seeing a sample of how to get the /seafhttp directory proxied properly.
I figured it out. The PathPrefixStrip
rule is pretty nifty. For anyone else interested in using Traefik, this is how I configured the Traefik labels on the Seafile docker container:
labels:
- traefik.docker.network=traefik
- traefik.enable=true
- traefik.seafgui.frontend.rule=Host:example.com
- traefik.seafgui.port=8000
- traefik.seafdav.frontend.rule=Host:example.com;PathPrefixStrip:/seafdav
- traefik.seafdav.port=8080
- traefik.seafhttp.frontend.rule=Host:example.com;PathPrefixStrip:/seafhttp
- traefik.seafhttp.port=8082
If you’re using the official container, nginx is included an so you only have to proxy nginx, not all directories.
Please submit your findings to the manual.
Submitted in https://github.com/haiwen/seafile-docs/pull/480
The meat of it is:
Here we deploy Seahub and FileServer with the Traefik reverse proxy. We assume you are running Seahub using domain seafile.example.com
.
Configuring Traefik with a Configuration File
Traefik can be configured in the main traefik.toml
file, and / or in files specified therein. Here is an example of configuring Traefik’s configuration file for a locally installed instance of Seafile:
[backends]
[backends.seafapp]
[backends.seafapp.servers.primary]
url = "http://127.0.0.1:8000"
weight = 1
[backends.seafdav]
[backends.seafdav.servers.primary]
url = "http://127.0.0.1:8080"
weight = 1
[backends.seafile]
[backends.seafhttp.servers.primary]
url = "http://127.0.0.1:8082"
weight = 1
[frontends]
[frontends.seafapp]
backend = "seafapp"
[frontends.seafapp.routes]
[frontends.seafapp.routes.primary]
rule = "Host:seafile.example.com"
[frontends.seafdav]
backend = "seafdav"
[frontends.seafdav.routes]
[frontends.seafdav.routes.primary]
rule = "Host:seafile.example.com;PathPrefixStrip:/seafdav"
[frontends.seafhttp]
backend = "seafhttp"
[frontends.seafhttp.routes]
[frontends.seafhttp.routes.primary]
rule = "Host:seafile.example.com;PathPrefixStrip:/seafhttp"
Note that this is valid for a locally installed instance of Traefik, or a Traefik container running with NET=HOST. If Traefik is running in a container without these privelages, host.docker.internal
or an address bound to the host’s loopback interface should be substituted for 127.0.0.1
.
Proxying the Official Docker Image
The official Docker image for Seafile has a built-in Nginx server that proxies the /seafhttp
and /seafdav
paths to their respective ports. Thus the official Docker image can be proxied simply by making Traefik aware through labels:
services:
seafile:
labels:
- traefik.docker.network=traefik
- traefik.enable=true
- traefik.frontend.rule=Host:seafile.example.com
- traefik.port=80
networks:
- traefik
Proxying Unofficial Docker Images
In Docker images that do not include their own proxy, Traefik can handle proxying the /seafhttp
and /seafdav
paths to the right ports through segment labels:
services:
seafile:
labels:
- traefik.docker.network=traefik
- traefik.enable=true
- traefik.seafapp.backend=Seafile Web App
- traefik.seafapp.frontend.rule=Host:seafile.example.com
- traefik.seafdav.port=8000
- traefik.seafdav.backend=Seafile WebDAV Server
- traefik.seafdav.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafdav
- traefik.seafdav.port=8080
- traefik.seafhttp.backend=Seafile File Server
- traefik.seafhttp.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafhttp
- traefik.seafhttp.port=8082
networks:
- traefik
Hi,
thanks for the docs. Unfortunately I am just starting out with Docker. Could you please provide a more complete example including a docker-compse.yml as well?
My reason to look for running seafile with docker and traefik is that I want to run two instances of seafile on one host, next to other microservices. All should be accessible on Port 443, have a let’s encrypt SSL cert and routing should take place based on host-names
That would be great! I cannot (yet) get my head around all this…
got it!
For anyone interested, I outlined a full config at
Have you tested the proxying settings you mentioned for the official docker image?
I am facing the problem that uploads fail when using traefik as a reverse proxy in front of seafiles nginx. Unfortunately I can’t seem to find any useful logs for this problem. If I strap away the reverse proxy and use seafile directly it works flawlessly. Any ideas?
OK, I figured it out. Was missing the s in https in the FILE_SERVER_ROOT option.
Isn’t so that for Container you just have to proxy port 443 (optionally 8080) and make a redirection from port 80?
For anyone using Traefik v2, here are the labels I needed to use on my Seafile container:
- traefik.http.routers.seafile.rule=Host(`seafile.example.com`)
- traefik.http.services.seafile.loadbalancer.server.port=8000
- traefik.http.routers.seafile.service=seafile
# on upload/download, a request to https://seafile.example.com/seafhttp/files/xxx/xxx.xx is attempted
# this needs to turn in to http://<container-ip>:8082:/files/xxx/xxx/xx
- traefik.http.routers.seafhttp.rule=Host(`seafile.example.com`) && PathPrefix(`/seafhttp`)
- traefik.http.services.seafhttp.loadbalancer.server.port=8082
- traefik.http.routers.seafhttp.service=seafhttp
- traefik.http.middlewares.sf-replacepath.replacepathregex.regex=^/seafhttp/(.*)
- traefik.http.middlewares.sf-replacepath.replacepathregex.replacement=/$$1
- traefik.http.routers.seafhttp.middlewares=sf-replacepath
Do you have an example of your full docker-compose file to get seafile working? Thanks!
I wanted to post and say thank you very much for sharing this! I am using traefik v2 on unraid and following your labels I was able to get this to work with cloudflare.
Do you know what the additional labels would be to get this to work on https ?
disregard my question. I took all the labels you provided then added the following to force HTTPS
# to tell traefik to try get a letsencrypt cert for your domain
-traefik.http.routers.seafile.tls.certresolver=letsencrypt
#If you want to redirect port 80 to 443 when connecting to this domain on port 80
-traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
-traefik.http.routers.https-redirect.entrypoints=web
-traefik.http.routers.https-redirect.middlewares=https-redirect
-traefik.http.routers.https-redirect.rule=Host(seafile.example.com
)
when I enter the above, I can get it to go HTTPS, but I can’t figure out why I can’t upload any files or view PDFs in the browser
My roommate have an old 6.x version of Seafile deployed which was behind a nginx reverse proxy.
With my roommate we move it behind Traefik 2.5 to havind easy certificate auto-renewal and having single reverse-proxy on our single public ipv4.
But we encountered some difficulties with Seafile not correctly handle https urls, it’s like our Seafile completely ignore either X-Forwaded-Proto: https
nor https://
in SERVICE_URL=
and FILE_SERVER_ROOT=
Docker container labels for Seafile
labels:
# handle HTTPS to port 8000
- traefik.http.routers.seafile.entrypoints=websecure
- traefik.http.routers.seafile.rule=Host(`seafile.local`)
- traefik.http.routers.seafile.tls=true
- traefik.http.services.seafile.loadbalancer.server.port=80
- traefik.http.routers.seafile.service=seafile
# Uncomment the line below to use letsencrypt
# - traefik.http.routers.seafile.tls.certresolver=letsencrypt
# handle HTTP to be redirect to HTTPS
- traefik.http.routers.seafile-http.entrypoints=web
- traefik.http.routers.seafile-http.rule=Host(`seafile.local`)
- traefik.http.routers.seafile-http.middlewares=mid-to-https
- traefik.http.middlewares.mid-to-https.redirectscheme.scheme=https
- traefik.http.routers.seafile-http.service=seafile
# handle HTTPS with path starting with /seafhttp to go to port 8082 and strip the prefix
- traefik.http.routers.seafhttp.entrypoints=websecure
- traefik.http.routers.seafhttp.rule=Host(`seafile.local`) && PathPrefix(`/seafhttp`)
- traefik.http.routers.seafhttp.tls=true
- traefik.http.services.seafhttp.loadbalancer.server.port=8082
- traefik.http.routers.seafhttp.service=seafhttp
- traefik.http.routers.seafhttp.middlewares=sf-strippath
- traefik.http.middlewares.sf-strippath.stripprefix.prefixes=/seafhttp
# Uncomment the line below to use letsencrypt
# - traefik.http.routers.seafhttp.tls.certresolver=letsencrypt
Sample config for /etc/traefik/traefik.yml
api:
insecure: true
providers:
docker: {}
entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
websecure:
address: ":443"
forwardedHeaders:
insecure: true
providers:
file:
filename: "/etc/traefik/config.yml"
docker: {}
certificatesResolvers:
letsencrypt:
acme:
email: gabi@youpi.local
storage: acme.json
httpChallenge:
# used during the challenge
entryPoint: web
All our sample configuration is here home.hugopoi . net/gitea/hugopoi/traefik-examples.